Working from Home? Here’s Your Cybersecurity Checklist
Although many industries have been trending toward remote-only over the past decade, the global emergency caused by COVID-19 has been an unexpected catalyst for rapid change. The sudden shift to remote operations left many organizations unprepared for the realities of a 100% remote workforce.
Tyler Chancey
Cybersecurity Consultant The Scarlett Group
In our experience, many organizations utilized their IT teams and consultants to great effect and have observed exceptional results from their workforce. We even have anecdotal evidence of increased productivity, collaboration and job satisfaction from many of our clients. However, this move has not been exclusively positive for companies. Whereas we anticipated the more obvious negative effects, such as lack of physical IT support, we have observed many cybersecurity-conscious clients become overwhelmed by the new challenges presented from a remote workforce.
This checklist will help you address some of these concerns.
ZERO-TRUST
Employers trust their teams to do their jobs to the best of their abilities using the tools provided. The attackers know this and make every effort to exploit the implicit trust given to employees by IT solutions. A newer trend in cybersecurity is the concept of “zero-trust.” Basically, tools should be in place to verify that every action is being taken by the proper individual. Just because we see that John’s account is active doesn’t mean that John is the one behind the keyboard.
Solutions: A full zero-trust security model relies on the tried-and-true “principle of least privilege.” Proper permission management is key — only give users the access that they require to do their job. Couple this strategy with a log-correlation engine such as a Security Information and Event Management (SIEM) solution to check user login locations, brute force attempts and other suspicious account activities. Always use multifactor authentication wherever possible. The goal here is to use tools that provide a baseline for normal traffic and alert when something looks fishy while double-verifying everyone is who they say they are.
KEEPING ASSETS CURRENT
Patch management is critical during normal operations. Remote operations magnify the impact of unpatched devices because users are less likely to manually check for patches if the process is not automated for remote work. Ensuring that your organization keeps workstations, tools and software patched is critical in defending against potential threats.
Solutions: Generally, we recommend a remote management and monitoring solution that checks device patch status and pushes patches in an organized manner. Centralized reporting and compliance monitoring is critical, especially when it cannot be spot-checked physically.
BACKUP AND CONTINUITY
Many companies were forced into this current scenario without a real plan. Continuity planning can be a nightmare, especially with all the different factors to consider. Hopefully, this event has been a bit of a wake-up call for some companies on the importance of accounting for natural disasters. It is not unrealistic to have contingency planning for disastrous events. Use this time to ensure your infrastructure as a whole is properly protected and backed up. Disaster recovery is more than simply having a backup — you need to be able to get back online quickly after an incident.
Solutions: Disaster recovery as a service (DRaaS) is a newer trend in business continuity that not only ensures data is protected but also stores images of the entire network as redundant “hot sites.” These services allow an organization to quickly recover from major incidents without having to rebuild the entire environment.
ENDPOINT SECURITY
Just as patch management is important to your endpoint security solutions, antivirus doesn’t do much good if it’s not running properly. Centralized management solutions are a great way to ensure that you are getting what you pay for with your security tools and allows IT to take proactive approaches in resolving persistent issues.
Solutions: Again, we will recommend a remote management and monitoring solution that checks device antivirus status and alerts IT should something go awry. Centralized reporting is critical for endpoint security. Sometimes an antivirus event can be an indicator of a risk that is much bigger beneath the surface.
USER FEEDBACK AND AWARENESS
Listen to your users. If they observe something fishy, accidentally click on a bad link or generally have issues with a security product, then it might be time for a change. Your IT team and users should be on the same team. Lack of awareness can lead to major friction between technical and nontechnical staff.
Solutions: Cybersecurity awareness training is vital for organizations of all sizes. Once users are trained, they know what to look for in a security event. Take all feedback seriously and create a system to check for incidents as needed.
As ALA members, you know your business partners are a valuable resource. In these unprecedented times, they remain here for you and your firms. We've compiled a list of resources they have available; they have essential information about how to handle the threat of coronavirus in the workplace.
About the Author
Tyler Chancey is a Cybersecurity Consultant with The Scarlett Group. One of his core job responsibilities is evaluating and architecting cybersecurity solutions in order to facilitate a stronger security posture both internally and within client’s networks. His previous roles include extensive experience as a Security Operations Center Intrusion Analyst with a Fortune 5 company.