#WorkingFromHome: Cybersecurity challenges of the new normal
The COVID-19 crisis has brought much of daily life into question. One key question still remains unanswered: Is the era of the office over? With a 1/5 of the workforce now remote working, COVID-19 has been a lesson in teleworking and most pundits believe it could change the way we work for good. In fact, FUJITSU have revealed that they will be reducing their office space by half and implementing flexible working indefinitely.
But the new normal is easier said than done, implementing #WFH has been trial by fire for higher-ups and IT teams. If there are benefits to remote working (such as increased productivity, better work-life balance and reduced expenditure on office space) it may come at a cost - security. With our conversations, data and information being shared via networks, companies have had to rely on IT systems to keep their sensitive data secure. In this article, we provide guidelines to help you implement a proactive and robust response.
The new security challenges and how to overcome them
The urgency of COVID-19 left plenty of room for error. Getting teams setup on secure networks, installing new software, and making people aware of remote working practices takes time, and most companies had to work in an in-between state before finding their feet with a secure remote working setup.
Inevitably, the dilemma encouraged a huge uptick in malicious activity online. In large part, this found the form of online scam attempts capitalising on the crisis. Phishing, identity fraud, and impersonation all propagated a huge amount of malware; such as ransomware and Trojan horse viruses. Much of this was enacted by cybercriminal groups or even highly skilled attackers known as APT (advanced persistent threat). IT engineers had their work cut out. They had to deal with the urgent remote workplace setup while at the same time staying alert to increased threats directly related to the crises.
Security tips for remote workers
When your company’s customers entrust you with their valuable data, it is your duty to ensure data security at all times, especially when working from home. Here are 10 tips for you to follow while working from home.
- Keep the software on your device updated.
- Use your device and/or secure remote desktop for professional purposes only.
- Use a VPN for connections with your internal systems.
- Regularly change your passwords, including your home router password.
- Do not install unauthorised software or applications.
- Do not share confidential information in non-encrypted emails.
- During video conferencing, ensure your visual environment is secure and that you won’t disclose confidential data by accident.
- While on the phone, make sure to identify your interlocutor. If in doubt, don’t disclose any information!
- Be careful what you publish in social media. For example, photos of your home office may reveal confidential information.
- Last but not least, follow your security team’s guidelines and stay alert!
Dealing with threats
While threats are dynamic, and are often adapted sector by sector, there are some fundamental techniques for cultivating cybersecurity practices. While these guidelines cannot provide immunity from threats, they provide a useful starting point for companies looking to reduce risks and develop a robust security operation.
Limit exposure of the IT system
Unpreparedness and urgency are at the centre of cybersecurity problems related the COVID-19 crises. We have commonly seen IT teams open up RDP (remote desktop protocol), SSH (secure shell) and SMB (file sharing) services directly on the internet. This is so employees can connect without a VPN, while IT teams are in the process of setting up a working VPN or secure remote desktops.
It is crucial to limit the exposure of these services to employees only. Block any robots that might be continuously scanning the internet by configuring trusted IPs in the firewall. While it is possible to reduce the associated threats, RDP and SMB protocols are still highly vulnerable. Getting VPNs setup for all your employees quickly, should be the goal. Once the VPN is setup, tell your users to set a strong password (preferably a long, randomly generated set of numbers, letters and special characters) and, if possible, set up two-factor authentication.
Get employees on-board
Employees can either be the weakest or strongest link of your company. Cybercriminals commonly use social engineering attacks to get to your data or infrastructure. These malicious attempts are designed to catch unsuspecting employees off-guard – who are either scared or tricked into action by the use of trust-gaining and urgent-action techniques. Integrating a security testing and training protocol is essential as a response:
- As the frontline in your defence, your employees need to know how pivotal they are in maintaining your company’s cybersecurity operation.
- Ensure employees know where and how to report malicious e-mails, phishing attempts and other attacks they may spot.
