Authored by: Joyal Bennison J., Product Consultant at ManageEngine
As the rate of new infections hit a new low, Malaysia has begun to ease lockdown restrictions and reopen nearly all economic activities. Many organisations are allowing their employees to return to their worksites at will, albeit with face masks and strict social distancing protocols in place.
While being on-site after an extended lockdown might instil a sense of relief and normalcy for employees, it creates a ticking time bomb for employers as all the devices that may have been left unprotected during quarantine, or even infected with malware, return to the corporate network. Insecure internet connections, a lack of perimeter security, and the inability to implement effective security controls would have made remote endpoints a breeding ground for threats.
Employers, besides planning safety measures to set up a healthy workplace for their returning workforce, ought to re-evaluate the relaxations made to facilitate remote work. To that end, we've created a list of cyber hygiene practices to mend the security lapses brought about by remote work.
Restrict privileges to specific applications
Forrester estimates that 80 percent of data breaches have a connection to compromised privileged credentials. To prevent worms within compromised computers from executing with admin privileges or advancing to the rest of the network when the workforce heads back, the first step is to enforce the least privileges for all users. You should allow admin privileges only for chosen applications on an as-needed basis.
Secure BYOD devices and containerize corporate data
Before COVID-19, some organisations used desktop computers as the de facto workstation. Bowled over by the sudden lockdown restrictions, such organisations might have been forced to allow employees to use personal laptops, mobile devices, or tablets for remote work. When returning to the office, employees may use those same devices to resume work.
Threat actors will likely take over any unprotected devices, especially personal devices, to gain access to corporate data. As corporate data is stored alongside personal data and apps, having a mobile device management solution that helps secure BYOD devices and containerize the corporate data stored in them is essential to prevent unauthorised access to sensitive data.
Allow only trusted USBs and peripheral devices
Unable to access corporate resources during quarantine, end users may have resorted to working with personal storage devices such as USBs, NAS systems, and other auxiliary devices. Untrusted removable devices are one of the primary vectors used to deliver malware to systems. To prevent such incidents, you should implement a device control program based on Zero Trust to allow only authorised devices to connect to your company-owned devices, as well as set file transfer restrictions to further prevent the intrusion of malicious executables.
Reset passwords and enforce complex password policies
With remote work blurring the lines between devices used for work and personal purposes, there is a high probability that the users shared their credentials with their family and friends. It is only reasonable to require users to reset their passwords based on complex password policies once they are back at the office.
Prioritise and patch vulnerabilities
There are plenty of reasons why your remote endpoints might fail to stay up to date with software patches. Keeping all software patched in a hybrid IT ecosystem is a pain, even within the corporate network. Now that devices have left the premises, many organisations are relying on VPNs to conduct their patching procedures. This often results in bottlenecks that slow down the update process. Besides, remote users often skip the update prompts or postpone updates to their systems indefinitely. And there are servers in the office premises that have remained off throughout the remote work phase.
Many devices have likely accumulated a heap of vulnerabilities while employees have been working from home. If there are too many endpoints to patch when you return to the office, conduct a vulnerability assessment to predict which vulnerabilities are imminently exploitable and have far-reaching consequences, then prioritise the patches that address them. Last but not least, don't forget to test patches in a pilot group of machines before rolling them out to your production environment.
Ensure your antivirus is up and running with the latest definitions
It is not uncommon for employees to temporarily disable their antivirus when it overrides certain actions like running installers, then forget to re-enable it later. New viruses are identified every day, and vendors are rolling out definition files at an equal rate. Chances are your remote endpoints have failed to keep pace. As soon as employees return to the office, sweep your network for endpoints that have disabled or out-of-date antivirus and make sure they are running enterprise-grade antivirus with the latest definitions or signature files.
Firewall traversal from remote hosts must be disabled
Remote connections that bypass the firewall should never be allowed since there is no way to verify if they can be trusted. Disable "Enable firewall traversal from remote access host" in Chrome browsers of your network systems, as it allows remote clients outside the network to connect to the network systems even if they are separated by a firewall.
Establish a secure foundation with security configuration management
Preventing threats from entering your network is the first and foremost step in strengthening your defence. But if an unlucky accident exploit or malware seeps in, they will leverage misconfigurations to worm their way into their intended targets. The possibility of poorly documented configuration changes, and technical issues in endpoints that lead to misconfigurations, are high during remote work. Sniff out machines that lack appropriate security settings or were left with default configurations and bring them back to compliance.
Block unauthorised and insecure applications
Remote endpoints, if left unmonitored, could serve as a host for a horde of unauthorised and untrustworthy applications. Hauling these endpoints back into your network comes with serious security implications. Leveraging technology to substantially reduce and restrict the number of running applications, leaving only those that are trusted and deemed essential by the organisation, can help mitigate potential risks.
Besides implementing these cybersecurity measures, don’t forget the lesson driven home by the pandemic: Organisations need to revise their contingency plans and be better equipped to handle any future crises. For all we know, a second wave of COVID-19 may be lurking around the corner. Moreover, organisations need to take a judicious approach on allowing only selective staff members whose presence on premises is indispensable. And they must be prepared to switch back to remote work if things go south.
One thing is clear, the key to sustainability is adaptability. The future of workplace would be the one of a hybrid, remote/on-premises model. That being the case, investing in building a strong security strategy that empowers a distributed workforce with safe and efficient working conditions, no matter where they are, is the only long-term solution.