While France has entered the third phase of its deconfinement, the Minister of Economy and Finance Bruno Le Maire has indicated that telework, without necessarily becoming the norm in the long term, remains “desirable”. According to Gartner, it is likely that at least 41% of employees will work remotely, at least part of their time, once the crisis is over.
With this new organization, companies are more exposed to the risk of hacking through their remote collaborators, intentionally or not. The major challenge for IT services today and in the aftermath of the pandemic is to reduce the risks of working remotely and ensure the security of data and corporate resources. Organizations should now pay particular attention to several threat vectors.
The crisis has made employees more vulnerable to scams and phishing as cybercriminals exploit the interest in COVID-19 to spread more spam. In reality, domains related to coronaviruses are 50% more likely to be malicious than others, and they are used in scam campaigns to trick users into clicking on malicious links. We are also seeing a notable increase in the compromise of professional emails linked to the pandemic. Fraudsters, masquerading as business leaders, try to persuade employees to share sensitive data and transfer payments from bills or other funds.
To protect employees from this risk, security professionals are advised to conduct comprehensive security training for them and to regularly update them on the most common types of phishing. In addition, it is essential to check that everyone has understood the basic principles and has been attentive, by conducting phishing simulations and providing additional training to employees who have not passed the test. .
From a security perspective, it’s critical that email administrators use a gateway to intercept spam and phishing before it arrives in an employee’s inbox. Finally, the IT security team must continuously monitor suspicious user behavior throughout the IT environment to be able to detect an account takeover before it reaches sensitive data or a critical system.
Unprotected personal equipment, potential gateway to corporate networks
Phishing can have serious consequences, but its most immediate effect is often a malware infection. As many companies have rushed to implement remote work, not all IT departments have been able to purchase, install and distribute new business notebooks on time. Many organizations have had to allow their employees to use their personal computers to stay productive. This increased the risk of seeing unprotected and infected computers on the corporate network. To limit this risk, IT security teams should adapt access policies and detection controls, ensure that equipment is replaced at the earliest opportunity, or at least collaborate with employees to deploy protection solutions at the level of access points.
The resurgence of ransomware attacks
One of the most feared malware is ransomware; and we are clearly seeing an increase in attacks with this type of software. If they want to be able to spot them, organizations must continuously monitor their IT environment and activate alerts when there are unusual spikes in file repositories. Other proactive measures can also play a considerable role: in addition to the essential continuous training of users on how to resist the temptation to click on links to malicious software, IT departments must ensure that their policy of restricting software does not allow users to launch executable files. Finally, organizations should tighten up their data access policies. These would include revoking excessive and inappropriate access rights, transferring all sensitive data to dedicated secure locations, verifying who is accessing this data and controlling escalation of privileges. By filling these gaps, they will be able to significantly reduce the effects of a ransomware attack and detect it more quickly.
Hackers access the network via Wi-Fi
Laptop and desktop computers are not the only ones that pose increased risks when employees work from home. Home networks are rarely configured for security. Cybercriminals can also access sensitive organizational data by infiltrating the Wi-Fi networks that employees use to access corporate systems. It is therefore important to ensure that employees who telework use a separate VPN and networks for their professional and personal needs, or at least do not use public Wi-Fi. If members of a company are unaware of these basic cybersecurity hygiene rules, they risk giving hackers control of their devices and everything they do – including access to sensitive data . And despite all these precautions, if cybercriminals manage to gain access to the system, regular monitoring of suspicious behavior will make it possible to detect the culprit before his activity leads to a security breach.
Cyber attacks against VPNs
When the IT team reviews VPN access points and controls employee access, it should be kept in mind that attackers are also paying close attention to these royal routes to the intranet. Organizations should therefore pay particular attention to vulnerabilities in VPNs, including updating them regularly, ensuring that network infrastructure devices and devices used to remotely connect to work environments benefit from the latest software patches and security configurations; not to mention the implementation of multi-factor authentication. In addition, mitigation strategies should include checking for configuration changes, connection attempts, scanning threats, and hardware malfunctions to ensure instant attack detection and immediate response.
Coming out of the health crisis, companies will certainly be more willing to allow their employees to telecommute, at least part of their time. So that in addition to managing talent remotely, they will also have to master the security risks associated with this new form of work. IT services should be ready to adapt to this new standard from a security perspective. And they should start now by taking a multi-dimensional approach to risk mitigation with a focus on constant effort, to maintain healthy cybersecurity habits and control what’s going on on the network.
By Pierre-Louis Lussan, Country Manager France and Director South-West Europe at Netwrix