Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Updated (12.03.2020)
The coronavirus outbreak has blown out of proportion, compelling the World Health Organization to update the status quo to “pandemic”. According to the latest information, over 120,000 cases of COVID-19 have been confirmed, with the death toll rising at 4,638, accounting for 6% of cases. The recovery rate holds steadily at 94% – over 60,000 discharged/recovered cases.
In the interim, even more companies are enforcing the remote work rule, in an attempt to curb the contagion –Microsoft and Google have recently joined the work from home initiative, advising its Seattle- and Washington-based staff to steer clear of the offices until the contagion is contained and/or eradicated.
The biggest and most elaborate “work from home” experiment may be a recipe for disaster, as pointed out by global economics analysts. In a remote work assessment study published in 2018, the US’s Bureau of Labor Statistics revealed that millions of American employees cannot work from home, given the nature of their jobs.
The ever-increasing spread rate, coupled with mandatory self-isolation is poised not only to induce despondency but could also lead to the meltdown of IT infrastructures, which, in many cases, were not designed to accommodate such workload.
Since the mass remote work ‘exodus’ has commenced, Internet Service Providers have experienced unusually high activity traffic, which was to be expected since connecting and operating extra-network resources is bound to create additional bottlenecks.
In anticipation of what could prove to be the beginning of the end for connectivity, ISPs have deployed anti-bottlenecking countermeasures: en masse networking + software reconfiguration as to cope with the ‘data flood’, expanding the transmission medium (additional Wi-Fi antennas and/or swapping the fiber link pathways), and upgrading the existing routing equipment (switches, hubs, routers, adapters, etc.).
As per my previous observations, this coronavirus-induced self-isolationism will undoubtedly create a so-called cybersecurity ‘grey area’, whereupon a company’s entire security grid can be imperiled.
Since staff relies on the available, ISP-provided, routing in order to access the company’s resources (databases, online tools, other types of resources hosted on the organization’s cloud and/or in-house storage solution), the connection itself may be unsecured or has an even greater chance to be intercepted by a malicious actor. One plausible explanation may be that the encryption strength falters in its step if the endpoint in question is not operating within the confines of the company’s network.
To mitigate these issues, sysadmins should focus more on remote patching rather than coming up with ways to set up secure, VM-based, environments during the work from home bout.
Continuous, automated patching is the key to securing your exploits against zero-day malware, protecting your company’s sensitive assets, whilst reducing the workload of your system administrators. Do not lose track of the fact that up to 80 percent of security holes can be closed by frequent patching.
There’s another patching aspect that needs to be considered: exposure to coronavirus. If your company is still employing a ‘boots on the ground’ approach to patching (sysadmins need to get into physical contact with the machine in order to apply the latest patches or security updates), it would mean exposing more people to the contagion.
Furthermore, it’s what you might call an evergreen cybersecurity solution that will help you achieve true cyber-resilience in an ever-evolving (and shifting) threatscape.
Another cybersecurity aspect you should tackle is the way your company’s servers are handling information. Since all of the requests will be handled by an external resolver, the need for DNS filtering becomes even direr. Modern, threat-hunting solutions, place more emphasis on ‘patrolling’ the entire infrastructure, rather than policing individual networks.
Both aspects can be solved by Heimdal™ Threat Prevention, the perfect complement to any threat-hunting solution.
Since mentioning something about the ‘policing’ network, I believe it’s only fair to talk about rights.Heimdal™ Threat Prevention addresses two major aspects: malicious connections and software/OS related vulnerabilities; Heimdal™ Privileged Access Management closes the loop by allowing your sysadmins to remotely escalate or de-escalate user rights.
All requests can be reviewed, approved, or rejected from a unified dashboard that can be consulted from any Windows or Mac-compatible device. Automated patching, DNS filtering, and remote user rights management – these are the three pillars of accommodating all your work from home requests during the coronavirus outbreak.
In alignment with all the tech giants who are offering WFH relief to all companies, Heimdal™ Security now offers a 3-month, extended trial for both Heimdal™ Threat Prevention and Heimdal™ Privileged Access Management. Get in touch now for a complimentary license.
This article is ongoing. We will provide you with more information, as they become available.
Previously on the coronavirus outbreak and WFH policy enforcement…
As health authorities worldwide struggle to contain the coronavirus outbreak, numerous company owners have decided to implement voluntary work-from-home regimes, effective immediately. Coined the “largest remote work experiment” by Fortune, for all intent and purpose, the aim is to reduce the risk of infection among employees and, at the same time, ensure business continuity.
