Threat Model and Security Considerations For Remote Workers
As the world faces uncertain times, due to the spread of the pandemic COVID19 (coronavirus) outbreak, organizations around the world sent hundreds of thousands of employees to work from their home.
A pandemic of this magnitude has increased dependency on the digital communication. The Internet of Things (IoT) has instantaneously become the preferred channel for effective communication and human interactions which has also then increased the threat surface exponentially.
Remote work presents the challenge for information security because remote work environments don’t usually have the same safeguards as in the office. When the employees are at office, they are working behind layers of preventive security controls. So it is harder to make a security mistake while at the office. Cybercriminals are increasingly exploiting the vulnerabilities of working at home through various techniques.
The security teams are scrambling for the right measures to put the necessary security controls in place for remote workers.
Security threats facing the remote workforce
1. Insider Threats
The fear and uncertainty caused by a pandemic makes employees to behave differently than they usually do. Users that are scared of the future of losing their job and due to the fear of not being able to perform their job functions optimally, might download their work files to a computer which may be unsecure.
When the employee is using their personal devices like USB, hard drive etc. to access sensitive data and if the device doesn’t have corporate security controls, then it leads to Opportunities for Data Theft, Malware Infiltration etc.
2. Insecure Passwords
Simple passwords are an incredibly easy way for the hackers to crack. If a hacker gets hold of the credentials, then they can log into your system and access all of the information and system controls that would normally be available to you. Hence, the hackers bypass the authentication and gains unauthorized access to multiple accounts in a very short period of time, if an insecure password is used across several platforms.
3. Bypassing the Multi-Factor Authentication
Another main threat to the remote workforce is man-in-the-middle attack. An attacker intercepts the authentication token which the server sends back to the user, and attacker uses that token to log in from their computer. Once the attackers gain access, they can use malware to start up a C2 attack, trying to infect other users with malware, or the intruder engages with the targeted system to gather information about vulnerabilities to look for sensitive data to steal.
4. Phishing
One of the most common threat is phishing which is an attempt to obtain personal information such as passwords, financials details by a person posing as a trustworthy party.
Cyber criminals use phishing to lure users in sharing their data and login credentials, typically through an email, phone calls, or SMS. In an organization, while IT security measures are helpful, phishing defense starts with the employees. They should be wary of unexpected calls and requests. The employees should be very well trained in the types of e-mails, and patterns what they would face in such situations
When it comes to a remote worker, they must be very aware of the vulnerable to threats like phishing attacks. The phishing attacks will happen to any employee who opens fake websites and start using it unknowingly. The COVID-19 pandemic have nurtured the cybercriminals into the world of phishing. Attackers have created lots of mails encouraging users to click certain links, attachments. They have built fake websites that sell medical gear or cure which instead may infect your computer and steal any information.
5. VPN Brute-Force
While so many people are working at home, this provides a huge playground for the attackers to perform a brute-force attack through the VPN. The attacker uses continuous authentication attempts until the right password, username or pin clicks which helps them to gain access to any password protected platforms and collect required information needed.
These rapidly increased-attack surface during the COVID-19 pandemic need to be monitored and protected. Cyber-Security teams should be on high alert for brute force and server-side attacks.
Security Measures
1. Require endpoint protection
When a user works in an office, company firewall enforces web filtering rules to protect their devices. However, when people work from home, their laptop needs to pick up that role and enforce any web filtering rules defined by your organization.
A policy needs to be defined that all home employees must use an antivirus tool on the machines that access the firm’s resources.
The Web Control capabilities of many Endpoint Protection tools stops risky file types being downloaded and blocks access to inappropriate websites.
2. Utilize cloud applications
One of the best ways to keep company’s data secure from local-network attacks is to keep the files and services on the cloud. They include updated security features that are compliant with industry regulations. Cloud-based collaboration platforms make work from home easy for remote team members as cloud work also makes backups, restorations, and integration easier.
