Stars-image

Blog

Welcome to Silent Sector's blog, news, and resource area.
0 Comments

Benefits and Cybersecurity Tips for Your Remote Workforce

In a previous article, we highlighted the tactics scam artists are exploiting from COVID-19. Unfortunately, technologically savvy criminals are also exploiting the virus by taking advantage of the rapid Work from Home (WFH) adoption. Most organizations were not prepared for this overnight adoption and consequently cut corners during the implementation. We have compiled a list of key elements every organization employing WFH should consider.

The Benefits:

  • Save money on travel costs and office space
  • Employees can always meet deadlines
  • Increased productivity without distractions like unnecessary meetings, political gossip, etc.
  • Employees can work regardless of catastrophic events

The Risks:

  • Unsupervised employees have direct access to the company network
  • Introducing Man in the Middle attacks with remote connections
  • Easier for hackers to attack your business because employees are remotely accessing your internal network. Home computers are often shared by family members who visit sites and run software that can infect your network or introduce session hijacking
  • Most residential antivirus products won’t stop hackers targeting your business

Before Adopting WFH:

  • Hardware - Best to issue a company-owned device with patched software, anti-virus, and a properly configured firewall. It is expensive, but the safest option.
  • Secure Connection - Remote workers need a secure Wi-Fi network and a trusted virtual private network (VPN) to encrypt communication with internal resources. Not all VPNs were created equally and some store logs.
  • Strong Passwords - VPN security can be overcome with weak passwords. Does your organization have a password policy?
  • Multi-Factor Authentication - While not perfect, MFA is still one of the best safeguards to prevent account takeover.
  • Principle of Least Privilege - Only give staff members access to what they need to perform their jobs.  Remote administrative accounts should be approached with extreme caution. Regular accounts should have minimal access to information and system rights. This keeps potential adversaries from pivoting.
  • Encrypt hard drives and invest in remote wipe software to protect data against physical theft.
  • Provide Employees with formalized policy and procedures to follow at the first sign of compromise (escalate, change passwords, etc.). Incentivize employees to report odd behavior.  
  • Develop and keep a current Incident Response Plan.  This step takes time and focus, but significantly helps alleviate attacks.

During WFH:

  • Baseline employee activity and monitor employees who present the greatest risk (i.e administrators, system owners, executives, etc.)
  • Update policies, monitoring techniques, and hardware as needed

 

Due to the COVID-19 pandemic, the number of people working remotely has skyrocketed. As the virus progresses, working from home will start to become the norm for many companies. Has your organization considered the security issues that are associated with a remote workforce? Contact Silent Sector to see how you can secure remote employees and continue to be productive amidst disruptive events like COVID-19.

About the Author

Written by Haidon Storro

Cybersecurity Research & Content Manager, Silent Sector -- Haidon Storro is a Cyber Security Analyst in the utility industry. She has her BS in IT Cyber Security as well as security certifications like the CompTIA Security+. While Haidon is newer to the security community, she has dedicated herself to learning as much as she can through internships, online courses, and conventions like DefCon. In her free time, she enjoys reading about new advancements in technology, going to security meetups and participating in cyber defense competitions. One of Haidon’s goals is to make the connected world safer by bridging the human aspect with technology. Cybersecurity is not only a vehicle for her to achieve this, but a passion for life.