Tech giants such as Google and Twitter have already fallen in line – Google’s Dublin headquarters is currently running on a ‘skeleton crew’ after corporate has ordered all 8,000 employees to work from home, as well as avoiding the Grand Canal Dock.
Twitter has taken a similar countermeasure on Tuesday, encouraging most of its global staff to take up remote work from home. A significant increase has been observed in online search queries for job postings that endorse remote work, especially in Hong Kong and Singapore.
Although millions of Chinese citizens have been confined to their homes in the wake of the outbreak, President Xi Jinping continues to put pressure on the companies to resume work in a bid to destabilize China’s declining economy.
In the interim, employees greenlighted to work from home, have been issued several recommendations in regards to the schedule, attending online meetings, and how to remotely access the company’s resources.
Heimdal™ Security has also joined the global initiative of coronavirus prevention. And, as more and more companies have endorsed the remote work regimen for the duration of the outbreak, the need to set up a secure remote work environment is imperative.
As your employees will most likely using their personal home devices (BYODs) in order to access sensitive company resources, steps must be taken to prevent cybersecurity incidents such as data compromise or leakage.
The same countermeasures should be applied even if the employees choose to work remotely on company-issued machines since resources will be accessed from potentially compromised networks.
Below you will find a list of actionable advice that will help you achieve cybersecurity resilience during the coronavirus-triggered ‘sabbatical’.
Some numbers you should be aware of…
95%…of SMBs are likely to allow work-from-home options in the wake of the coronavirus outbreak.
90%…of cybersecurity experts agree that remote workers are a threat to the company’s cybersecurity.
81%…of interviewed CIOs said that companies have registered unsecured Wi-Fi related incidents (as per iPass’ 2018 Mobile Security Report).
40%…increase in Zoom shares (video conferencing software provider) since the beginning of February.
30%…of companies around the globe are prepared to accommodate work-for-home requests.
3%…of the United States’ workforce is working from home (around 3.9 million people).
10…types of corona-related malware have been identified since the WHO announced the Wuhan outbreak.
Remote work security and business continuity advice
We at Heimdal™ Security believe that the foundation of any sound and ‘healthy’ remote home policy should rest on three major pillars: persistent app patching, intuitive admin rights demounting, and unified threat prevention & palliation. Up next, here is a list of actionable advice your company should consider if you plan on allowing your employees to work from home.
Early planning reduces the impact on productivity
To avoid any productivity ‘hiccups’, the employee should prepare his\her workstation. This entails various issues and challenges: is the employee allowed to take the workstations off-premises? If not, is the company able to provide mobile solutions (i.e. laptops, tablets, virtual workspaces)?
The employee should also be ‘encouraged’ to take steps in order to facilitate the transition. For instance, if the company cannot provide mobile workstations, the employee should have access to secure password management software, cloud-hosted workspaces, and, of course, the company-owned backups.
Beyond that, as an employer, you must point out that there’s no distinction between working office hours and remote work. The reason why I chose to bring this to your attention is that most employees see WFH (work from home) as a sort of vacation – a chance to get away from nagging managers and see to other chores that would otherwise be impossible to accomplish. I won’t dwell on this, for this is not the purpose of this article.
Setting up your WFH security policies to prevent cyber threat-related bottlenecking
Instilling a prolonged work from home rule requires you to take additional steps to protect your company’s assets. In regards to the actual workspace, you should keep in mind that your employee may choose to work from a location other than his/her home. This alone can increase the risk of a data breach, since the employee may choose to connect from public and, hence, unsecured Wi-Fi network.
Despite not being able to order your staff to work from a specific location, you can, in fact, mitigate the associated risk by opting for a DNS filtering threat-prevention solution, instead of relying on your company’s firewall AMC (Advanced Management and Control) to filter traffic and continuously modifying inbound & outbound traffic rules and exceptions by hand.
DNS filtering, the latest cyberthreat mitigation technology, is slowly becoming an industry-standard – traffic is analyzed at infrastructure-level, all malicious connections being blocked before the hacker has a chance to download and execute the malicious script (s) on the targeted endpoint.
The solution addresses companies endorsing BYOD and WFH policies; regardless of geographical location, network connection, and device used to retrieve company assets, perimeter DNS filtering is the de facto answer to ensuring the protection of your sensitive data.
Another remote work challenge, especially in long bouts, is making certain that all the apps connecting to your company’s databases are up-to-date or having received the latest patches/bug fixes. One should not forget that the act of patching closes up to 80% of software-related flaws that could otherwise be exploited by malicious actors.
