For many businesses the last few weeks have been spent firefighting as business continuity plans are rapidly enacted and remote working is deployed.
New users have been added to collaboration tools like Microsoft Teams, remote working policies dusted off and distributed, and perhaps you’re now seeing a slowing down of support tickets as remote workers settle into the new normal.
Now’s the time to review where you are and start optimising tools to ensure staff can perform at their best and that business continues where possible.
The most essential job is to shore up network security.
If you’re concerned about remote working ad security threats, book a free consultation with our CSO to discuss what solutions you have in place and where you might be vulnerable to attack. Click here to arrange a call >
Remote working network security threats
The rapid deployment of remote working may have left your network vulnerable to threats – both insider and external threats.
Insider threats
At this time, insider threats are most likely to be in the form of human error as users are becoming familiar with new technology and ways of working, and hackers exploit their lack of knowledge. It is therefore essential to raise awareness of current threats – especially phishing and social engineering attacks – and offer users training and support.
We’re also seeing Covid-19 phishing attacks which are preying on people’s fear and anxiety over the coronavirus pandemic. There are scams targeting vulnerable individuals with the goal of relieving them of their cash, but also attacks designed to access your organisation’s data using employees to establish a connection to your network.
Email security gateway tools can provide add another layer of protection when users are working remotely – these can be easily deployed on premise and in the cloud. Please get in touch if you would like to learn more.
Personal devices and home WiFi
There are several security issues with personal devices and home WiFi. The first is that personal devices don’t have corporate security controls which means they are easier to hack, similarly home WiFi may be insecure.
User behaviour can also be a threat. Employees may be worried about job security and that may lead them to download work files and data onto their personal devices – either because they think they may soon be in the job market or because they think it will be easier to perform their job
If your company is relying on users own personal devices rather than providing them with corporate devices, there are tools like Microsoft Intune to help you protect data and manage access to corporate systems on your user’s own mobile devices.
VPN brute force attacks
In the last two weeks, ZDNet has reported a 33% increase in enterprise VPN connections. That has increased the opportunity for VPN brute force attacks as there are over a million more targets to exploit than earlier in the year.
Attackers target a VPN portal and blast it with multiple authentication attempts using pre-gathered lists of credentials. As some companies have disabled built-in lockouts to reduce support tickets from users who are struggling to remember their logins and get connected remotely, these companies are especially vulnerable to a brute force attack.
These vulnerabilities should be addressed quickly, and multi-factor authentication enabled.
5 steps to boost network security and make remote working more secure
- Review security policies for remote workers and make sure that employees are aware of their responsibilities
- Instigate security training including spotting phishing emails and other attacks
- Review and establish policies including conditional access and multifactor authentication and check security defaults
- Implement mobile application management policies
- Explore intelligent threat-hunting security solutions that can ‘learn’ what’s normal activity on your network and identify unusual behaviour – even when remote working is not the norm
Please get in touch if you would like discuss any of the subjects covered in this article. Or book a free cyber security health check to find out what you need to do to protect your network.
