Author: Nicole Brinson
How to Manage Network Security During a Crisis
A sudden, unexpected disaster or crisis can lead to situations for which your IT team isn’t prepared.
Remote work presents particular challenges to your InfoSec team to protect vital company information and prevent potential cybersecurity threats, both now and when all those devices come back to the network.
Let’s take a closer look at the steps you should be taking to mitigate this risk and prepare for the eventual reunification of your workforce with the organization’s network.
Managing the Work from Home Environment
Working from home means employees don’t have the security infrastructure in place that’s been carefully implemented by your IT department. Do they have the appropriate firewall settings? Is their router secure with WPA2 or WPA3? Do they follow the best practices you’ve outlined for password creation and management?
This is particularly important for those who may have access to sensitive company information that they can then access from a home device. In an age of IoT integration in even the most innocuous of appliances, it’s important to fully understand the environment in which your employees will work. Are there voice assistants in earshot of their work station? Are there other IoT devices on the wireless network? Do they ever connect to public WiFi when they leave the house? During a crisis, this can be difficult to manage as most employees are at home and may not be able to fully implement the security protocols needed to ensure a safe connection.
At the same time, there’s also the risk that an employee is using a personal computer at home. Not every employee is likely to have a company-issued laptop at the moment that work from home orders went out. To address this, your IT team can work with employees to implement remote security protocols like BitLocker to encrypt data, a robust password strategy, and regular locking of the device whenever they get up and leave the workstation.
Protecting Sensitive Information
In a controlled work environment, it is possible to minimize access by employees of sensitive documents except when it is absolutely needed. At home, it can be difficult to ensure those documents are only accessed when needed and in a way that they are not exposed to additional risk. Are documents downloaded and viewed on personal devices? Are they accessible by other individuals or a public network?
Permissions should be established to ensure only a select group of staff have access to highly regulated data in a remote work environment.
Now is the perfect time to review and update your phishing prevention tactics as well. We see a huge uptick in the volume of phishing emails and attempts from criminals during the chaos of a crisis, hoping to take advantage of highly stressed people in unfamiliar work environments, many of them also dealing with children home from school.
Such situations are the ideal time to reinforce best practices with employees, run phishing tests specific to the crisis, and pay close attention to known risks and new developments in the news that might trigger an increase in stress levels that could lead to additional phishing risk.
VPN Best Practices for Home Work
Your VPN user base likely consists largely of executives and those who frequently travel. It likely wasn’t designed for thousands of employees across almost every department. This can lead to any number of issues. We’ve discussed the challenge this can pose to your network, and the impact on productivity, but what about authentication and user management?
Many IT teams are shifting to more flexible authentication through the cloud, such as Office365 to simplify the process and make it scalable for large teams. At the same time, carefully consider whether split-tunneling is acceptable for your organization. Because of the possibility of cybersecurity threats using a split-tunnel connection to access your corporate network, it’s important that employees are only connected to either corporate resources via VPN or the larger internet at any one time. Being able to access both at once is an unnecessary risk that is difficult to monitor at scale.
Scaling Monitoring Efforts in IT
You already have some form of cyber-threat monitoring in place. You have a large and dedicated IT team. But it may not be enough. With so much additional effort required by your IT team, there will be dozens of new asks of them. Onboarding new employees, shifting responsibilities between existing employees, and dealing with a generally anxious workforce - many of whom have other issues in their personal lives and may never have worked remotely before.
This can create a perfect mix of distraction, overwork, and reduced morale that cyber-attackers thrive on. It’s important to step up your monitoring game - introducing new resources to check for threats and not relying on the existing infrastructure, which may become overtaxed with so much going on.
Preparing for and Combatting Security Threats in an Unprecedented Situation
We’ve never dealt with something like this before. Disasters may have kept a large percentage of employees home before, but never have we had entire global organizations shift out of the office to entirely remote operation. InfoSec and IT have contingency plans for many situations, but even with those in place, few have dealt with the scale of these efforts and there are likely challenges.
If you’re feeling overwhelmed, understaffed, or overrun by demand on existing resources, we can help. For a limited time, we’re offering free Advisory Sessions with our Principal Cloud Architect for all companies impacted by the coronavirus outbreak.
Learn what you can do in the short term to increase capacity, protect your data, and support your employees remotely.