A solution such as Heimdal™ Threat Prevention is able to take most of the heat off your sysadmins in charge of testing and deploying patches, updates, and fixes on individual endpoints.
Heimdal™ Patch & Asset Management module can update all the applications and software currently running on your machine. The list of supported apps is constantly updated. This means that the employee doesn’t have to come in to solicit a vital app or system update.
Heimdal Patch & Asset Management has pre-defined, all-purpose apps and drivers, but your sysadmin can create custom .msi packages and upload them in Heimdal’s Infinity Management module (available on-demand) for immediate deployment and installation. With such a solution, you can achieve true cyber-resilience, moving beyond cumbersome software patching and deployment approaches.
Recursive perimeter DNS and automated patching will streamline the entire software maintenance while removing any ‘hiccups’ that could potentially hamper the employees’ productivity during the voluntary remote work sabbatical.
Heimdal® DNS Security Solution
- Machine learning powered scans for all incoming online traffic;
- Stops data breaches before sensitive info can be exposed to the outside;
- Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
- Protection against data leakage, APTs, ransomware and exploits;
This brings us to the third and final security advice: remote management of admin rights requests. If your employees will continue using their work machines while at home, you need to apply a full-spectrum solution to handle user rights and subsequent requests. Why company owners should push for more proficient admin rights management was covered by Miriam’s article about privilege de-escalation.
A one-stop solution will solve any obstacles along the way (i.e. employees gallivanting to the IT admin to request additional rights to install a new piece of software or update an existing one), not to mention the fact that scaling down everyone’s rights (apart from those of the sysadmin’s, of course) is one of the most efficient ways of combating insider threat.
Furthermore, a full array of admin rights management solutions such as Heimdal™ Privileged Access Management can curb the spread of the infection throughout the entire network by automatically de-escalating the user’s rights. This is done automatically, upon threat detection.
Miscellaneous remote work tips (employers & employees)
There are even more steps you can take to ensure the continuity of your business during the coronavirus outbreak.
a) No micromanagement.
Although it’s tempting, you shouldn’t treat an employee who works from home any different from an office 9to5er. Allow me to rephrase that: just because someone is not in the office, it doesn’t (necessarily) mean that he\she is slacking. WFH routines can be just as productive as their in-office counterparts. You may be surprised to discover that some employees have better out-turn when working in a familiar and comfortable environment than when coming in at the office.
b) Find the right tools to keep tabs on employees.
We are not dealing in absolutes here: micromanagement is bad, but so is lack thereof. As an employer, you need to find ways to check on your employees from time to time without being disruptive or turning into a harsh taskmaster. This includes supplying them with a portable workstation, setting up CRM or project management apps, file-sharing, and transfer tools, and, most importantly, access to online meeting spaces (Zoom, Join.me, Google Hangouts, etc.).
c) Set boundaries.
If this is your first time working from home, it may feel a bit weird – for most, the end of a working day means getting up from the desk, leaving the building, commuting, picking up some groceries, and home turf. Imagine waking up and not having to do all of those things. The natural reaction would be to crunch in some more hours; even more fascinating is the fact that we do this without being aware of doing it.
That’s why it’s important to set some boundaries: begin work at your regular hour, grab some lunch at around the same time you do at work, and put away your laptop or device when it’s time to go. Don’t forget about answering emails, skyping your manager, and communicate any status updates if requested.
Before you go….
Here at Heimdal™ Security, we are committed to safeguarding your cybernetic infrastructure. But one cannot forget about the human side of things. So, before concluding this article, I would like to reiterate WHO’s recommendations concerning the coronavirus outbreak.
- Avoid close contact with people who are sick (or suspected).
- Avoid touching your mouth, nose, and eyes.
- Stay at home if you are sick to prevent spreading the virus.
- Wash your hands regularly with plenty of water and soap.
- Clean and disinfect household objects which have been frequently touched.
- Cover your nose and mouth when you cough or sneeze. If you use a tissue, discard it in the trash.
- Go to the emergency room if you come done with one or more of the following symptoms: fever, cough, shortness of breath.
- Follow the authorities’ guidelines if you’ve just returned from abroad.
This article is ongoing. We will provide you with more information, as they become available.
Is there a connection between our food system, agriculture and the Coronavirus? How does the COVID-19 pandemic relate to climate change? Should we treat animals better to avoid a future pandemic? Could we have avoided the virus outbreak if we had shifted public funds from the military to sustainable development?
your post is very informative and knowledgeable