In the best of times, few companies practice proper data security. When COVID-19 struck, requiring months of remote work, virtually no IT team had dotted its i’s and crossed its t’s.
Data security is a cat-and-mouse game. Cybercriminals are always looking for new vulnerabilities, and widespread, seat-of-the-pants remote work is a tantalizing one.
To stay a step ahead, you have to know the risks. Here’s what the data security landscape looks like while people are working from home:
1. BYOD by default
Although bring-your-own-device policies have been gaining steam for years, remote work has made BYOD the norm. The trouble is, there’s no in-office oversight around which devices workers connect to the company’s network.
From an employee’s perspective, it might seem harmless: What are the chances of an old laptop infecting the whole network? Who cares if a tablet’s operating system hasn’t been updated in years?
If your company has a SIEM system, you may feel insulated from device-driven threats. But without SOAR security, malware on one device can spread rapidly across a network. SIEM-as-a-service providers like StratoZen use SOAR to automate security orchestration and response. While not truly hands-off, it can drastically cut response times and the need for human intervention.
Even with SOAR, it’s important to ensure that the networked systems can “talk” to each other. Always ask team members to check with you before they connect a new device to the network.
2. Fresh phishing schemes
One truth of information security hasn’t changed during the pandemic: Human error remains the chief cause of breaches. What’s changed are the social engineering schemes that bad actors are using.
In the age of COVID-19, they tend to take three forms:
-
Workplace policy emails
Cybercriminals know that corporate policies are evolving to accommodate remote work and social distancing. Unfortunately, they also know that workers are a lot less likely to question emails supposedly from work when they can’t pop over a cubicle to ask the apparent sender. The result is a rash of emails with links to fake company policies that, in fact, initiate a malware download.
-
CDC alerts
Pretending to be associated with the U.S. Centers for Disease Control, phishers are sending emails that claim to link to a list of local coronavirus cases. Remind team members that individual medical records are private under HIPAA, and CDC officials aren’t about to violate a federal healthcare privacy law.
-
Health advice memos
Playing on people’s desperation to protect themselves from the virus, some phishers send emails with fake links to safety measures. Point out to your employees that medical breakthroughs aren’t announced through personal emails.
3. Emboldened insiders
In some cases, employees themselves are the ones to compromise a company’s data. When team members with bad intentions are working at home by themselves, they may be more likely to pull the trigger than when working in the same room as the rest of the team.
Although SIEM systems alone can’t catch authorized users in the act, they often can when supported by UEBA tools. Short for “User and Event Behavioral Analytics,” these systems look for signs that a team member is acting suspiciously. If a member of the social media team suddenly tries to download customers’ payment data, a UEBA tool is likely to flag the activity.
4. Temptations around unauthorized access
Within households, devices are often shared. Someone using the desktop computer to surf the company’s network may be the employee, but it might also be that employee’s roommate.
COVID-19 has raised the stakes around unauthorized access in two ways: Not only are more people staying home, but thanks to the economic fallout, they’re also experiencing financial difficulties. They may be tempted to make a quick buck by downloading company data when the employee in the house isn’t looking.
Here, the best defense is low-tech: Encourage employees to use devices only they have access to for work. If a device must be shared, ask that team members maintain separate, password-protected accounts. Make sure employees log off after each and every session.
5. More public Wi-Fi networks
Because internet access is critical for remote work, companies like Comcast have expanded access to their public Wi-Fi hotspots. The problem with public Wi-Fi networks is that they make it easy for data to be intercepted by someone else on the network.
Ensure that any team member who needs to access sensitive internal systems on public Wi-Fi uses a virtual private network like this VPN. A VPN encrypts data in transit, but it’s not failsafe.
Remind users that VPNs cannot prevent phishing attempts. Keep VPN software updated with the latest security patches, and implement multi-factor authentication on all VPN connections.
The abrupt shift to remote work caused by COVID-19 is challenging in and of itself. Don’t let security breaches make it that much more of a headache for your team.
