Critical Infrastructure and Industries

The greatest cybersecurity threat to your organization works for you.

 

As many cybersecurity practitioners will tell you, the most imminent and dangerous threat to any network comes from inside — your employees. Untrained, improperly trained, or careless users can easily track malware into an otherwise secure network. This malware code is then able to propagate across the LAN, establishing a foothold for attackers to move laterally, copy data, shut down servers, or worse. Your employees unwittingly open the door to cyber attacks.

 

The danger your employees pose is exacerbated drastically when these same users are no longer working behind the relative safety of your corporate firewalls and protected networks. As the COVID pandemic raged, more and more workers were sent to work remotely – some for the first time. According to leading researchers, the percent of workers performing their jobs remotely ballooned from 20% to approximately 71%. You probably faced the same exodus as workers fled the office to work at home.

 

This uptick in remote workers has forced employers and IT administrators to come to terms with the growing, and often unfamiliar, security concerns surrounding a nearly completely remote work force. Employees working remotely are likely connecting to the internet via their home Wi-Fi router, the security of which is questionable and invisible to corporate system administrators.

 

Remote users are also more susceptible to advanced phishing attempts, luring them to give away their credentials or other information including user names and passwords. With help desk no longer ‘across the hall’ to validate the request, these phishing attempts are more dangerous than ever before.

 

This increase in remote workforce coincides directly with many companies mass migration to the cloud, though the two are not necessarily correlated the impact of both happening in simulcast is serious. Storing important documentation in the cloud is a cost effective and convenient way to keep data available for those who need it – but it also puts that same data at risk of being retrieved by those who don’t.

 

How you can remediate security threats.

Corporations who have had a work from home workforce pre-pandemic, should already know the way to remediate these potential issues and it remains the same. Using a secure VPN is just the start.

Training, training, training! User education is the cornerstone to security and it is vital that a company has a robust training program and your workforce understand what’s at stake. Training should include understanding basic security principles and best practices, as well as phishing, malware, physical security, and the concept of least privilege.

Strong password policies are a must and need to be enforced. This should be common sense but all too often companies neglect some vital components of the complex password methodology, which can lead to disaster. Allowing the IT Help Desk to reset passwords to Autumn2022 is asking for trouble, but it happens every day. Neglecting to enforce required password changes is also a problem at many companies large and small alike. Ensuring your password policy includes minimum character lengths, complex characters, no repeating numbers, etc. goes a long way in preventing a dictionary attack.

Two-factor authentication should be a requirement. In addition to a robust password policy, users should be required to utilize two-factor authentication either via a mobile application or a corporate desktop application.

Mandate administrative lockdown on laptops and other remote devices. Remove default administrative accounts from all devices and only allow domain authenticated system administrators to make changes or installations. This may be a thorn in the user’s side, but is a necessary evil.

Enforce corporate policy on BYOD systems. With more and more users receiving their emails on their phones, it is vital that the same corporate security policies being applied to corporate devices be applied to user’s cellular phones.

Ensure least privilege is being taken into account in the cloud and across the network. One of the most challenging things that a company can do is put together a strong and effective data policy. There are a number of data loss prevention tools on the market which can assist with this including classification of data, monitoring of data both at rest and in motion, and user accountability. Preventing users from downloading sensitive data to their remote machine helps not only protect that data internally but ensure it cannot be filtrated outside of the organization.

Monitor, detect, and respond. All security systems as well as all critical systems should be monitored utilizing either a robust Extended Decryption and Response (XDR) solution or a Security and Event Management (SIEM) tool. Use cases should be created to detect anomalous user behavior like network authentication from unusual locations, impossible travel, brute force attempts, authentication to unusual systems, etc. The addition of End-User Behavioral Analytics (EUBA) is particularly helpful in this arena and provides a very good solution to baselining normal and alerting on deviations.

Though the number of employees working remotely has increased dramatically, the basic security principles in dealing with remote employees remain the same. It is the job of the security staff to ensure that the policies required to ensure the safety of the user and network are being implemented and more importantly, enforced. You won’t be along. According to one survey, 79% of IT professionals cite information security as their main area of research interest for 2022. The same study reports that 37% of IT professionals plan to invest between $250,000 to $500,000 on cybersecurity in the next 18 months.