David Taylor
Mike Ortlieb
Trevor LeachToday, we continue this detailed look at what corporate IT security teams should be doing to prevent cyberattacks when a majority of the workforce is temporarily working remotely. Part I posted yesterday.
Create Two-Step User Access for Administrators
Remote administration on systems is a particular area of concern, as these tasks tend to require privileged accounts. When it comes to these types of tasks, best practice would be to have two separate accounts for system administrators. One would be a low privilege user account which the employee would use for everything but administration tasks, and the other would be an account with high privileges which would only be used when necessary. With this setup, the administrators would authenticate through the VPN using a low privileged account, and then once they are connected to the internal network, they would authenticate with the machine they need to do administration on using their higher privileged account. This would help to protect the highly privileged accounts from being compromised by keeping their use solely inside of the internal network. This policy can be enforced by preventing users from connecting to the VPN using an account with high privileges. This is also a good strategy to employ in any ordinary network, even ones without a substantial amount of external connections. Limiting the use of privileged accounts is always good in any scenario, and it goes by the principle of least privilege: only use the bare minimum level of privileges you need to accomplish a task.
Selecting the Right Teleconferencing Software for Secure Use
One other consideration for the transition to a remote workforce is the increased dependence on teleconferencing software, used both on employee laptops and personal devices. While teleconference software has played a critical role in business in the global workforce, it has now reached a new height of criticality for businesses. Moreover, conversations that were typically had in person (board/audit committee meetings, executive strategy sessions, contract negotiations, HR conversations on hiring, termination, salary, etc.) are now being conducted over this third-party software. The business should review the terms and conditions of this software, its recording features, the information it captures from participating workstations and mobile devices, and its privacy settings, and take these into account when selecting which software may be appropriate for critical meetings. Additionally, it may become necessary to instruct the workforce on securing a private location prior to participating in sensitive discussions. One other training step may include a review and confirmation of all attendees on a conference call prior to critical discussions (for example, who is that random phone number that is dialed in and no one recognizes?).
New Considerations for Defending the Network
With the move to remote work, it’s important to remember that the surface area attackers can abuse is now increased. Caution should be taken when setting up remote access to systems, and potential vectors of attack should be considered when securing data and access. The considerations above should give a better idea of ways to perform threat management and prevent malicious actors from abusing your infrastructure.
Once additional procedures have been put in place to permit remote workers, the security team will then be presented with the challenge of monitoring the network for suspicious activity. Prior to this shift, defenders may have been able to isolate malicious traffic due to its origin on the internet. With a remote workforce, attackers may be able to hide. Consider reviewing how your team searches for malicious network activity and signs of attacks within a distributed computing environment. For instance, it may become more valuable to identify the new behavior patterns of your workforce and the geographic regions they are working in to help spot anomalies. Further, revisit your incident response plans and update procedures on how your organization may need to change the way it both detects and responds to attacks. In the event an intruder gains access to the network, can the team respond as effectively with a remote workforce? Consider revising staffing plans to account for the increased complexity in these processes.
Users will be adapting to this new reality, and not everyone will have the same level of comfort and experience with remote work. Consider evaluating security awareness training to account for this, and ensure users are reminded of data privacy best practices, as well as company rules about personal devices and non-employee use of company computer systems.
In times of unprecedented change and disruption to the lives and livelihoods of workers around the globe, organizations are being forced to adapt quickly. Managing the ability to detect and respond to new and evolving threats in this landscape can help prevent additional impact from a malicious attacker and allow the business to focus on its people and its mission.
Protiviti offers a wide range of security and privacy solutions, tailored to meet the unique needs of each organization. With our ability to function at both the strategic and tactical levels, we combine deep technical security competence with executive-level communication and management. Our holistic approach starts by understanding what is most important to organizations, then structuring and supporting programs so your business is engineered to grow securely. To learn more, contact us.
Want to learn more about maximizing your organization’s capabilities during the COVID-19 pandemic? Check out our Enterprise Resilience Webinar Series. Also, check out these Work from Home Cybersecurity Practices.
Kim Bozzella
Juli Ochs
Varun Ravi
