Cyber Awareness to Work from Home Securely|Kroll Cyber Risk

With an increasing number of states mandating that non-critical employees work from home, every company must confront the question of how they can maintain a reasonable level of cyber security while systems operations are disrupted and security personnel may be unable to work from their security operations center. Additionally, the rapidity with which the situation changed limited the time that companies had to make architectural changes to their network or to modify their operations to support a large work from home user base.

SANS put together a toolkit to help organizations educate themselves and their workforce in light of many of our new working environments…our homes.

It’s important to remember that while IT may be loosening some restrictions to allow an increased amount of remote access, basic security protections, detections and response efforts should not be loosened.

Watch Kroll’s work from home cyber security tips in the video below:

Kroll believes good hygiene, effective endpoint monitoring and ongoing cyber awareness communications are part of a solid foundation. Let’s consider the following to work more securely from home.

Remote Access
Continue or enable multi-factor authentication (MFA), disable remote desktop connection (RDP) from external sources and check your firewall rules. Can’t remove RDP completely? Have a third party be your second set of eyes and suggest additional controls to tighten potential vulnerabilities.
Monitoring
Ensure your audit logging and monitoring function is up to date and alert notifications are still accessible from home. Check with managed services third parties on their ability to continue notifying you in near-real time. Contact a third party to help manage endpoint behavior and activity alerts and triage.
Incident Response Communication
After checking your monitoring functions, run through some incident response scenarios to ensure that access to not only alerts but investigative sources (e.g., endpoint tools, logs) is not interrupted. Are your remote access logs (or any log for that matter) still being retained for as long as you need them to be, or are they being overwritten due to size?

SANS accurately points out that having a forum or ensuring users know how to report suspicious behavior or potential incidents to the security team in real-time is also important. You’ll want to ensure your security team and/or help desk can handle the influx of communication and knows where to direct the information. Consider outsourcing a call center for security incidents or information about working remotely to a third party.
Patching
Everyone’s favorite topic…keeping systems up-to-date and patching vulnerabilities. Hackers are researching and testing ways to exploit existing and potential vulnerabilities, particularly in remote systems and those exposed to the internet. Focus on keeping these up to date by frequently scanning and patching/updating as necessary. Consider pushing automatic updates to company-owned laptops and devices.
Users
Communicate to your users that while they may have new ways of accessing systems, security and access to data cannot be compromised. Require multi-factor authentication (MFA) and strong passphrases and educate users on how they can implement these in their personal lives. The site twofactoauth.org has a list of websites and whether they support MFA. Users can use this to enable this feature on popular retail and banking sites, among others.

We’ve mentioned this in previous posts and believe it should be mentioned again. As we all look for more information, particularly on the current COVID-19 situation and the impositions on our daily life, social engineering and phishing is still one of the greatest risks to your users. Educate them now and often around current phishing trends and measures they can take to avoid clicking or opening malicious links and documents.