Apply pressure to any system – and its weakness become apparent. COVID-19 has exerted the necessary pressure to test cybersecurity postures, exposing gaps – some of them yawning, some more subtle – as entire workforces have been ordered to work from home.
As the novel coronavirus escaped the confines of China earlier this year and it became increasingly clear large numbers of workers would have to hunker down at home, all eyes turned to an obvious potential weak spot – VPNs, which would surely sputter under the stress. But as the virus spread it has exposed additional security problems, ranging from the inability to do forensic tests and general upkeep on systems to granter higher level user privileges to staff to access systems remotely.
Organizations which previously did not have a distributed workforce quickly learned their tools on hand were not designed or intended to work safely offsite, via a VPN or over the internet, said Lisa Davies, head of corporate security at Redox, preventing security and IT teams from conducting even routine, but important, tasks.
“Since many of the security controls and tools used by non-distributed companies depend on being on the local network, they cannot do [many] things remotely,” Davies said. “These companies have found it more difficult to update, monitor logs etc unless the device is on the local network, so when employees take them home, they are in the dark.”
Company equipment left behind as workers fled has languished unmonitored, their vulnerability magnified as employees, outside the sight lines of security teams, connect their own, unsecure devices to company assets.
Organizations must “monitor inactive company devices, as possible indicators a device has an issue, or a remote worker may be tempted to use personal technology,” said Davies. “This goes hand-in-hand with technical controls preventing non-company devices from accessing sensitive information.”
The new working order has cast a harsh light on the limitations and safeguards of connectivity, required for business to function. Existing protocols simply are not sufficient, said Luke Willadsen, security consultant, cybersecurity services and solutions firm EmberSec.
It appears support for multifactor authentication has been a lot of talk and not quite as much action. Many companies apparently haven’t required it to connect to the network then disable the work computer’s ability to take a screenshot of the window containing the remote/virtual desktop on the host computer, Willadsen said. That needs to change quickly.
“Don’t let any data pass between the machine originating the connection and the remote/virtual desktop,” Willadsen said. Security teams can bridge this gap by disabling “the clipboard and shared drive access between the origination host and the virtual/remote system,” he said, noting “we don’t want a single byte of information to be exchanged between the two hosts (aside from the network connection that facilitates the session).”
That will prevent “the introduction of malware into your network and it prevents employees from exfiltrating confidential or proprietary files,” he said.
Pre-coronavirus, supervisors didn’t have to concern themselves with employee distractions – children running around, barking dogs, fears of a deadly virus’s spread or many other things occurring in a normal household. But now, employ focus is paramount.
Workers be reminded to stay focused and that security policies put in place to protect corporate information are still in place, especially in a world filled with phishing emails designed to prey on those now operating in a busy and confusing world.
“They should also build mechanisms to reinforce such policies in the moment they most need to followed – for example within the context of an email asking for financial action or confidential information – so that users can make informed decisions before interacting with suspicious emails,” said Matt Petrosky, vice president of customer experience, GreatHorn. By providing employees with reminders about policies when it matters, companies can significantly reduce risk for their remote workforce.”