16 Mar / 2020
Cyber Security
COVID-19 has quickly switched many organisations to full work remote / from home policies, and IT teams are dusting off disaster recovery and business continuity plans. We know hackers are using Coronavirus to target users, so it’s important to keep security front of mind when protecting a distributed workforce.
After talking about this topic with a few clients, I thought i’d share my security tips to consider when protecting a remote and highly distributed workforce.
This seems obvious, to provide some level protection from malware and exploits on endpoints. But keep in mind many organisations do not supply staff with laptops or home workstations, so they may well be accessing corporate email or data from home machines outside of the normal corporate security standards and monitoring. Keep mobile devices and tablets in mind here too. Many technology vendors are providing additional burst or top up licensing so be sure to look into this.
A highly distributed workforce creates visibility challenges too. Where your users usually connected via fixed perimeters you controlled, now they could be accessing cloud and SaaS data from anywhere, on any device. A Secure Web Gateway is a good solution for this, as it provides visibility into applications and data users are interacting with, and lets you enforce your corporate security policies no matter what they’re accessing. It also connects users to a global point-of-presence network, meaning you don’t have to drag your users back through your own perimeter in order to get visibility and enable your users to access applications.
Suddenly that often malnourished remote access solution is critical infrastructure. If you do need to connect staff into your environment to access applications, confirm your VPN is provisioned to handle 60-75% of your workforce connecting concurrently. This is also a really good time to ensure multi factor authentication is enabled on all your entry points, including VPN’s (you would be surprised how often it isn’t!).
Cythera provides a Secure Access solution through Cato Networks global points of presence that can be stood up in hours if you need assistance here.
This is really a dovetail on the visibility point, but with your users remote, accessing services from anywhere potentially on any device, logging and visibility have never been more important. Ensure you’re taking feeds from your cloud and SaaS applications, and comparing them to security and endpoint data, and running some form of behavioural and threat analysis over them. This will give you a really good head start to detecting and responding to threats before they become incidents. It might be as simple as why is Mary from HR logging in from Melbourne, and then five minutes later successfully authenticating from India. Or it might be a more sophisticated user making Powershell or API calls they have never made before. Visibility is key here. A detection and response platform can give you a good head start if you feel you’re lacking here.
Significant changes in working patterns demand that cyber security be front and centre in your IT planning. Reach out to the Cythera team if you need some air cover.
Unlocking Growth Through Security: Operationalising MDR for Australian Organisations
Australian small and medium-sized enterprises (SMEs) are at a critical juncture regarding cybersecurity. Recent data shows that 60% of Australia…
Read MoreFrom COTS to Custom: How Cythera Elevates Cybersecurity with Human-Led MDR
Let’s face it: Commercial Off-The-Shelf (COTS) security solutions have served their purpose well. In the early 2000s, when cyber threats were …
Read MoreOpenSSL v3.0.x Buffer Overrun Vulnerability
CVE-2022-3602 – OpenSSL v3.0.x Buffer Overrun VulnerabilityCVE: CVE-2022-3602 and CVE-2022-3786What Is Vulnerable?: OpenSSL versions 3.0.0 or …
Read More