With the lockdown due to COVID 19, nearly every organization has moved rapidly to remote access for employees, and a much higher degree of internet sales and service for customers. For a number of teams that I have talked to, their transition was relatively smooth and they are typically finding they have been able to maintain productivity for most of their staff. This is good news, as it gives employees more flexibility (as well as perhaps commute time back) and enables organizations to continue to perform despite the lockdowns and quarantines. At the same time though, the increase in digital work and interactions, increases vulnerabilities and potential for cybercrime.
These increased vulnerabilities are likely to linger as organizations are moving cautiously back to previous ways of working and slowly returning to offices. In fact, remote working will likely increase substantially from pervious norms, especially as corporations now consider whether they really need all that expensive downtown office space. Maybe they can reduce their space by 20%, 30% or even 50% as employees come into the office far less frequently, and when there, use office hoteling schemes.
Customer buying patterns have likely changed for good as well. The demise of thousands or even tens of thousands of retail stores during the crisis will be difficult to recover – if ever. And new habits of buying things online or buying less are likely to stick. So, your digital interfaces are more important than ever. And they are more lucrative than ever for hackers.
So what to do?
I checked in with some of the top Infosec leaders, including Tom Bartolomeo, Peter Makohon and a few others and compiled key actions to take. These actions, along with your existing defenses, should help keep your enterprise safe during these changing times.
First and foremost is education — for customers and employees. When introducing or reinforcing how to use the remote office tools, remind your staff of how to avoid common security issues. For your customer, send out regular reminders of how to keep themselves safe — especially shopping online or doing financial transactions online. Ensure that mid-transaction (e.g. on a payments screen), they are informed of the potential for fraud, and the characteristics of typical fraudulent scenarios for that transaction so that they consider if they too have been tricked before completing the transaction. On corporate email, make sure your system automatically and clearly delineates email that does not source from inside the company — this can prevent much typical invoice or CEO fraud scenarios. Remind them to be extra careful going to new sites as there are instances of ‘watering hole’ setups for common sites such as the CDC site. New fraud schemes abound online, and not just for fake masks to be purchased. These reminders and educational tips, when done creatively and clearly, can ensure your staff and customers do not easily fall for common fraud schemes.
Second, given the likely dramatic changes in traffic and end devices, actively review and monitor these to ensure you do not have endpoints that have been compromised or have low protections. Wherever possible, improve the security measures on the endpoints particularly ensuring employee home or remote work devices have antivirus, ensuring secure email, conferencing, and communications methods, and leveraging VPN and encryption as much as possible.
Third, double check the security of your internet-facing systems, including customer conferencing systems and applications that suddenly have an increase in traffic because they are not the preferred way to do business. Direct your red teams or an outside firm to re-test your defenses and identify vulnerabilities. Look for anomalies in login sources. Review the dark web for fraud schemes targeting your company or industry. Generally, be on high alert for potential new ways of defrauding your company or breaching its defenses for data.
Given you are likely doing a much higher proportion of business digitally, your exposure and potential revenue loss due to a DDOS or similar attacks are much higher. Review and test your current capabilities to detect and thwart such attacks. Ensure your VPN provider also has DDOS protection. Strengthen as necessary. There has been an upsurge of attacks on VPN services like Pulse, thus your team must keep these services up-to-date with patches and minimizing configuration drift.
Review the infrastructure and application changes that were made to enable the organization to operate during COVID as many were made in haste. It is possible that some changes could have inadvertently opened a door or window that would allow hackers to take advantage. Inventory your new or updated attack surfaces and ensure you have adequate protections. If you have substantial gaps, consider leveraging advanced site hardening technology like Codesealer to add a layer of protection while you correct or update your underlying components.
Finally, talk to your key suppliers, ensure they are stepping up to the plate and also have the means to do so. Many past breaches have occurred via a supplier’s network, thus their security stance is important to the true security in your ecosystem. Ransomware attacks against smaller firms are also on the rise, but proactive measures that you help them implement can make the difference and keep them safe.
Unfortunately, with the economic distress that has accompanied the coronavirus shutdowns, cybercrime is a lucrative option for many. With your staff and customers on the internet more than ever, it is important to assist them to stay safe, and assure the security of your corporate and customer assets.
What have you experienced in the COVID 19 era? What would you recommend for better security and safety?
Look forward to your recommendations or questions!
Best, Jim Ditmore