Starting on Wednesday of this week, March 25, 2020, Governor Evers’ Safer at Home Order (Emergency Order #12) went into effect across Wisconsin and continues until Friday, April 24, 2020. That means that more Wisconsin residents will be working from home (a growing remote workforce). Companies, IT departments, and vendors have diligently worked to implement and support the technology that enables efficient working arrangements – from collaboration tools to secure access to networks to maintaining uptime on the networks and applications we all use every day.
RMM Solutions is continuing to work in an essential capacity to support businesses and governments across the state that deliver essential products and services to all of us. Through that effort, we have identified several considerations and best practices as you ensure that your business continues to operate through this period:
Be aware and proactive of email fraud and threats related to COVID-19
The FBI issued a Public Service Announcement (Alert Number I-032020-PSA) on March 20, 2020, outlining the rise in fraud schemes related to the Coronavirus (COVID-19) pandemic. The agency mentions that “scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both.” The most common phishing emails that are being sent are related to the CDC, purported information on the virus, availability of economic stimulus checks, and fake charitable organizations. Make sure that your users are aware of the methods that cybercriminals use as a successful attack cannot only harm an individual, but also your business.
Here are some best practices for your business and tips for your users:
- Evaluate your SPAM filtering solution to ensure that it is and remains effective against the types of phishing scams that are happening. Just because you have SPAM filtering does not mean that it will stop all attacks.
- Evaluate your security tools that sit between your users and the internet (often called Secure Web Gateways or Secure Internet Gateways). As many users are no longer behind a firewall that analyzes traffic and prevents users from going to malicious websites, this can be a critical element of protecting users at home when they click on a malicious link in an email.
- Do not open attachments or click links within emails from senders they do not recognize.
- Do not provide any personal information in response to an email unless from an official, verified source.
- Always verify the web address of links or manually type the URL into the browser.
- Always look for misspellings or wrong domains within a link (for example, when official government websites ends in .com instead of .gov).
Evaluate how your remote workers connect to your applications, data, and network
Many businesses already have a remote connectivity solution in place to enable remote, secure, and authorized access to your network resources. This can be a VPN connection, remote desktop (through your server environment), or other means of secure tunnels (for example, a solution like GoToMyPC.com or RMM Solutions’ Secure Remote Access solution).
Users are connected through a multitude of different means to get on the internet – cellular, cable, public Wi-Fi, and more. Since you don’t control these sources, make sure that the connection between your users and your network is secure. In addition, businesses are facing the challenge of having reduced capability (or even resource capacity) to remotely troubleshoot issues, manage and mitigate antivirus solutions, and ensure appropriate user activity (e.g., internet usage, video streaming, and more).
Compounding these challenges, many companies have adopted or instituted a BYOD (Bring Your Own Device) policy to better enable remote workers to work with their PCs or mobile devices from home.
- If you are using VPN, assess your firewall security – is your firewall patched, have you looked at potential vulnerabilities, and are you limiting access to only what users require?
- If you are using Remote Desktop, consider that your users are accessing your server environment (wherever it may be). Is each user limited to accessing what they need for their job?
- Evaluate your antivirus or antimalware solutions and tools to ensure that you are aware if an issue were found and that you can quarantine and mitigate potential issues.
- Review your BYOD policy to ensure you have defined appropriate usage of your business resources. Consider requiring your antivirus or other tools to be installed to better secure these devices.
- Evaluate your password policy to ensure you have strong passwords or change your password policy to support a better cybersecurity posture.
Incident Response, Business Continuity, and Disaster Recovery are just as important as ever
Incident Response plans should be evaluated regularly to ensure that you have the ability to respond in the case of a disaster. We may already be in the middle of the COVID-19 pandemic, but it’s not too late to perform a tabletop exercise around this topic, and it can link directly into your Business Continuity and Disaster Recovery plans. Ultimately, it remains a great time to evaluate your plans through this scenario to ensure that you are prepared through the uncertainty we have found ourselves in.
- How do you ensure connectivity to your critical business resources with a remote workforce (now and 6 months from now)?
- Do you have the appropriate staff to support and maintain cybersecurity of your digital and IT assets (wherever they are)?
- How can you respond to and support what may have previously been considered minor (or potentially severe) technology issues?
- Hardware or software failure of a user’s laptop
- Remote connectivity issues
- On-premises server failures
- Malware or data breach
With all of that said, RMM Solutions is here to support you through these challenges. We are seeing an increase in the number of cybersecurity attacks aimed at end users and end user systems – particularly as the attack surface has become larger as more employees no longer work within the walls of your facilities (and your corporate firewalls). Many IT operations teams are scrambling to implement the technical capabilities and processes to enable your business to continue working – we recommend assessing the following areas to reduce your cybersecurity risk:
- Security Awareness Training - Educate, train, and remind your users of the increase in cybersecurity threats. Use this as a time to communicate (and use the communication media that you have already been using) the need for good cyber hygiene – especially with email.
- Endpoint Protection – Make sure that your users on company-owned devices and personal devices have sufficient endpoint protection to minimize the risk of malware, viruses, and breaches.
- Virtual Private Networking (VPN) – If users connect to your network over VPN, evaluate whether their internet traffic also uses your internal firewalls and network tools. It may be wise to do so at this time unless your current technology cannot support that amount of traffic.
- Multi-factor Authentication – Now is a great time to look at implementing a 2-factor or multi-factor authentication solution when users access your business assets. MFA greatly reduces the risk of hacking success as the attacker rarely has the second factor (for example, the user’s phone)
- Patching – Although you may have a great process already in place, don’t forget about the continuing (and increased) importance of good patch management.
- Planning – Now is the time to evaluate your Business Continuity and Disaster Recovery plans. Make sure they are up to date, communicated, and effective.
Please reach out to our team with any questions, concerns, or needs as we Secure IT together. We also have created a quick handout you can reference and share.