As many companies around the country begin work-from-home policies, we’re seeing an increase in the number of cybersecurity attacks aimed at end users and end user systems. We know that many IT operations teams – both in-house enterprise teams and Service Providers – are scrambling to implement the technical capabilities and processes to enable a remote workforce. Stratozen recommends focusing on the following six areas to reduce your threat vectors.
User Awareness: It is critical that end users are properly educated on increased cybersecurity threats and continuously reminded of proper cyber hygiene practices. Now is not the time to engage in long, detailed user cybersecurity training. With a rapidly deploying mobile workforce, the need for small, consumable, and frequent messages about good cyber hygiene practices is the most effective method of education. E-mails, blog posts, and text messages can all be used to communicate the need to stay safe, not click on links, don’t open attachments, etc.
Endpoint Protection: Mobile workers means mobile and non-corporate technology. These additional devices and points of network entry greatly increase your threat landscape by increasing exposure outside of a corporate office. Companies must have sufficient endpoint protection in the form of encryption and malware protection. At a minimum, it is recommended that companies enable the default Windows Security tools including Protected Folder Access for Microsoft based systems. The use of an enterprise level Endpoint Detection and Response product is best yet takes time to properly deploy and configure.
Virtual Private Networking (VPN): Many malicious risks can be mitigated through the use of a VPN. A VPN funnels network traffic back to the corporate environment for servicing by internal firewalls and network monitors. Companies often however utilize a split tunnel for VPN where the VPN portion is only used for connections to corporate protected servers and applications behind a corporate firewall. All other traffic is sent out the user’s local Internet connection without oversight from the protections in place at the corporate level. Consider using a full tunnel VPN to further restrict your company footprint.
MultiFactor Authentication (MFA): VPNs are a great start to enhancing cybersecurity. MFA compliments that security practice by requiring users to know more than just a username and password. Most often, a second factor used is a key fob or authenticator. MFA greatly reduces the risk of hacking success as the attacker rarely has the second factor. MFA is not a panacea and should not be used as the sole security method. With all cybersecurity, it is just a single tool that also is subject to breaks and vulnerabilities.
Patching Systems: We are seeing the failure of organizations to maintain a good patch management strategy as one of the leading causes of ransomware. Deploying a mobile workforce further bolsters the importance of patching all systems. Identity Access Management solutions should be configured to not allow connectivity from systems that have not been patched. If it is not patched, it should be considered hacked.
Increase Monitoring and Threat Hunting: Finally, as we mentioned earlier, companies’ electronic real estate grows with every mobile worker. Now there are more points of entry and egress to the environment generating exponentially more events and incidents. Malicious actors take advantage of this and the sheer volume of messages received by a service or operations center. Now is the time to look deeper through the dispersed work environment for hidden threats. A perceived threat when working in the corporate environment could be written off as just a misconfiguration. Now, with a dispersed workforce, that misconfiguration could be a significant threat.
For service providers and enterprises, StratoZen provides modern SIEM, SOC-as-a-Service, and Proactive Defense solutions that bridge the gap between traditional in-house cybersecurity and legacy outsourced MSSP options. We deliver unique value to our clients by focusing on high accuracy, unmatched flexibility, and custom integration with existing IT operations. Organizations that outsource IT management can access our solutions through our extensive network of service provider partners, while enterprises with in-house teams can leverage StratoZen to dramatically reduce the cost and complexity of their SIEM and security operations.
Chris Gebhardt, Vice President of Cybersecurity Operations, StratoZen
Chris Gebhardt is a former Police Lieutenant for the Washington DC Metropolitan Police Department and SWAT Team Leader in Utah. He is currently Vice President of Cybersecurity Operations for Stratozen, a SOC-as-a-Service provider in Draper. Chris was exposed to technology early in life growing up in New York. His career focused on the use of technology and security for government and corporate entities including the FBI, DOJ, BJS, eBay, Jet.com, and numerous private equity firms. Chris is a dynamic speaker often challenging the widely held beliefs of the cybersecurity community. He is experienced with SOC 2, SOX, HIPAA, GDPR, ISO, and other compliance frameworks.