Skip navigation EPAM
  • Enter your search query or select one from the list of frequent searches below. Use up and down arrows to review and enter to select.

Work-From-Home Security Realities: Digital Distancing to Keep Your Network Safe

Research
  • Hardware Security
  • Application Security

As employees continue working from home, cyber attackers have more entry points into local networks than ever before. IT and security teams have their hands full trying to ensure operational continuity and protect against digital threats in the midst of the COVID-19 pandemic. The influx of security challenges that come with shifting to remote working models make it imperative to keep the entire scope of IT and security in mind.

With that, we’ve assembled some best practices for safeguarding your employees and business assets.

 

Make Sure Remote Workstations are Securely Set Up

Verify Employee Hardware

It’s critical to determine whether your employees will work from a company laptop, a company desktop from the office or on a personal device that is remotely connected to your network, because security measures differ for each scenario.

The Safest Option: Employees Use a Company Device

This scenario allows you to ensure, in advance, that the laptop or desktop meets all the remote workstation security requirements by:

Installing corporate antivirus protection and other necessary software
Enabling two-factor authentication, full-disk encryption and event logging

The Most Difficult Option: Employees Use Their Own Devices

At a minimum, personal devices should have built-in antivirus protection and the latest operating system and software updates should be installed automatically. If this is not possible, you should block the employee from connecting to the corporate network from that device and provide them with a company laptop if possible.


Steps You Can Take:

Provide remote employees with company hardware whenever possible
Ramp up vulnerability detection efforts
Ensure all hardware has antivirus software installed
Centralize system and application updates
Perform ongoing patch management
Keep copies of key files in secure cloud storage or external drives

Keep All Software Up to Date

It’s critical to regularly update software, because, in most cases, malware attacks target vulnerabilities in legitimate programs and applications. This makes it important to:

Perform patch management

You can centralize the management of updates and patches to automate this process, and use protection solutions to verify if updates and patches were installed successfully.

Install the latest software

You should prioritize updating operating systems, productivity software and antivirus protection. It’s also important to warn employees about the dangers of obsolete browsers. 

Some criminals are targeting people working from home. To protect your company information, employees should keep copies of key files not only on their computer, but also in secure cloud storage or external drives.

 

Did you know that in Q4 2019, ransomware accounted for 36% of malware infections at companies?1

 

Keep a Close Eye On the Network Perimeter

In a work-from-home model, several vulnerabilities could emerge. For example, some administrators set up special connections to manage things remotely. To protect your network perimeter, you must be constantly vigilant. There are several valuable tools to ensure optimal security, including:

Virtual Private Network (VPN)

For gaining more secure network access through a remote access gateway; not all VPNs are created equal, so be sure to use a safer option (L2TP or IPSec)

For monitoring business-critical networks and systems that are usually isolated from the Internet and the main corporate network with strict access controls

For analyzing the use of remote administration software, such as RAdmin and TeamViewer, to detect targeted attacks and previously undetected hacks through real-time and saved traffic data

Taking a comprehensive approach will help you reduce the risk of an information breach or inoperability of corporate systems.

Steps You Can Take:

Choose the right VPN
Use special gateways for remote access
Monitor compliance with security rules and regulations
Install web application firewalls (WAF)
Ensure 24/7 network perimeter monitoring
Use network traffic analysis (NTA) to detect attacks

Prioritize Segmenting & Securing Remote Networks

What IT Teams Can Do

Despite their efficacy in securing network perimeters, VPNs can pose challenges if they are not properly segmented. Ordinarily, the VPN is forwarded to a particular segment on the local network, and the availability of the other network segments is not guaranteed. This means that IT departments may be up against the clock to re-configure equipment and tailor VPN access to the precise needs of each user. Rushed for time, they may simply open up access to a subnet for all VPN users, increasing both the potential reach of external attacks (whenever they breach the local network) and internal attacks. Your IT teams should have a preemptive plan of action for maintaining network segmentation and allocating sufficient VPN pools.
 

What Employees Can Do

However, the responsibility of securing and segmenting networks doesn’t fall solely on IT teams. Remote employees should make sure that the admin password for their home Wi-Fi router is unique. It may seem like a small thing, but you can make a huge impact by communicating password best practices to your employees and offering a refresher on how to update a password (they can find the administration interface on the underside of the router or from the official site of the router manufacturer). It's also useful to update the router firmware to eliminate any known vulnerabilities as well as keep any smart devices on home networks up to date—including smart TVs, surveillance cameras, gaming consoles and baby monitors. 