3. Review what software remote employees need
Due to the increase utilization of video conferencing tools like Zoom, Webex, Teams etc. during this period, the employees need to review privacy policies and secure information handling policies. Users may inadvertently expose information during video calls. Overall guidance need to be provided on how to handle remote working that includes communication, well-being checks, and reviewing what devices will be needed for the process.
4. Data Encryption
Sending emails with confidential or sensitive documents is always going to be a risk. It could be intercepted or seen by a third party. Most of the organization already has data encryption tool enabled if we are using organization’s network and a device which is provided by the organization. If you are using your own personal device, you should check to see if your email and other data on your device are encrypted. If the encrypted data is attached with an email, it prevents an unintended recipient from viewing the information. Also, be sure that all sensitive information is encrypted in the devices, in case of theft.
5. Do use a VPN (Virtual Private Network)
Nowadays, organizations instruct employees to use a VPN when remotely accessing any documents or applications used by the organization. VPN bridges the employees to the organization’s network by creating an encrypted connection while on a not-so-secure network. If you want to connect to your organization’s VPN, contact your organization’s IT personnel or the respective authorized personnel.
Since, nowadays, there are several vulnerabilities spotted in VPN software, it is highly recommended to ensure that your VPN solutions are up to date.
6. Install MFA (Multi-factor Authentication)
Even though it has been discussed earlier on the bypassing of MFA, it is still found to be rare and the MFA are proven effective at multiple occasions. For any access to a network or a portal, an MFA requires the user to confirm the user’s authenticity by providing more than one information for authentication which has been set initially.
This provides multiple barriers and hence restricts anyone to access the user’s information other than the user.
7. Provide Awareness to employees on scams
It is essential for organization to educate the employees on the scams, especially for those who are working remotely. The COVID-19 situation has raised a vast number of scams to a whole new level. Links from unsolicited mails, use of untrusted sources, sharing of personal / financial information through any portal are few of those issues. Organizations need to, not only provide awareness on the different types of scams, but also to make all people involved within the organizational system to understand their responsibilities to the organization’s mission, required knowledge on the IT security policy/procedures, and ways to protect the IT resources for which they are responsible.
8. Use company devices
Remote workers should be provided and only allowed to use company devices, since company devices have their own security measures which proves a minimum protection against threats. The software used in the devices fulfills the latest security patches and the hardware is designed to work within a corporate environment. If the company does not provide a device, then at least the personal devices should be shown to the IT personnel to provide essential security requirements before moving on to any official work.
9. Practice Physical Security
Just as encrypting your data is important, so is physically securing it. Physical security is nothing but taking physical measures in securing your devices.
If you are working at home, be sure to lock your doors whenever you leave your house, even if it is just for a minute. Physical security becomes more important if you are at a public location. Never leave your laptop, or mobile device unattended. If you must leave your device in the car, it is good to lock it in a trunk rather than in the car. But it is preferable and safe to take your laptop along with you. If ever you charge your phone at a publicly available charging port, protect your phone with a USB data blocker which allows your device to connect to power without leaking any data. Also, never use an unknown flash drive which may contain any malicious software that may infect or affect your data.
10. Stick to Private Secured Wifi Networks
Unsecured wifi networks are one of the biggest security risks for the remote workforce. Most of the employees picks up whatever wifi network is available. The problem is that unsecured Wi-Fi networks brings business risks by intercepting the confidential data by third parties. It is advised that remote workforce stay away from unknown wifi networks. Then supply them with mobile hotspots to provide their own company-configured secure wifi network in any location that can get a signal or to use a personal hotspot from a dedicated device or your phone.
The furthermost priority of the Security Specialist is the protection of critical information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.
People are one of the weakest links in the security chain. The opportunities for employees to make mistake and compromise important informational assets have increased exponentially. Keeping your company safe and providing remote work opportunities is an interesting balance of connectivity and tight security.
While this is a stressful time given the uncertainties, it’s also a great time for seeing how ready each organizations are for emergencies and other remote worker needs.