With the recent state of the pandemic and constrained lockdown, businesses will be looking to move or will have just moved most, if not all their entire workforce to working from home.
Here are some key areas we think businesses need to consider when setting up users to work from home, and what to look out for with regards to phishing and other attacks that adversaries might use to make the most of this current pandemic.
Remain vigilant – Attacks with malicious intent will seek to use the current crisis to deploy active phishing campaigns to gain access to an organisation’s internal network and the data that resides there. Several types of phishing attempts could be deployed:
- Phishing for users’ credentials by deploying a domain similar to the target organisations.
- With the government sending out UK wide text messages, this opens up another avenue for attack – attackers will look to send emails and SMS impersonating the government, and try to get the user to fall victim to the rogue messages by following links and or downloading and viewing attachments.
- Securing work-based permissions – Ensure that the role based, and work-based permissions are not lax due to working from home, with the government locking down the UK almost suddenly, the influx of workers from home has increased exponentially.
- Don’t just give access to that file share”, or “just allow remote access to a machine inside the domain”, for ease of use to ensure the same business functionality as what was present when the staff were in the office rather than at home.
- Permissions and restrictions should remain as tight as possible, employing the least privileged principle to the workplace environment, and ensuring users have the least amount of privileges to do what tasks users are required to perform.
- Enforcing incident reporting – It is important for organisations to enforce a security policy for staff that are working from home for the foreseeable future and communicate the process.
- Ensure staff know the exact procedure for reporting security related issues and ensure all incidents are reported and logged for further investigation. Dependant on what type issue has been identified and logged it can be remediated, this requires staff to know and understand how to report a security incident too, or how they would go about reporting it the ISO or information security body within the organisation.
- 2FA/MFA – The implementation of 2 factor or multi factor authentication is not a new aspect of business and workplace security culture. It is more important than ever.
- Employing multi factor authentication to business-critical assets should now be the norm when deploying new infrastructure and business dependant applications.
- With the flux of employees working from home, enforce the 2FA multi factor authentication on business critical applications, as an attacker would therefore not be able to breach a web application using just a user’s credentials, it would take a more sophisticated attack to compromise their phone and or authentication device.
These are challenging times. Our technical teams are here to support and help you. If you have questions or would like to chat through any problem we are here to help and guide you through any cyber security challenge.
No issue is too big or small. If you have any questions reach out to us at: [email protected] or call 0333 939 8080
We are here to help keep your business Safe! Let us #BeRemoteSafe