A remote workforce is the normal for many small and medium sized business (SMB) but for others it’s a completely new way of working.
IT teams, or those working with an IT services provider, have, quite rightly, been focused on ‘opening up’ their business to ensure their staff can effectively do their jobs from home.
So, what can SMBs do to turn the remote working ‘new normal’ into opportunities to improve security practices?
1. Time to Strengthen your Defences
Many companies have implemented technical changes to their IT infrastructure or applications to enable remote working. Maybe you hastily deployed a VPN? Or relaxed firewall or endpoint restrictions? Have you accepted the associated security risks by doing this?
Here are some useful tips on what you can do to strengthen your defences:
|Ask yourself:||How to mitigate risk:|
|Are you using tools such as TeamViewer or Citrix?||Check your default settings they may not be securing access sufficiently from unwanted threat actors.|
|Have you allowed new access routes via your firewall?||If yes, carry out firewall rule reviews to ensure changes haven’t opened new vulnerabilities. If not, you can still check setting/configs to ensure they are in-line with best practice.|
|Have you had to push existing resources such as file shares or applications that are typically only accessed by internal staff to a new cloud environment?||Have these applications been tested and figured access securely? Application penetration tests and build reviews can answer these questions.|
|How are your IT teams or MSP keeping systems patched?||Make sure to run vulnerability assessments or penetration tests against these assets to ensure you are not providing an easy-in.|
|Have you deployed a new VPN service in order to allow an normally internal workforce work from home? Are your employees now working outside the secure environment you have built.||Implement remote penetration tests focused on VPN security and external facing assets such as internet facing IP addresses and/or web applications/services.|
In all cases, make sure these changes have been logged, assess the potential security risks and then test their defences.
2. Put Monitoring on Your Radar
Your business has logged changes to the IT environment and you’ve mitigated potential risks via testing. But how do you identify suspicious activity on your network? How are you alerted to a sign of a potential breach (accidental or otherwise)?
Now that you’re all working remotely, it could be more important than ever to have a team of security experts monitoring your networks 24/7 and responding to a breach.
A continuous protective monitoring service via a Security Operations Centre (SOC) will watch your network and look for indicators of a breach, 24 hours a day.
A decent monitoring service will be able to tailor what they are looking out for and alerting on, based on your specific business and how you operate. For example, some scenarios to monitor:
- Are all your staff based in the UK? If so, monitor authentications to your VPN and get alerted when a connection is made from an IP address from outside the UK.
- Do you permit access for third parties? If they normally access during office hours, then you may wish to get alerts when authentications outside these times occur.
- How many concurrent users would you expect on your systems? What services might they be accessing? These are all things you can ask your monitoring provider to consider, and then bake in thresholds or scenarios which will trigger the investigation and raising of alerts.
3. Empower Your Staff to be Your Greatest Security Asset
It’s been widely publicised that cyber criminals are looking to profiteer of the back of the pandemic and phishing and ransomware attacks are set to rise globally. Google is blocking 18m coronavirus scam emails every day.
Remote working also opens up new possibilities for staff to inadvertently make errors and enable attackers to gain access to your corporate network. Home WiFi systems can be compromised due to weak passwords and staff are more likely to be visiting work-related websites from personal devices that are not securely configured.
It’s more important than ever for all workers to become your greatest security asset to help spot phishing attempts that are becoming increasingly sophisticated.
Remotely delivered security awareness training sessions can provide staff with knowledge and skills to identify malicious emails, improve password security practices and even thwart attempts from cyber criminals to physically enter a building to exploit an organisation. If your staff are armed with the knowledge of what to look out for, your company will be better protected.
4. Stay Compliant
We’ve heard stories about companies bulk buying laptops – as many as 2000, to enable their workforce to work remotely – this is what was needed to keep their business running. Now some consideration should be given to how this has affected any processes or certifications.
Companies that hold ISO certifications, Cyber Essentials, Cyber Essentials Plus or other industry specific certification or regulation would be advised to check they are operating within their approved processes, or whether the situation has resulted in specific guidance for example, those in the defence industry. The impact of a move to remote working could mean that you are not adhering to processes, which could then cause problems down the line (worst case, major non-conformities and a loss of certification).
Different regimes require a different approach. Cyber Essentials is only ever a point in time assessment. Whereas ISO certifications require that you demonstrate adherence to your ISO processes – this is an ongoing requirement that will require you to produce evidence come surveillance visits.
Finally, let’s look at a potential silver lining to the hard work you’ve had to go through in deploying your remote workforce…. If you didn’t have a business continuity / disaster recovery plan before, you’ve probably just created it. Get it documented. If you did have one, you’ve now got all the evidence that an auditor could shake a stick at!
Opening up your IT systems for your staff to work remotely can leave your business vulnerable to attacks – this is not news for anyone working in IT. But, if you have recently implemented changes or new technology on your environment for staff to work remotely, then auditing and logging the changes, monitoring the network, training or refreshing staff cyber awareness and checking your certifications will help to protect your business and minimise risk.
Authors: Lee Cates, Cyber Security Business Development Manager & Tom Evans, Strategic Account Manager
- Rapid-response remote working services to help to uncover critical vulnerabilities and enable you to prioritise risk.
- Why you need dark web scanning as part of your monitoring service
- Why, when and how often should you penetration test?