FUD (fear, uncertainty & doubt) is such a familiar term in risk domain. COVID-19 situation has taken most of us by surprise. Governments around the globe have decided to opt for measures that lead towards 'delaying' the peak situation in their fight against COVID-19. These measures involve people to follow social distancing by staying in their homes.
Working from home is not a new measure for many organisations, COVID-19 is forcing organisations to prepare for remote working on a greater scale and longer periods. This popularity of remote working solutions due to COVID-19 outbreak undoubtedly brings more attention from threat actors. In this blog post we will share how businesses and individuals can protect themselves from cyber-attacks.
What we must not compromise on is cyber security.
Home security advice
Follow these measures to maintain good security hygiene:
- Wi-Fi - Follow basic security hardening guidelines by changing default settings. Set new passwords by changing default passwords (usually found at bottom or back of the routers). If you have never changed the Wi-Fi password provided to you by service provider, change your password now. Refer to websites such as wikihow.com for such measures.
- Passwords - Use password managers to store your sensitive information. These password managers take away your pains to generate new hard to guess passwords making it easier. Loads of open source and commercial options are available out there. Investing into a password manager could save you £££ and other pains!
- Webcam - Whether you are a parent worried about kids safety on their workstations or don't want malware to take control of your devices, make sure you review the webcam settings. In windows 10, you can find it here. Settings - Camera privacy settings - Allow apps to access your camera - select which applications you want to allow access to webcam.
- Multi-factor Authentication - We strongly recommend you implement multi-factor authentication if available. All major retailers, email and other service providers offer multi-factor authentication to protect against password guessing and theft.
- Patching - Update your systems and software including mobile devices regularly. On modern devices, users can easily schedule updates for night time when devices are not in use.
- Malware - Regularly patch all software on devices, laptops, systems by promptly applying the latest software updates. Use anti-virus as a minimum on all systems and turn on host firewall to create a boundary outside your network.
- VPN - Make use of VPN when connected to a public or shared Wi-Fi connection. Invest in a secure Virtual Private Network (VPN) for personal safety. This easy to use software creates a secure connection between your device and VPN servers. Investing in a reputed VPN software, or if you are feeling adventurous you can host your own VPN for free.
- Phishing - There is increase in phishing activity misusing COVID-19 related subjects targeting remote workers. Given the popularity of work from home opportunities, recruitment is one such lucrative topic targeted by threat actors.
- Backup - Ensure your devices are configured for periodic backups. Ensure that backups are stored in a secure manner at a secure location. Backups must not be stored on the disks connected to the source device.
- Don't mix and match - Try not to use personal devices for work, and vice versa. This would help you segregate both areas and act as deterrent in case your personal or work information/devices are compromised.
Preparing your business
Organisations require to be more resilient than ever to protect their assets exposed to the internet. IT teams are under undue pressure to ensure their organisation is ready with all tools needed for users to work from home. During these changes, there are often blind spots for organisations that could be left unguarded. Quite often organisations allow access to internal assets via remote access solutions after successful authentication. This single point of entry routes to an organisations' internal network makes remote access solutions an attractive target for threat actors.
- New Services and Documentation - It is likely that changes have been rolled out to expose certain applications/software or roll out new software (for e.g. Video Teleconferencing application). Consider producing user guides for such situations including ensuring the staff on how to report cyber security incidents. Refer to NCSC's guidance on implementing Software As A Service applications.
- Cyber Security Training - Cyber security training is more important than ever for employees working remotely. Roll out cyber security training packages highlighting remote working content. Content should cover areas around how to protect and report phishing, using and storing credentials and securing your devices.
- Secure Couriers – Undoubtedly remote users will face issues with faulty devices, or require repairing or replacements. Organisations must ensure that secure courier deliveries are utilised along with device hardening measures such as full disk encryption, Bios passwords (for users), removable media restrictions, etc.
- Securing VPN (Virtual Private Network) - VPNs act as entry points to an organisations' internal network. Unless your organisation has fully adopted a zero-trust approach to networking, it is highly likely that VPN access is the only way to fully access your internal resources. During these remote working situations, employees require 24x7 access to internal resources that range from company intranet to various task dependent services. The following measures may help a business in preparation for VPN use:
- Authentication - Multi-factor authentication should be in use for VPN access.
- Protocols - IPSec and TLS VPNs provide secure remote access for enterprises. For many businesses both SSL/TLS VPN and IPSec VPN are in use.
- Client Security - Consider client certificates for machine authentication when using VPN services.
- Segregation - Consider segregation at environment, service, network level to ensure VPN users do not have more than needed access. Audit your segregation measures to validate your controls.
- Securing Work Devices - Review your secure hardening practices in use for employees’ laptops and devices. This includes operating system/build hardening measures specifically software restrictions (install/execution rights), browser plug-in restrictions, Bios protections, removable media restrictions, encryption and anti-virus configuration. Provide secure alternatives to staff such as file transfer and collaboration tools.
- Logging and monitoring - Event logging provides you visibility into the operation of your users, devices and the network into which it is deployed. Alerting/Monitoring provides you the constant eye for unusual activities.
- Backup - Review backup capabilities to check security of backups process and test using backup restore tests.
- Cyber Attack Preparedness -
- Cyber security/incident response teams must be on standby in case of estate wide incidents such as ransomware, network outage, data breach where internal systems may be rendered out of use temporarily. Ask questions internally, liaise with internal teams such as BCP, DR, Infrastructure Support, Communications, HR & PR units.
- Review your back up systems including processes needed to let incident team work in parallel. This includes workstations, connectivity, communications such as email, phone, VoIP.
- Due to heavy usage of remote access solutions, review your abilities to block spyware, filter malicious domain URLs, block suspicious traffic (C2C, non-standard ports usage, DNS, URLs).
Let's finish with a few stark reminders:
- Don't expose RDP services on the internet without added measures such as multi-factor authentication.
- Don't expose VPN users to the entire organisation. This is very important for contractors/external vendors that are part of your organisation. Ensure that access restrictions are reviewed and business critical and sensitive assets such as domain controllers, databases, HR and other business systems are segregated using internal firewalling/VLANs.
- Adapt to jump boxes concept where temporary allocation of users in restricted environment allows access on need only basis.
- Don't spend on more products and complicate your environment. Review your current stack to see where all you can take advantage of current setup. For example, AppLocker via group policy, host firewall policies, advanced audit configuration are all part of modern active directory set ups that can save you costs and complexity.
Cybersecurity is most effective when it is proactive. By identifying weaknesses before they are exploited, you ensure the integrity of your network. For businesses at the start of cyber security maturity, especially small businesses, we have created a blog post with 5 suggestions for SME sure to improve their security posture. Frequent security assessments also create a more efficient system, helping to prevent data loss and minimise any downtime that would affect your business and your customers. You can find more information including our services, methodology information here.
Why select Defendza to help you?
Defendza is a specialist provider offering cyber security consulting, training services and managed security services. We deliver a truly independent third-party opinion, unbiased expertise free from any inclinations towards vendor partnerships, reselling objectives or promoting any security products. We pride ourselves in being a partner of choice for our clients and helping with their IT security and compliance requirements.
Our experience in the financial services industry extends to the broadest set of technological choices in use across Tier 1, Tier 2 banking, insurance and other financial services businesses. Be it be banking transformation programs, ATM networks, High Risk platforms such as futures trading, investment banking products, smart card authentication devices, we have the skill-set to deliver you the required validation against your development and implementation. Read our financial industry sector insight to learn more on our work.