Protecting remote workers with strong endpoint security is more important than ever. As we’ve heard from countless news stories and our own clients, many companies are moving to work from home policies and enabling remote staff in rapid time. Here’s a step-by-step checklist of what you can do now to protect your remote workers with strong endpoint security.
Remote Workers: The New Reality
The personal and business response to the coronavirus and COVID-19 pandemic means that we have a sudden, massive remote workforce like we’ve never seen before. At a minimum this will be for a few weeks, if we’re fortunate. But more likely, it will stretch into a few months, or perhaps longer. For many organizations, work from home may become standard as lives are disrupted and businesses face the reality of adapting.
We are all challenged to figure out how to keep our businesses up and running in this new model and make sure we have the capacity to support our remote access needs. Unfortunately, remote computing is also exposing many organizations to a security risk they may not have fully understood or dealt with before.
The remote workforce means there are now many more employee workstations sitting outside the corporate network. There are millions of employees and contractors now connecting to the enterprise via home networks with no firewall protecting them. At the same time, security teams are being asked to maintain 24×7 monitoring and visibility while working remotely themselves.
Unfortunately, there are threat actors already taking advantage of this situation. They are using phishing attacks and fake coronavirus maps to lure users into unknowingly expose corporate credentials or download malware and ransomware. We’ve even seen public health sites hacked and embedded with malware. Researchers at DomainTools have issued an alert about a malicious Android app that pretends to warn users about those infected with the COVID-19 Coronavirus in their vicinity.
Don’t think that just because you are an “uninteresting business” or a small company that you are not a target for cyber-attacks. Ransomware is strictly about financial gain, and every organization is an equally viable target. Threat actors will likely take over any unprotected devices – especially a personal device – and wait till they are reconnected to the corporate network to launch a broad takeover for ransom.
Putting Protective Endpoint Security Controls in Place for Remote Workers
Here are six controls you can put in place to protect your workforce now and, perhaps more importantly, when employees return to the corporate office and network.
- Implement endpoint security beyond traditional antivirus.
Modern endpoint detection and response (EDR) solutions are designed to operate outside the corporate network. These solutions prevent malware and enable threat hunting. They also give you the ability to initiate immediate response actions, such as preventing new malware from running or removing malware from systems.
If you’ve been putting off an upgrade, now’s the time to consider next-gen EDR to get full visibility for all endpoint devices, off or on the network, and ensure strong endpoint protection.
- Implement multi-factor authentication (MFA) or Two Factor Authentication (2FA) for all applications.
Have you enabled MFA or 2FA for internal applications and your enterprise virtual private network (VPN)? Do you require MFA for external applications like Microsoft Office 365, cloud enterprise resource planning (ERP solutions, cloud customer relationship management (CRM) platforms, corporate social media accounts, and others? If not, make it a priority to do so immediately.
- Use a VPN for users who need to connect to critical internal systems.
Many corporate departments like Finance and Human Resources may be handling sensitive data outside the physical office for the first time. Employees who are still traveling for urgent or mission-critical business may be working from a coffee shop or hotel on their mobile devices. Requiring them to use a VPN will ensure that data stays private and that these systems are not exposed externally.
It is important to segment who’s allowed to access what over the VPN, and make sure employees have the access they need for corporate network access. The DHS Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance on VPN use specifically in response to the pandemic.
- Keep up to date with patches.
Don’t let the craziness slow down your patch management program. Now more than ever, all systems need to be up to date. As we’ve discussed in previous blogs, Not patching systems, especially those exposed to the Internet is the equivalent of running with scissors. It’s only a matter of time before something messy happens and someone gets hurt.
- Ensure you have 24×7 security monitoring coverage and capacity.
Now, more than ever, you need eyes on your network security, cloud apps and infrastructure, and endpoints 24×7. Employees are going to be working outside the normal business hours, often outside their corporate devices, and all these new security controls are going to generate more noise.
Especially when it comes to next-gen EDR solutions like Carbon Black, CrowdStrike, and Microsoft Defender ATP, you now (hopefully) have in place, it will take a lot of expertise to determine what new system processes or alerts are typical and benign, filter out false positives, and quickly respond to actual threats.
A pandemic situation like we’re in now is going to strain the resources of security operations teams that were already stretched thin at most companies and make it difficult to monitor activity while keeping up with the other logistical challenges.
At Delta Risk, we have a 24×7 security operations center (SOC) staffed with experts on a variety of endpoint platforms. Our team is handling endpoint compromises on a daily basis and is well versed with how to respond when a known ransomware exploit is in progress, or even a suspicious process that is commonly used as a staging point for additional attack is quietly placed on an endpoint device.
If you’re concerned about protecting your remote employees and business, and keeping your data secure, we invite you to get in touch to learn how we can support your in-house team with broader expertise and expanded coverage. We work with organizations of all types and sizes, and most new clients can be onboarded in a day or less. We are also taking active steps to protect our own employees and SOC team from the spread of COVID-19 to make sure they’re there for you.
Additionally, we appreciate the insights and advice from partners and other experts, and wanted to share the following resources:
Carbon Black COVID-19 Community Resources
CrowdStrike: Securing a Remote Workforce in the Time of COVID-19