Share this article on:
The COVID-19 crisis has meant many individuals have had to self-quarantine or self-isolate, and organizations are under increasing pressure to let their employees work from home whenever possible. While these measures are necessary to keep people safe and avoid infection, having so many employees working remotely increases cyber risk. When people work from home and connect to work networks remotely using portable electronic devices, the attack surface grows considerably and new vulnerabilities are introduced that can exploited by attackers. With attacks targeting remote workers increasing, it is important to ensure that cybersecurity best practices for protecting remote employees are adopted to reduce risk.
Phishing Campaigns Targeting Remote Workers
Cybercriminals are already exploiting the coronavirus pandemic and are using COVID-19 and coronavirus-themed lures in phishing and social engineering attacks to steal credentials and spread malware. The first major coronavirus-themed phishing and malware distribution campaigns were detected in early January and the volume of malicious messages has grown substantially in the following weeks. Phishing attacks are likely to continue to rise as cybercriminals try to steal remote access credentials, as are weaponized email attacks that spread malware.
Campaigns have also recently been detected targeting remote workers. One such campaign alerts remote employees to positive COVID-19 tests in their organization. The messages impersonate their employer and claim to contain details of emergency protocols that have been implemented, which remote workers are told they must open, read and print out. Opening the attachments and enabling content will see malware downloaded. Security researchers have also detected an increase in domains being used for drive-by malware attacks.
VPN Vulnerabilities Being Exploited
Last year, several critical vulnerabilities were identified in the Virtual Private Network (VPN) solutions that are used by remote workers to securely connect to their work networks. Pulse Connect Secure and Pulse Policy Secure gateways and FortiGuard solutions were discovered to have vulnerabilities, and while patches were released to correct the flaws, many organizations failed to apply the patches since the solutions were in use 24/7. APT groups took advantage and exploited the vulnerabilities to gain access to organizations’ networks. Now with so many workers using VPNs and working from home, attacks are increasing again.
Many organizations are now using teleconferencing solutions, VPN services, and other remote access tools for the first time, and have had to deploy the solutions rapidly. Web and email services that were only accessed internally have now had to be reconfigured to ensure external access is possible. For the first time those internal services have been exposed to the internet. The speed at which the changes have been made to accommodate telecommuting workers has meant organizations have not had time to test thoroughly and ensure security is buttoned down.
Cybersecurity Best Practices for Protecting Remote Employees
With attacks increasing it is important to adopt cybersecurity best practices for protecting remote employees against phishing attacks and malware infections.
Organizations must ensure that the latest versions of VPNs are used and patches are applied promptly. On March 13, the DHS Cybersecurity and Infrastructure Security Agency (CISA) issued another warning about patching and updating VPNs for remote workers to make sure vulnerabilities are addressed. Organizations were also urged to implement multifactor authentication for all VPNs to further enhance security. You should also configure VPNs to start automatically when devices are powered up rather than relying on employees to manually connect.
The COVID-19 crisis is likely to last for several months, during which time many updates will need to be performed on software and operating systems. Scanning devices and ensuring patches are applied becomes more complicated with remote workers. Because it is difficult to maintain a persistent and routable connection to users’ devices when working remotely, the cloud should be considered for managing cybersecurity rather than in-house corporate cybersecurity solutions.
Ensure multifactor authentication is implemented for all applications accessed remotely by employees. An increase in phishing attacks targeting remote workers means it is more likely that credentials will be compromised. Multifactor authentication will help to ensure stolen credentials cannot be used to access company resources.
It is essential for home workers to have effective security solutions on their devices. IT teams can ensure solutions are deployed on corporate-issued devices, but email security, web security, and anti-virus solutions must also be deployed on employee-owned devices that are allowed to connect to the network.
Implement a zero-trust architecture on the network for remote workers and apply the principle of least privilege. Make sure remote workers only have access to the resources they need to perform their work duties and restrict privileges as far as is possible. If credentials are compromised, this will limit the harm that can be caused.
There is an increased risk of device theft when employees work remotely. To prevent data loss and impermisible disclosures, ensure all data on portable devices is encrypted. On Windows 10 devices, this is straightforward to implement by enabling BitLocker. You should also ensure that all web and FTP data is encrypted in transit. Firewalls should also be enabled on remote workers’ devices.
IT departments are now seeing large numbers of new devices remotely connecting to their networks, some of which will not have connected to the network before. That makes it much harder to identify attackers and easier for them to hide their connections from the security team. Monitoring must therefore be stepped up to identify malicious and suspicious behavior to identify cyberattacks in progress.
You must ensure you have sufficient licenses for software and SaaS applications to cope with the increase in remote workers. Sufficient bandwidth must be made available to cope with the increase in remote traffic. Calculate how much bandwidth you will need, then double it.
It is important not to underestimate the importance of training. A large percentage of cyberattacks occur as a result of user error. Refresher training is important for all remote workers to remind them about the risks of phishing and spoofing. With phishing attacks on remote workers soaring, training and phishing simulations are more important than ever.
Some workers may be using laptops to connect to work networks for the first time. It is essential for them to be trained on how to use new applications and security solutions. Unfamiliarity increases the potential for errors.
Remote employees should also be reminded of basic IT security practices that must be adopted when working from home. Remote workers must also be reminded about the procedures for reporting threats and potential compromises, and what to do if they think they have fallen for a scam.