Cyber attacks have increased exponentially since the start of the pandemic, with AT&T Alien Labs Open Threat Exchange (OTX) finding 419,643 indicators of compromise (IOC) related to COVID-19 from January to March, with a 2,000% month-over-month increase from February to March.
Rush to bolster cybersecurity
Companies of all sizes and in all sectors have been forced to adapt to a remote work environment overnight, regardless of whether they were ready or not. As this fast-moving shift to virtual business occurred, cybercriminals also adjusted their strategy to take advantage of the expanded attack surface, with the volume of attacks up by nearly 40% in the last month and COVID-19-themed phishing attacks jumping by 500%. The current situation is an IT manager’s worst nightmare.
This new remote work environment ushers in an entirely new security landscape and in record-time. Long-term solutions can be found in zero trust models and cloud security adoption, but time is of the essence. Organizations should act now.
The following are a few short-term, easy-to-implement actions that IT managers can take now to bolster cybersecurity amid the current pandemic.
1. Apply “social distancing” to home networks
Traditionally, home Wi-Fi networks are used for less sensitive tasks, often unrelated to work: children play games on their tablet, voice assistants are activated to display the weather, and movies are streamed on smart TVs. Fast forward to today, and employees are now connecting to the office through this same network, leaving gaps for children or non-working adults who may also be accessing the internet via the same network. Lines are blurred, and so is security.
Just as social distancing is encouraged to limit the potential spread of COVID-19, the same should apply digitally to our home networks. IT managers can encourage employees to partition their home internet access. This means trying to block children and non-working adults from using the same network connection that is used to log into the office. This step alone helps prevent a tidal wave of unknown vulnerabilities.
One doesn’t need to have extensive IT skills in order to isolate a home network, which saves IT managers valuable time and resources. On the market today, there are several home and small office routers, costing around $100, that offer VLAN support, and most Wi-Fi kits offer the ability to set up a “guest” network. As an IT manager, it’s important to provide step-by-step instructions on how to set this up on common routers, while communicating the importance of taking this small step to greatly boost security.
2. Encourage the use of lightweight mobile devices
BYOD brings immense security risk. What types of malware exist on your employees’ home devices? Have they completed recent software updates? It’s a gamble not worth taking.
If possible, IT managers should provide employees with company-owned lightweight devices, like smartphones and tablets. For one, in most of the country, you can use mobile broadband capabilities to avoid home networks altogether. Additionally, these devices are designed to be managed remotely. Users are essentially teaming up with the manufacturers’ security teams in keeping the devices secure, as well as the mobile operators in ensuring a secure connection. Attach a quality keyboard to such lightweight devices, and employees will not miss their PCs.
3. Move to the cloud… now!
On-premise software is outdated and often ineffective. If your organization has not moved to the cloud yet, let this be the forcing function for that change. Customer relationship management systems, office productivity apps and even creative design platforms are all available now as SaaS offerings, and outperform their traditional software equivalents. With cloud solutions, organizations are working with the SaaS provider’s security teams to help keep vulnerabilities away.
Once employees have transitioned to lightweight devices operating SaaS applications in the cloud, the attack surface is reduced exponentially.
4. Secure employee remote access
Employees will be connecting devices to several service connections, so many that it makes it difficult to manage on an ongoing, individual basis. Invest in secure remote access tools such as a strong endpoint security solution and a cloud security gateway. This will allow IT managers to set policies and monitor company-wide activity, even while the workforce is widely dispersed.
5. Brush up on password hygiene
I’m willing to bet that employees are logging into the office right now using poor passwords. They’re inputting passwords based on their children’s names, anniversary dates or, the worst, “password123.”
IT managers need to immediately (and regularly!) teach employees how to improve their security posture. One of the easiest ways to do that is to start with password hygiene. Insist that staff create long, complex, and unique passwords for every device and connection they use to access the office. Encourage the use of password managers to keep track of all logins. Staff should also set up two-factor authentication across the board, from the CEO down to the seasonal intern. This behavioral shift costs nothing and makes it significantly harder for cybercriminals to win.
We are all vulnerable to this pandemic. IT managers traditionally shoulder a tremendous amount of responsibility, but now with a remote work environment, that burden has quadrupled. While the to-do list may look exhaustive, try to focus on a few short-term actions that will bring peace of mind and bolstered security… right now.