INSCMagazine: Get Social!

The Covid-19 pandemic created a seismic shift in the way people work around the world. The tradition of commuting to a single place of work is over, abruptly put to an end in March 2020 as the SARS-CoV-2 virus tightened its grip on the world’s population. Millions of employees faced uncertainty over their future employment, and countless millions were instructed to work from home.

For the businesses that were prepared, the transition was relatively painless, but there were large swathes of industries caught short, facing huge challenges getting their workforce working from home. This challenge introduced a host of unique challenges, procuring hardware, leveraging cloud technology to virtualize meetings, and having the infrastructure in place to facilitate remote access to business systems.

This brought further challenges concerning compliance and privacy regulations and introduced many remarkable security challenges, such as, how can a business protect data integrity, protect company assets, and get to grips with the unique challenges of insider threat management.

 

The Lasting Business Impacts of COVID-19

Prior to the Covid-19 pandemic, it is estimated that only 17% of U.S employees were regularly working from home. When the pandemic struck, all non-essential workers were expected to work from home wherever possible, and this included the majority of office workers.

As the western world struggles to live in a post-Covid-19 dynamic, and now that the majority of U.S citizens have been double vaccinated (about 200 million at the time of writing), employers are tiptoeing into the new normal. The largest working from home experiment has largely been considered a great success. Employers had productive, happy employees, and employees began to strike a greater work-life balance.

However, it hasn’t all been plain sailing, as there have been a number of significant challenges faced. The abrupt change introduced by home working has increased the risk of non-compliance, unauthorized data disclosures, fraud, and the increased chance of a data breach because so much data is leaving the enterprise perimeter.

The pandemic forced a lot of businesses to change business practices overnight and fast-tracked cloud migration strategies. This has undoubtedly created big security risks and increased the chance of cloud misconfiguration as businesses rushed to get the workforce online.

 

The Security Risks of Remote Work

The frontline of a business is its first line of defense, and remote working introduced challenges of how to support employees during the pandemic. They required adequate training to be vigilant to data protection and the unique cybersecurity challenges that the pandemic created.

One major risk is unexpected data exfiltration. Users may download sensitive business information, perhaps print out financial records for review at home. Homeworking creates a challenge of understanding how data flows around the business, who has access to it, and what the user can do with the data.

User Access controls are another serious concern for home workers. An enforceable security policy is needed to implement the principle of least privilege, which is essentially “only give your users the access they need to do their jobs”. Privileged accounts need to be auditable, and all accounts should enforce multifactor authentication as standard.

Unfortunately, it is commonplace for employees to share credentials. While this might not necessarily be the sharing of personal user accounts, instead, it’s accounts that an entire team has access to, such as administrator or root accounts, or passwords for shared mailboxes, etc. Sharing accounts is a high-risk strategy – users should have individual accounts and businesses should look at disabling root and administrator accounts.

Mobile devices such as cell phones, tablets, external hard drives, and USB sticks are difficult to manage, business data needs to be controlled when on mobile devices – it must be adequately secured and audited.

Detailed logging is essential to ensure the remote working network is secured, but it’s important to have a context of important information. Logging tends to create huge volumes of noise, so intelligent tools are needed to prioritize the alerts, and automation should be leveraged to act upon regular alerts.

 

Managing Remote Worker Insider Risk

Insiders pose a significant risk to IT security and it’s critical for businesses to manage this threat. The CISA, a U.S Government division focusing on cybersecurity advises that businesses must define, detect and identify, assess and manage insider risk.

Get to know your employees because careless workers can unintentionally disclose business information and make mistakes. Identify critical assets because inside agents may be coerced or bribed into intentionally stealing data from critical systems. Perhaps a disgruntled employee walks out with an external hard drive full of data, so having a proven operational standard to manage this risk is critical.

Consider introducing a zero-trust security model as this philosophy removes the assumption that internal traffic should be trusted. Zero Trust is not a technical solution, instead, it is a security agenda designed to achieve an environment where all computers are securely accessible, the principle of least privileged is enforced, and all network traffic is monitored in real-time.

Introduce end-to-end encryption of the entire infrastructure, not only at a storage layer but on the server platform and networking, including VPN traffic.  Fully encrypting data in transit, in use, and at rest is complicated but essential.

Managing the insider threat requires a multi-faceted approach, one that implements strong protective policies and trains employees on the fine points of security awareness. Failure to address these issues leaves businesses vulnerable to attacks from both internal and external sources.

 

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.