The Coronavirus—or COVID-19—pandemic has had a dramatic impact on nations and businesses around the world. Globally and across the United States, people are being directed to self-quarantine and maintain social distance to limit the spread of the infection so demand doesn’t overwhelm hospital capacities and doctors can provide the necessary care for those who need it, and that has led many businesses across all industries to implement mandatory work-from-home protocols. Thankfully, we live in a world with fairly ubiquitous internet access and we have the technology to work remotely in many cases with minimal disruption. However, the sudden spike in remote workers resulting from the Coronavirus response poses some unique cybersecurity risks for companies as well.
Expanded Attack Surface
Many organizations were already struggling to deal with the complexity of a hybrid or multi-cloud environment and maintaining visibility and effective cybersecurity for an increasingly mobile workforce. With companies suddenly asking all employees to work from home, there has been a remarkable surge in the number of users connecting to company networks and accessing sensitive data from home computers over the public internet.
As the number of people logging in remotely or connecting to cloud-based SaaS (software-as-a-service) applications rises, the attack surface expands. Organizations suddenly have an exponential increase in the number of endpoints and the overall complexity of the broader network environment.
Cyber adversaries are not slowing down due to the COVID-19 pandemic. On the contrary, they are looking to capitalize on the chaos. An expanded attack surface combined with an influx of workers who are new to working remotely increases the opportunities and odds of success for cyber attacks.
Closing the Cybersecurity Gap
Consider the fact that you suddenly have a number of employees working from home who may have never done that before. Sure, you may have provided security awareness training at work, but this is a unique situation and it would be wise to remind people about security best practices.
Here are a few basic security precautions your users should take as they work from home:
- Remind users to be suspicious of emails from unknown sources and to not open file attachments or click on links. Stress the fact that cybercriminals will seek to capitalize on the current chaos and make sure people know to exercise extreme caution with any email that asks for credentials or other sensitive information.
- Make sure that computers—whether company-issued laptops or personal home PCs—are patched and updated against the latest threats.
- Verify that the devices used to connect to network resources or access company data have endpoint protection.
- Emphasize to employees the importance of ensuring their home Wi-Fi router is not using the default password, and that they should use a unique password for connecting to the Wi-Fi network.
- Ensure that workers connect to the company network and sensitive data through secure means, such as a VPN (virtual private network) connection and remind them to store data on company-sanctioned cloud storage platforms.
The Human Element Is Key
Threat management and constant vigilance will be key for managing cybersecurity while mandatory work-from-home policies are in effect during the effort to contain the Coronavirus threat. Awareness of emerging threats and comprehensive visibility across the newly expanded environment are crucial.
Cyber criminals can take advantage of the situation by crafting phishing messages that look like breaking news about COVID-19, or warnings or updates from the company. The combination of the unique aspects of suddenly working from home and the fog of information in general will make users more susceptible to such tactics.
Machine learning and user behavior anomaly detection are essential for this scenario. The ability to quickly analyze an overwhelming volume of signals and data and identify traffic or actions that seem suspicious or unusual will enable IT teams to avoid alert fatigue and ensure that issues that require attention don’t slip through the cracks.
Cybersecurity tools and machine learning algorithms alone are not enough, though. The human element is imperative as well. You need cybersecurity experts with the skills and experience to recognize threats and malicious activity—to provide context and prioritize the issues that are most urgent. You also need to monitor around the clock because bad guys don’t keep normal business hours.
The global response to the COVID-19 pandemic is uncharted territory in many ways. As companies take action to protect employees and contribute to the broader effort to limit the spread of the virus, it’s important to consider how a remote workforce expands the attack surface, and to ensure you have the right platforms, tools, and expertise to recognize and respond to threats that arise.
Staying Secure While Working from Home
Start by reviewing cybersecurity policies and best practices with employees. Make sure that the devices—whether company issued laptops or personal home PCs—used to connect to the corporate network have endpoint protection in place. Leverage machine learning and user behavior anomaly detection to actively look for suspicious or unusual activity and separate the signal from the noise. Finally, augment technology with human intelligence to accurately prioritize and effectively respond to threats.
The current situation is extraordinary and it has caught many companies and workers off guard. As we all come together as a global community to limit the spread of Coronavirus and flatten the curve of the rate of infection, organizations have to adapt quickly to a new model with a mostly—or completely—remote workforce. With a little focus on the basics, you can ensure that your workers remain productive without sacrificing security.