COVID 19: Strategies to Reduce Cyber Risk While Working from Home (OPINION)

by Jacques Francoeur, Chief Scientist and Founder at Security Inclusion Now USA

Virtually overnight COVID-19 orders have unleashed a global tsunami of work-from-home employees. Office staff, managers and critical business, administrative and technical executives are now working remotely.

The pandemic has triggered a “step function” increase in work from home employees and devices, creating significant threat exposure. Additionally, the typical operational risks related to lost and stolen remote access devices will increase proportionally.

Normally, when an employee requires remote access, appropriate training and secured devices are provided. It seems unlikely that adequate protection has been applied to the COVID-19 remote access demand tsunami. The vast increase in the number of insufficiently secured devices and trained employees has created a huge exposed “attack surface.” The targets – employee, laptop, smart phone, 2nd factor token. The intent – laptop takeover.

The common and effective impersonation techniques of phishing and its more targeted spear-phishing will be aggressively used. During this period of crisis, employees are likely to be hypersensitive to protecting themselves and their families; thereby, even more susceptible to social engineering malicious pretext scams. This means the success rate of these attacks is likely to increase due to their state-of-mind. Training employees to avoid these attack techniques is critical. As simple as, when you see a link, STOP – THINK – before you CLICK.

The typical operational risks related to lost and stolen remote access devices will increase proportionally.

By installing malware, an attacker can take over an employee’s laptop and remotely perform almost anything the employee is authorized to do, often without detection or audit trail.

How to respond. First, apply a risk-based approach to make best use of scarce resources. Identify the employees with access to the most sensitive information, riskiest business functions and those related to money. This is the urgent priority.

To reduce the potential impact of an employee’s credential being compromised, use role-based-profiles and least privilege to limit access rights, especially for administrators with powerful credentials. Remove local administrator rights for employee accounts that are used daily. This drastically limits what an attacker can do. If local administrator rights are required, create a separate, rarely used account with strong multi-factor authentication.

All remote access should be considered a medium to high risk. Channels should be strongly encrypted. Simple password-based authentication is insufficient. Two-factor authentication is needed. For employees such as executives, administrators and decision makers/approvers, use a physical 2-factor token generator. For the remaining employees use a soft-factor mechanism such as an SMS-text verification to a pre-registered, independent, “out-of-band” mobile device which the attacker is unlikely to control.

Monitoring all remote access channel activity is critical. Legitimate employees have roles and corresponding access and activity patterns. This daily set of activities can establish a “trusted” baseline from which any deviations may indicate a compromised credential. Access activity should be logged and monitored for anomalies as simple as time and location-of-access. A compromised credential will “behave differently.” It may attempt to go places it has never been nor is in scope given their role.

When you see a link, STOP – THINK – before you CLICK.

Data loss prevention tools can be used to monitor egress traffic for sensitive and proprietary data and intervene as required. Information Rights Management functions of document management systems can be used to maintain control and protection of sensitive files outside the network.

Many other security measures are required to form a complete protected environment. Consider that remote access should only be permitted from a “whitelisted” registered IP address and from a “MAC address” registered laptop. Before providing access, the device health should be verified and pathed. Only use remote access devices for work functions. Do not use for Internet browsing. Inactivity time-outs should be short. Printing should be controlled. Data on remote access devices should be encrypted. Remote destruction capability can manage the increase in device loss and theft. Remote access devices should be used in private and secured physically when not in use.

LAST UPDATE: 2020/05/06
Building resilience for climate emergencies
by ITU News Australians have been very enthusiastic adopters of cashless payments. In fact, some predict that Australia could become a cashless society by 2022. And then the fires started.
Telecoms, Coronavirus and keeping the networks running: OPINION
By Tomas Lamanauskas, Partner, Envision Associates Ltd.
COVID-19: China’s digital health strategies against the global pandemic
By ITU News Digital health technologies are critical tools in the ongoing fight against the global COVID-19 pandemic.
Reducing the global healthcare shortfall using AI
By ITU News Dr Nick Sireau finally found a way to save his children from decades of disabling pain: weed killer.
COVID-19: How mobile phone contact tracing can save lives – and preserve privacy
By ITU News Contact tracing is a key public health response to limit infectious disease outbreaks such as the global COVID-19 pandemic.
COVID-19: How tech is helping nurses
By ITU News Now more than ever, hospitals are under great stress, and the people bearing the brunt of this pandemic are the nurses and clinicians at the frontlines of patient care.
How can AI impact security? Key takeaways from an ITU Workshop.
By ITU News Artificial intelligence (AI) and machine learning have come a long way and are already being deployed by many of the world’s biggest information and telecommunication (ICT) companies to help combat the growing range of cyberattacks.
As cyber threats evolve, so does investment in new security responses
By ITU News Cyber threats are growing exponentially.
How are governments staying safe? ITU releases its third Global Cybersecurity Index.
By ITU News More than half the world is now online for the first time ever.
COVID-19: 7 key ways to keep children safe online
COVID-19: 7 key ways to keep children safe online