In-depth

Managing employee security risks during lockdown

COVID-19 doesn’t have to compromise your organisation’s security

Security is something that every business should be thinking about; it’s an absolutely essential part of any IT strategy, and can lead to serious problems if not properly maintained and monitored. However, it can be tempting to think of security threats as purely external forces, driven by malicious hackers launching attacks from outside your network.

The truth is that in many cases, your own employees – consciously or not – could be posing as much of a security threat as any cyber criminal. There are a variety of ways in which employees can inadvertently compromise elements of your defences, and many of them have unfortunately been exacerbated by the ongoing COVID-19 pandemic.

In particular, global – and now local – lockdowns and the resulting surge in remote working have introduced or heightened risk areas that were previously only minor concerns for businesses.

In through the out door

The use of cloud-based collaboration and communication services like Microsoft Teams, Slack et al has exploded since the start of the year as businesses scrambled to keep their remote staff connected through virtual platforms. But although these services can bring huge benefits to businesses, there are also risks attached to their use.

One of the biggest advantages to these services is that they provide a centralised, easily accessible record of all of your organisation’s communications and information and, while this improves efficiency, it’s also a double-edged sword – any attacker that gains access to this system potentially has access to an alarming amount of sensitive information, as well as a whole host of options for further network traversal and privilege escalation tactics.

Access credentials for shared services are often posted by staff in open channels, as are links to potentially sensitive files and folders, not to mention confidential information about internal operations or upcoming deals. This can all be used by an attacker to access more valuable areas of the network, whether their goal is to deploy ransomware, exfiltrate confidential documents, or spy on your staff. These systems are generally complemented by cloud storage platforms, which provide a further treasure trove of data for intruders to exploit.

There are a number of ways to combat this; the most obvious one is to enforce policies against sharing credentials or sensitive documents on public channels, but this is hard to police. As any security team knows, convenience usually wins out over proper procedure. Therefore, it’s wise to supplement this with strong password controls and multi-factor authentication for all user accounts, ensuring attackers can’t simply brute-force their way in. A nice side benefit of this is that it also helps mitigate the risk of password reuse, which can be endemic in larger organisations that don’t keep a close eye on their password hygiene.

Cloud storage platforms also incorporate a number of access control mechanisms, such as role-based permissions; these allow you to define which specific people can access certain files and folders, and what level of control they’re allowed to have over them. Some platforms will go even further than that, with features like the ability to grant time-limited access to files.

“Risk assessments would reveal the level of access to a firm’s digital and physical assets each person has,” notes Red Sift’s head of cyber governance Rois Ni Thuama. “No one person should have the keys to the kingdom and making sure that access is restricted on a need-to-have basis goes a long way to mitigating the potential fallout. This works just as well irrespective of whether the threat arose from a deliberate act or a mistake . You do not want to give the bad actor free reign to move laterally across an entire organization.”

Left to their own devices

Implementing strong access controls, password hygiene and multi-factor authentication are all good practice in any circumstance, but they’re especially important when all of your staff are relying on cloud-based apps and logging in from locations and devices which may not be as secure and well-protected as when they’re in the office. For a variety of reasons, many workers are now using personal devices to access corporate platforms, and these devices in themselves could be posing a serious risk.

If an employee is using a personal device for work and hasn’t alerted IT teams to this fact, they likely won’t have any monitoring or protection running on the device. This means it can’t be tracked for threat analysis purposes, and it may also be introducing security holes via unpatched software or even malware that the user has unwittingly picked up. Furthermore, if they’re working from a cafe or coffee shop, they might be using unsecured Wi-Fi, which puts them, and any information they’re working with, at risk from snoopers.

“Of course, the most important way to mitigate risk is user education and awareness,” says Ian Thornton-Trump, CISO of threat intelligence firm Cyjax, “but a strong contender for second is extend your perimeter defences and licenses for your organisation’s fancy antivirus or EDR solution to those users at home – especially if they’re not working on corporate assets.”

Traditional perimeter defence is going to be less helpful in this scenario and, if you’re dealing with a significant number of employees that use personal devices for remote work, you should consider deploying endpoint security tools to give your IT team a centralised way to monitor, patch and protect your employees’ devices in a relatively unobtrusive fashion. Knowing exactly what devices are on your network – and what condition they’re in – is a vital part of protecting it, and shouldn’t be neglected just because staff are working from home.

“Anyone who’s thinking there’s a security perimeter is tragically out of date with our current times,” says Thornton-Trump. “Most businesses have no defined perimeter anymore as highly sensitive data is found all over the place – in S3 buckets, in hosted email solutions and in the hands of ERP, CRM and financial system SaaS vendors.”

Workers aren’t the only ones who are having to adapt to new ways of working, however; cyber criminals are also switching up their tactics to capitalise on the new situation. Many hackers are attempting to exploit the trends we’ve already discussed through tactics like password compromise, spear phishing, and others, and IT teams should be on the lookout for changes in attack patterns as adversaries adapt. Phishing attacks, in particular, will remain an easy attack method throughout the course of this lockdown, and staff should be trained (or retrained) on warning signs which may indicate a bogus email.

Related Resource

Improving cyber security for remote working

13 recommendations for security from any location

Download now

COVID-19 has necessitated a huge change in the way we work, and now that the genie of remote working is out of the bottle, it’s extremely unlikely that businesses will go back entirely to how they operated before. This change doesn’t have to make your business less secure, however. Many of the potential risks that can be introduced when organisations move to a remote model can be mitigated through careful use of security best practices, including inventory management, password monitoring and multi-factor authentication.

The process of moving into the ‘new normal’ – whatever that looks like – will involve an adjustment period for all of us. However, if IT teams remain alert to the changes and continue to implement industry-standard recommendations, we can emerge into the new world with our security intact.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Sopra Steria cyber attack costs to hit €50 million
Security

Sopra Steria cyber attack costs to hit €50 million

26 Nov 2020
Sophos warns customers of potential data leak
Security

Sophos warns customers of potential data leak

26 Nov 2020
Weekly threat roundup: VMware, GitHub, Facebook, and MobileIron
Security

Weekly threat roundup: VMware, GitHub, Facebook, and MobileIron

26 Nov 2020
Egregor ransomware could take up where Maze left off
Security

Egregor ransomware could take up where Maze left off

26 Nov 2020

Most Popular

80% of cyber professionals say the Computer Misuse Act is working against them
Security

80% of cyber professionals say the Computer Misuse Act is working against them

20 Nov 2020
Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
Weekly threat roundup: Cisco, BlueKeep, Apache Unomi
Security

Weekly threat roundup: Cisco, BlueKeep, Apache Unomi

19 Nov 2020