- Test them – verify how vigilant they are and how they react to unusual situations and under pressure. Having security training once in a while is not enough.
A good tactic is to send occasional phishing emails to employees to measure their response. Making security training and testing a common practice is crucial.
Detect unusual behaviour
Easier said than done, detecting unusual activity is key to preventing a threat or catching it before it’s too late. This practice involves keeping a close eye on infrastructure activities; both human and machine. If something seems off, it’s always best to check. Here are a few detection best practices:
- Follow up any incident of a user logging in during the night, or at the weekend.
- Follow up if a user is connecting via an unusual or unauthorised ISP
- Monitor the use of machines during non-working hours to detect unusually intensive CPU usage that may indicate an infected machine.
We recommend collecting data on how, when and from where your employees are connecting to your information system. This data can be utilised to detect anomalies more effectively. By detecting out-of-normal behaviour, and reacting quickly, you can limit the potential damage caused by a malicious attempt. In 2019, it took an average of 56 days to detect an intrusion, which is far too long in the context of increased security threats.
Essential tools for the new normal
Security protocols should be baked into every corner of your operation and be central to the culture of your company. At OVHcloud, we not only promote a security culture amongst our employees and partners, we also implement a security-by-design principle when it comes to infrastructure and resources. The tools we use are as much a part of our defence as the people we employ and work with.
Software tools, such as video conferencing and collaboration tools present a major security challenge. Reliance on these tools makes companies more vulnerable to safety, privacy and data security issues – placing their classified information and data at risk. A recent example is the video conferencing company ‘Zoom’, who have has come under heavy scrutiny for security and privacy issues related to a surge in new users.
The Open Trusted Cloud
We view security as a joint effort and strive to work with partners who uphold our values when it comes to security. Most of our customers utilise multiple providers for varying reasons, which we encourage with our values of openness and interoperability. But we believe that each party should be unified in their security principles and that any weak link undermines the overall goal. This is why we have put forward a new initiative, that binds partners who share the overall goal of cloud security: The Open Trusted Cloud.
The ambition is to co-build an ecosystem of PaaS and SaaS in cloud computing whose core value is respecting the freedom, trust and security of their users. The Open Trusted Cloud program provides trusted partners with our seal of approval, confirming their commitment to common values and trusted solutions – with particular attention to their values surrounding data protection. With classified data now, more than ever, under threat, it is vital to keep data protected and secure.
For OVHcloud, this means being compliant with European Laws to ensure data cannot be intercepted or analysed by authorities overseas, as well as implementing security best practices across the board. You need to be sure that your sensitive data – such as company secrets, financial data or data tied to legal requirements – is secure.
Below, are some of the top tools for secure teleworking, offered by partners currently enrolled on the program:
- ‘Citadel Team’ – A secure business messaging application used by millions of users. This intuitive app offers chatbot technology to integrate business applications with the very strictest cybersecurity. All communication is encrypted; including chats, calls, file sharing and much more.
- ‘Cryptobox’ – Considered the most secure cloud-based file sharing and collaboration solution, Cryptobox has received the Standard qualification from the National Cybersecurity Agency of France (ANSSI), restricted information certification and CCEAL3+ certification. This means the documents you store and share have end-to-end encryption, as though each user is sharing files on a secure VPN.
- ‘Tehtris’ - Cybersecurity solutions that are able to anticipate and neutralise threats such as spyware and ransomware. It does this using many modules, including its EDR (Endpoint Detection Response).
Working life will be reimagined in the wake of COVID-19. Work from home practices will likely stay put, at least to some degree. While there are advantages to this, there is also a new responsibility for companies and IT teams. Novel security threats demand a proactive response – including increased protection of IT systems, employee awareness and training, and improved detection techniques. Further to this, IT teams need to consider the tools they use, weighing up their security benefits as well as their practical uses. As a joint response, companies and providers need to be working together – meeting the new cybersecurity landscape with increased cooperation and understanding.