With the outbreak of the COVID-19 pandemic, most organisations are bound to activate remote and home working if the epidemic persists. Users of an information system must understand the risks associated with working from home and the necessary security measures to observe in order not to compromise their privacy and their company’s security while working remotely.
Some of these risks and corresponding measures include:
The risk of users connecting to public Wi-Fi:
Most users work out of corporate offices and rarely need to connect to a corporate network away from the office. However, due to the change in work lifestyle owing to COVID-19 and cost of mobile data, there is a growing need for network users to access free Wi-Fi to perform their official job functions. Organisations should conduct awareness training to remind employees not to connect to public Wi-Fi. Where possible, develop technologies to restrict employees from joining to Wi-Fis at public places like cafes, airports etc.
The risk of users visiting prohibited sites using the organisation’s computing resources while working from home:
Some organisations may not extend the level of control within the corporate offices to the employee’s homes, thereby allowing employees the ability to access sites prohibited by the organisations while they work from home. Organisations and responsible personnel should ensure that all devices have an antivirus installed. They can do this by creating a whitelist or blacklist of site categories using the web-filtering feature of the antivirus in use or leverage cloud-based secure internet gateway for cloud-based antivirus. Get a cloud-based secure internet gateway agent installed on end-user laptops. It gives visibility into URLs/websites visited by end-users and can be used to prevent end-users from visiting specific sites such as p2p websites
The risk of antivirus not getting updated if working from home period extends:
A lot of organisations depend on centralised management of antivirus update for new deployments and upgrades. Working from home may prevent some systems from getting constant updates. Organisations should configure antivirus to receive updates from the internet or via the company’s VPN.
The risk of exposure to confidential information either by error or intentionally:
Working from home may cause exposure of confidential organisational information due to lack of or inadequate controls at the employee’s home. To mitigate this risk, organisations should implement a USB block to ensure regulatory details are not copied using removable media. Remind employees of the type of information that they need to safeguard. Develop a procedure for encrypting sensitive information before transmission, and communicate to all staff, create a blacklist of all known unauthorised online storage facility.
The risk of employee data not being backed up during the period they are working from home:
Most organisations have a centralised backup repository that resides within the organisation’s local network. Working from home will either require users to login via VPN to backup or expose them to using unauthorised backup means either on the local computer or cloud. Organisations should advise employees to connect via company VPN and backup regularly. For companies using cloud backup, users should be reminded to back up regularly.
The risk of opening Phishing mails:
A lot of COVID-19 related phishing attacks have been in circulation. Unsuspecting users will be lured to clicking them, primarily off-site where control is minimal. To prevent the risk of opening phishing emails, organisations should conduct awareness training on how to detect and handle phishing attacks and other forms of social engineering attacks
The risk that VPN access will be extended to more people within the organisation thereby increasing attack surface:
Many people are being mandated to work from home as against the usual working from the organisation’s local network. VPN access was limited to a few individuals in the past, especially the technical support team. Though, because of the present crises, there will be an increasing need to grant additional users who have never used VPN access to the network. This will increase the network attack surface for the different organisations implementing it.
To limit the risk, organisations should implement multiple factor authentication (MFA) mechanisms. They should implement LDAP integration to ensure the right authorisation, and use access control lists to enforce need-to-know principle so that users will only have access to information they need to do their work.
The risk that operating system updates and patches are not done timely:
Several organisational systems will be taken off the local network where they need a centralised patch management system to update the OS patches, thereby exposing the methods to vulnerabilities. Organisations should ensure all systems are updated before remote working commences. Where possible, utilise VPN to connect to centralised patch management systems for an update. Test to ensure systems can update via the VPN.
The risk that employees will breach/bypass technical controls that are not present in the offsite:
There is also a risk that employees will start breaching technical controls that are not present at the home offices due to lax access control and monitoring. Organisations should remind employees about commitment to organisational policies, whether in or out of the office through awareness training.
It is crucial that while we plan to maintain the safety of lives during this period of COVID-19, we should also preserve the security of our information processing environment. At pcl. we help organisations implement controls that will help protect their business from cyber-attacks.
Stay Safe!
Written by:
Ben Nnatuanya
Senior Consultant