As the world wrestles with the spread of the COVID-19 coronavirus, many businesses are instituting new work from home (WFH) policies to keep employees safe and do their part to help halt the rate of infection. While remote work has long been a reality for many employees and businesses, remote work on such a large scale is frankly unprecedented and has the potential to open entirely new problems for security teams. It may make already challenging but essential work more difficult, and will require a careful reexamination of long standing policies, systems, and procedures.
Work from home will create new headaches
In theory, work from home should be fairly seamless to implement in 2020. Most workers have laptops, most work is now done in the cloud, and collaboration apps like Zoom, Skype, and Slack make staying connected with other home-bound coworkers easy. However, this overlooks essential challenges security teams will face.
When Was the Last Time You Rebooted?
Let’s face it, most workers — even those in the security space — are not exactly diligent about restarting their machines and installing updates and patches, even when connected to the local network. This is understandable, since employees worry that closing all their files or browser tabs will interrupt their workflows and make it difficult to pick up where they left off. This also represents a material risk to security, however, since unpatched systems or un-updated browsers represent weak points that can be exploited. Most OS’s and apps need to be restarted to run their updates, so if employees keep hitting the “remind me tomorrow” button, it can create a potentially dangerous situation.
Furthermore, many larger companies may utilize customized patches that require an employee to either be on the local network or VPN’ed in to install. If remote employees aren’t regularly connecting to VPN (either because they choose not to or don’t remember their credentials), their machine may go unpatched for weeks, if not more.
This issue is further compounded by the networks employees will be connecting to. Whether on shared home WiFi networks or open networks at coffee shops, the level of exposure to threats the average endpoint will experience over the next few weeks will be much greater than in the past.
To start with, security leaders should make sure that all employees are aware of and know how to use their VPN or Single Sign-On (SSO) services, they are appropriately configured, and they have been tested and confirmed to actually work. Employees should be reminded of what actions are enabled through the use of VPN and SSO, and what they will not be able to do without logging in.
Security teams should also ensure that employees are either restarting and installing updates before widespread WFH policies are implemented, or that all employees are regularly restarting their machines at home. If your company issues patches or updates that require a VPN connection, work with business unit leaders to ensure employees are regularly connecting to the network and not relying solely on web- or phone-based apps.
Are Employees Enabled For Remote Work? Really? Are You Sure?
Laptops? Check. Slack? Check. Skype/Zoom/Blue Jeans/Ring Central? Check. VPN, SSO? Check. Sounds like your employees are all set to work from home.
Or are they...
There are typically two parallel issues at work in most businesses that have the potential to converge and cause major issues in the coming weeks. First, most employees take for granted the tools they regularly use to do their jobs, and don’t always understand how or why they work. Second, to be brutally honest, many IT teams don’t configure security settings, permissions, and policies with an understanding of the needs and priorities of the individual employees and the tasks they’re trying to accomplish.
If employees are suddenly working remotely and unable to share a file externally, or their VPN connection is too slow to upload a large file to a shared drive (or if they don’t know how to use the VPN), they may turn to using shadow IT solutions like Dropbox or Google Drive to do their work. If they need an app installed on their machine but are unable to engage IT to do so, they may turn to an alternative solution or use a non-company provided machine. It’s important to remember that while organizations stress that security is everyone’s responsibility, an employee’s first goal is usually to get the job done and worry about the security risk later.
To combat this security issue, IT teams should ensure that the IT infrastructure has been configured to truly allow for remote work. Employees should have the appropriate sharing permissions turned on, and thought should be given to how bandwidth-intensive work can be done over slow VPN connections. The solution for every organization will be different, but it’s important security leaders confer with business heads to determine how best to accommodate the needs of employees while they’re remote. IT leaders also need to ensure they are regularly auditing their digital assets to identify emerging issues with cloud providers or unauthorized use of shadow IT services.
To Catch a Phish
Employees and managers should also be made aware of new phishing and malware schemes that the pandemic has created. As we wrote about in a previous blog post, bad actors are posing as the CDC, state health departments, or other government entities and sending out files or links they claim will have vital information about the coronavirus.
Employees should be made aware of these schemes, and directed to never open any email, link, or attachment that seems suspicious. Remind employees that if they want the latest news and updates, they should check official government websites for information.
Another potential emerging threat, although none have yet been reported, is the use of deep fakes by scammers. As employees are no longer at the office and are communicating by phone and email, it’s an opportune environment for social engineering schemes to create deep fake phone calls or phishing emails from executives. Ensure your employees know what form official communications and requests will take, and reinforce that if something seems suspicious that it is perfectly appropriate to follow up with the request and validate its authenticity.
Where Do We Go From Here?
Nobody knows how long the current health crisis will last or how severe it may become. It’s still early days, but now is the time for security leaders to be diligent and thoughtful about their continuity plans to enable the business and maintain security going forward.
Leaders must find a way to balance the unique challenges the next few months will pose, while also doing their utmost to protect the security posture of the company and reduce risk wherever possible. Increasing the use of automation tools like security ratings can help security teams monitor for malware infections, compromised systems, and scan for shadow IT, as well as understand and communicate what impact large-scale remote work has had on their security performance.