We can expect over the coming weeks and months to see global businesses continue to work and collaborate in remote environments at a scale we’ve never seen. This undoubtedly generates a broader attack surface for large corporations as well as small and medium-sized businesses. By following these tips, companies and their employees can significantly improve their organization’s security posture during this global health crisis and create a great precedent for remote work engagement for the future.
- Offering the Cyber Basics on Company-Issued Laptops: Where possible, IT staff should provide employees with company-issued laptops that are equipped with a VPN solution that uses multi-factor authentication, are fully patched and have advanced endpoint protection tools installed.
- Deploying at Scale Anti-Phishing and Other Important Cyber Hygiene Trainings: Cyber hygiene’s never been more important, but with so many other professional and personal concerns currently top-of-mind, practicing good cyber hygiene can fall by the wayside. Trainings should feature anti-phishing education and offer other helpful reminders – from not plugging in USBs to avoiding untrusted websites and not giving laptop access to family members.
- Expanding Virtual Help Desk Remits and Promoting Constant Communication: Employees can’t secure their home networks and personal laptops by themselves. IT and security staff need to evolve from a reactive to proactive remit and offer the right level of support and communication to employees. Through written support packages, trainings, Help Desk calls and other means, such support should cover how we do all of the following:
- Evaluate current anti-virus and anti-spyware software and easily download missing software.
- Escalate suspected phishing attacks and suspicious social-engineering calls to appropriate company personnel.
- Replace Wi-Fi router default passwords.
- Enable domain name service protection.
- Disable any and all browser plug-ins.
- Avoid untrusted cloud and web-based services.
- Employers Elevating their Own Cyber Secure Processes: It is an ideal time for companies to re-evaluate and enhance cyber security solutions for remote users. IT and security staff should consider:
- Boosting monitoring of anomalous data transfers and wire transfers, and ensuring that all email-based wire transfer instructions are validated through phone calls.
- Restricting employees’ personal devices from accessing external file transfers and Outlook .pst downloads.
- Reviewing all configurable security options on VPN solutions and affirming that such solutions can validate the baseline security of remote nodes attempting to connect.
- Constantly assessing VPN solution performance based on the number of employees accessing it. Where possible, reducing the load on the VPN by allowing direct access to fully-patched common applications that are protected by MFA and enhanced logging.
- Revisiting Windows Active Directory security settings, GPOs, configurations and security groups as well as remote access network ACLs, segmentation and layer 2 and layer 3 security parameters.
- Implementing alternative backup solutions for remote workstations.
- Evaluating a broader group of cloud services to help ease the load of on-premise solutions.
- Blocking foreign originating-IPs where feasible.
It may not be business as usual, but it’s imperative we do everything we can to make our business and work environments more secure. Even in crises, hackers don’t take a day off and neither should we. There are myriad cyber risks to be cognizant of in the weeks and months ahead. To learn more about these, please review Aon’s 2020 Cyber Security Risk Report here.
We’re in this together. And no matter the severity of the issue your organization faces, we’re here to help you.
Authored by Eric Friedberg
Stroz Friedberg, LLC, an Aon company, doing business as Cyber Solutions has provided the information contained in this paper in good faith and for general informational purposes only. The information provided does not replace the advice of legal counsel or a cyber security expert and should not be relied upon for any such purpose.