Patrick Dunn is an Information Technology Consultant for small and medium businesses in the Tri-State Area
With the rush to ensure business continuity amidst threats like COVID-19, companies are left rapidly deploying a remote workforce infrastructure. We as IT professionals must ensure our employees are briefed on the cyber-security threats that exist on a remote connection. A secure remote contingency plan will ensure that any situation, present or future, won't restrict the continuity of your business. While vendors and MSPs aid in deploying solutions, hackers are already looking for ways to capitalize on holes within a network's security.
The main priority is to "get my team set up to work remotely, and yesterday." Because of this, network security protocols become secondary and often overlooked. The threat to your networks has increased dramatically, and hackers know this...and they're going to capitalize on this any way they can.
One of the most recent and notable incidents was an attack aimed at an interactive COVID-19 tracking map provided by Johns Hopkins University. The map was targeted by hackers who were selling malware claiming to compromise the map and infect users. The users were prompted to download software to view the map which contained malware infecting their network. There have even been emails posing as government sites tricking users to click links in order to learn more, but ultimately leading to users unknowingly infecting themselves with malware, and this is only the tip of the iceberg.
Going back to your email Inbox (which can be a great playground for hackers), think about how easy it would be to first hover over a link in a message before just simply clicking on it.
— Michelle Gibbs
Unfortunately, smaller companies don't have the time to integrate a brand new solution into their network when disaster strikes. They have to use the tools they currently have and deploy them as quickly as possible to mitigate any threat to their business workforce. Most of the industry leaders workforce's have the ability to go remote as quickly as sending out an e-mail. However, IT departments for smaller companies who aren't set up for these situations due to bandwidth restrictions or a telecommunication service are stretched thin.
The best thing to do before all else is to inform your users of the threats that exist via an email or meeting before you allow them access to your network remotely. Yes, we need to keep business moving, but a costly setback due to a malware attack will cause more work and time than an email and/or a quick call will.
“Despite international efforts to quell the virus, the World Health Organization recently classified this as a global pandemic; online scammers are trying to exploit this uncertainty through phishing attempts and bunk domain names,”
— Charles Poff, chief information security officer at SailPoint Technologies Holdings Inc.
Take the time to re-educate your employees on the importance of always staying connected to the network through a VPN tunnel and how the security of the entire network can be compromised by clicking one link or attachment in an email. Take the time to send out an email outlining your procedures and don't assume they should know. If you trained them before, review it again. You'd be surprised at how many employees simply "don't know" the risks.
While COVID-19 will become a memory in the months to come, the preparations and implementations of today will follow your business for years to come. The ability to switch your office to a remote setup at a moments notice will ensure that any situation that will arise, and it will again, provides your business with the continuity it needs. Providing your workforce with a means to work remotely and training your employees on proper security measures will protect the integrity of your network, the efficiency of your workforce, and the scale-ability of your company.
Tips to informing and mitigating the threats to your network users on a remote connection.
- Walk them through the process of connecting through a VPN tunnel.
- Send out a questionnaire regarding security to see how knowledgeable they are on your current security procedures.
- Notify them of the emails they may receive that could contain malicious links and attachments.
- Integrate multi-factor authentication.
- Hire a company to do a penetration test on your network to discover where your security may require more layers.
- Make sure your network users have what they need to effectively work from home and keep personal devices off the network. If you're a BYOD, consider using a remote desktop.
- Stress the importance of keeping personal browsing off of company devices, and encourage them to use personal devices when they need to take a break.