Steps You Can Take:

Have a plan in place for network segmentation and VPN pool allocation
Ensure that home routers use unique, strong passwords
Update home router firmware
Keep IoT devices on home networks up to date

Strengthen Account Access Requirements

Penetration testing shows that at least 75% of companies use dictionary passwords for their external services (such as websites, portals, databases, and teleconferencing).2

Weak passwords usage is already a danger worth addressing—this risk is heightened when these weak passwords are used for remote connections to the local network. All an attacker needs to start infiltrating internal resources is to brute-force a weak password, making it critical to reinforce password policies. For remote work, your employees should use stronger, more complex passwords:

At least 12 characters long for non-privileged accounts and 15 characters for administrators

Contains both upper- and lower-case letters, special characters and numbers

Hard to guess passwords that do not include birth dates, addresses or readily available personal information

Regularly updated at least every 90 days

One way to check the complexity of passwords is to export password hashes from the domain controller (in ntds.dit) and run this file through password cracking dictionaries.

As another line of defense to protect against intruders, you must adopt two-factor authentication, which provides an additional layer of security even when weak passwords become compromised. 

Steps You Can Take:

Reinforce password policies (character count, use of capitalization, symbols and numbers)
Advise against easy-to-guess passwords
Limit password lifetimes to no more than 90 days
Run access credentials through password cracking dictionaries
Adopt two-factor authentication

Make Common Sense Common

Phishing Attempts

Since January 2020, more than 4,000 COVID-19 information sources have been cataloged. Of these, 5% were suspicious, and 3% were malicious.3

Criminals are already taking advantage of the pandemic via phishing emails, fake sites and compromised mobile apps. Fraudsters have been sending messages that supposedly come from the World Health Organization (WHO) about a cure for coronavirus or the availability of express testing kits. Employees must be vigilant and have knowledge of threats to effectively distinguish phishing messages from legitimate ones. Doing so requires:

  • Discussing the topic of phishing
  • Providing well-designed and straightforward training materials
  • Communicating tips frequently related to security and social engineering

Aside from training employees on warning signs and providing clear instructions on how to report potential threats, it is also worthwhile to perform dynamic scanning of all incoming email attachments inside a sandbox.

Business Email Compromises

Business Email Compromises (BECs), another common cyberattack, target employees who are responsible for paying vendors and other counterparties. This is a very targeted form of social engineering where the criminals, posing as the company's executives, send emails to accounting staff. In most cases, the "from" address of the criminals' messages superficially resembles the address of a genuine executive.

So, as employees work from home and face-to-face communication is minimized, they will need to go the extra mile to verify who they’re actually communicating with. Employees responsible for outgoing transfers should use additional communication methods, such as phone calls or video conferencing, to verify who the request is actually coming from.


Instructions & Support Channels for Users

Administrators should make sure that employees know how to report security issues by giving them instructions to help make the transition and configure their software. Create a special email address for them to reach out to in case of issues, as well as a separate address where suspicious emails can be forwarded to warn security staff and other employees of phishing attempts.

Steps You Can Take:

Keep employees informed with trainings, tutorials and reporting procedures
Educate employees on the warning signs
Dynamically scan incoming email attachments inside a sandbox
Verify email addresses using different forms of communication (video, phone, etc.)
Ensure that employees know where and how to report security issues

Recap: What to Expect

The COVID-19 pandemic is currently at the center of the world’s attention, and attackers will inevitably take advantage. If your company is not yet ready for remote work, it is important not to be hasty. Instead, build a well-designed, comprehensive process that accounts for the full spectrum of security threats. Here’s a quick recap of the new security vulnerabilities emerging during the 2020 pandemic:

COVID-19-specific phishing lures to employees' corporate and personal email addresses and social media accounts are on the rise

Weaker digital security will lead to a sharp increase in attacks on the network perimeter of companies and remote employee workstations

Organizations where working from home had never been an option, are suddenly at high risk due to rapid adoption and poor security awareness among employees

To reduce the risk of a network breach, you must double your efforts when it comes to monitoring employee network activity and all remote connections, security events on key business systems, the network perimeter and employee workstations. Equally critical is the willingness of employees to buy in and help combat the potentially constant stream of threats.

CyberRD-page-images-R1-10.jpg

Work from Home Security Checklist

To make sure you haven't forgotten any of the critical factors during this massive work-from-home transition, here is a brief checklist that you can use to see if your company's security is where it needs to be.

Thank you for your interest in Cyber R&D Lab. Please click here to download the checklist.

Oops, something went wrong. Please try again.

* Indicates required fields