#Article

A Global Pandemic: Addressing Remote Work Vulnerabilities


A Global Pandemic: Addressing Remote Work Vulnerabilities

By Cindy Murphy

The shift from shared public office spaces to remote home offices has been quick, but it shouldn’t mean a haphazard and insecure approach that leaves business networks vulnerable to cyberattacks.

Because of the COVID-19 pandemic, hundreds of thousands of people around the US and millions around the world suddenly find themselves working from home. With the coronavirus predicted to affect the US through the end of the summer or potentially longer, the migration towards working from home will last. From a cybersecurity perspective, the sudden shift to a homebound workforce presents an immense challenge as well as a massive jump in the scope of vulnerabilities that could target business networks.

Still have some employees in the workplace? Download the Coronavirus Response Checklist to make sure you are protecting them.

The Basics of Working Securely from Home

Thankfully, there is no need to reinvent the wheel. Remote workforces are nothing new; there are just going to be a lot more people working that way in a short time. The SANS Institute has provided a great toolkit with guidance for employees and organizations of all sizes focused on staying secure while working from home. For employees, their advice falls into five main topic areas detailed below.

The first is your employees. Humans are nearly always the weakest link in network security. Being smart about how we react in a crisis (such as the one we find ourselves in now) is critical.

Employees

Make sure your employees are on the alert for social engineering tricks in emails that bait the target to open attachment files about pandemic issues. Take the extra time to be sure about the origins of emails. With so many people working from home, personal email addresses might be getting more use in the work environment, but this also makes it easier to spoof emails. Avoiding lazy password habits such as using easily guessed or reused passwords is as essential in remote work as it is in the office. 

Home Networks

Next on the list is your employees’ home networks. Making sure their home networks are secure is essential if they are going to be working from home. Your staff should be trained to only allow trusted people to connect to their home network, use strong passwords or passphrases to secure their router, and don't use a password that has been used elsewhere. 

Passwords

Speaking of passwords, make sure they are using unique and robust passwords or passphrases (a combination of words such as "blue banjo lovely sky" or a sentence of your choice) for each online account or system they access. Implement a passcode manager like LastPass or KeePass to help your employee’s memory if they can't remember all of those words and phrases.

Multi-factor authentication should be enabled anytime it's available. A few seconds of inconvenience in setting up multi-factor authentication and at the time of login can save a ton of headaches later if login credentials are ever compromised.

Operating Systems

Update computer operating systems, mobile device operating systems, apps, firmware, and programs and make sure they are all patched and up to date. Turn on automatic updates for Windows operating systems and any applications that offer automatic updates, and don't dismiss notifications for updates out of inconvenience. 

Work vs. Personal

Employers should train their staff to separate their work computers from children, family members, and friends, leaving work computers for work only. If employees are using their personal computer for work purposes, have them segregate work data from personal data, so issues don't arise later. While it may be tempting to use a work computer for personal purposes, this could put work data at risk of infection with malware or accidental deletion of critical work-related files. 

Secure Your Home Router

In addition to the wise advice from SANS, some further actions can make working from home more secure. One often-forgotten and often-exploited vulnerability is the home router. Generally, once installed, most people never think about their router again. Having a 'set it and forget it' attitude about a home router is problematic. If the default password is never changed, it can be defeated easily with a bit of research, allowing threat actors to find their way into the network. 

Home routers also need to have regular firmware patches applied to secure against known vulnerabilities for which threat actors are always scanning. Unpatched hardware can have multiple vulnerabilities ripe for exploitation, allowing a home network to be the launching point for a cyber attack.

Virtual Local Area Networks and VPN Connections

Using a regular home network for work purposes is discouraged. If an employee is accessing sensitive or proprietary information, they should not be using open or public Wi-Fi networks, which are inherently insecure.

The use of a VLAN (Virtual Local Area Network) at home will provide a more secure connection back to work. Setting up and maintaining segregated VLAN on a home network to be used exclusively with work equipment prevents any malware or other security problems on a home network from spilling over onto the employer's systems.

A Virtual Local Area Network with a VPN tunnel connection secured with a complex password and multi-factor authentication is preferable to using a Remote Desktop Protocol (RDP) connection into the work network. While RDP is a quick and easy way for remote workers to connect to their workplace network, compromising RDP sessions is one of the most common methods used to breach systems and launch ransomware attacks. If using RDP is the only work from home solution, be sure to use a complex password and multi-factor authentication to be as secure as possible.

Antivirus and Endpoint Protection

Whether your employees are using a personal computer, or one provided by the workplace, make sure they use regularly updated antivirus software and endpoint protection on the computer used to access your workplace network.

Scan the home-based computer for malware before connecting it to your workplace network. Otherwise, an infected personal computer can quickly become the root cause of a network intrusion and the jumping-off point for a full-blown ransomware attack. Some VPN clients, such as AnyConnect, FortiClient, and Checkpoint, can enforce antivirus compliance on a device before allowing it to connect to the network.

Encourage Questions

Finally, if your employees aren't sure about the security of their connection from home or have questions about your expectations regarding the handling and security of their data, be sure they know it’s okay to ask. These are genuinely unique times, and issues are sure to arise that haven't been tackled or considered previously.

The shift from shared public office spaces to remote home offices has had to happen quickly for public health reasons. But a quick move shouldn't mean a haphazard and insecure one that leaves business networks more vulnerable to cyberattacks. 


Cindy Murphy
Cindy Murphy

Cindy is the President of Digital Forensics at Tetra Defense. She is a certified forensic examiner with a M.Sc. in Forensic Computing and Cyber Crime Investigation through University College, Dublin.

Visit Website