How to Manage Cyber Security with the Sudden Spike in Remote Workers

Champion Solutions Group helps you sort through the noise of how to protect your remote workforce via a series of blogs, webinars and podcast from our trusted Cyber Security Partners. Below is a blog from our partner Alert Logic. Alert Logic has been a partner for many years and has served our customers very well. In addition to the blog, Alert Logic will be participating in one of our upcoming chat with our partner webinars.

The Coronavirus pandemic has had a dramatic impact on businesses around the world. Globally and across the United States, people are being directed to self-quarantine and maintain social distance to limit the spread of the infection so demand doesn’t overwhelm hospital capacities and doctors can provide the necessary care for those who need it, and that has led many businesses across all industries to implement mandatory work-from-home protocols. Thankfully, we live in a world with ubiquitous internet access and we have the technology to work remotely in many cases with minimal disruption. However, the sudden spike in remote workers resulting from the Coronavirus response poses some unique cyber security risks for companies as well.

Expanded Attack Surface
Many organizations were already struggling to deal with the complexity of a hybrid or multi-cloud environment and maintaining visibility and effective cyber security for an increasingly mobile workforce. With companies suddenly asking all employees to work from home, there has been a remarkable surge in the number of users connecting to company networks and accessing sensitive data from home computers over the public internet.

As the number of people logging in remotely or connecting to cloud-based SaaS (software-as-a-service) applications rises, the attack surface expands. Organizations suddenly have an exponential increase in the number of endpoints and the overall complexity of the broader network environment.

Cyber adversaries are not slowing down due to the COVID-19 pandemic. On the contrary, they are looking to capitalize on the chaos. An expanded attack surface combined with an influx of workers who are new to working remotely increases the opportunities and odds of success for cyber-attacks.

Closing the Cyber Security Gap
Consider the fact that you suddenly have a number of employees working from home who may have never done that before. Sure, you may have provided security awareness training at work, but this is a unique situation and it would be wise to remind people about security best practices.

Here are a few basic security precautions your users should take as they work from home:
• Remind users to be suspicious of emails from unknown sources and to not open file attachments or click on links. Stress the fact that cyber criminals will seek to capitalize on the current chaos and make sure people know to exercise extreme caution with any email that asks for credentials or other sensitive information.
• Make sure that computers—whether company-issued laptops or personal home PCs—are patched and updated against the latest threats.
• Verify that the devices used to connect to network resources or access company data have endpoint protection.
• Emphasize to employees the importance of ensuring their home Wi-Fi router is not using the default password, and that they should use a unique password for connecting to the Wi-Fi network.
• Ensure that workers connect to the company network and sensitive data through secure means, such as a VPN (virtual private network) connection and remind them to store data on company-sanctioned cloud storage platforms.

The Human Element Is Key
Threat management and constant vigilance will be key for managing cyber security while mandatory work-from-home policies are in effect during the effort to contain the Coronavirus threat. Awareness of emerging threats and comprehensive visibility across the newly expanded environment are crucial.

Cyber criminals can take advantage of the situation by crafting phishing messages that look like breaking news about COVID-19, or warnings or updates from the company. The combination of the unique aspects of suddenly working from home and the fog of information in general will make users more susceptible to such tactics.

Machine learning and user behavior anomaly detection are essential for this scenario. The ability to quickly analyze an overwhelming volume of signals and data and identify traffic or actions that seem suspicious or unusual will enable IT teams to avoid alert fatigue and ensure that issues that require attention don’t slip through the cracks.

Cyber security tools and machine learning algorithms alone are not enough, though. The human element is imperative as well. You need cyber security experts with the skills and experience to recognize threats and malicious activity—to provide context and prioritize the issues that are most urgent. You also need to monitor around the clock because bad guys don’t keep normal business hours.

The global response to the COVID-19 pandemic is uncharted territory in many ways. As companies take action to protect employees and contribute to the broader effort to limit the spread of the virus, it’s important to consider how a remote workforce expands the attack surface, and to ensure you have the right platforms, tools, and expertise to recognize and respond to threats that arise.

Staying Secure While Working from Home
Start by reviewing cyber security policies and best practices with employees. Make sure that the devices—whether company issued laptops or personal home PCs—used to connect to the corporate network have endpoint protection in place. Leverage machine learning and user behavior anomaly detection to actively look for suspicious or unusual activity and separate the signal from the noise. Finally, augment technology with human intelligence to accurately prioritize and effectively respond to threats.

The current situation is extraordinary, and it has caught many companies and workers off guard. As we all come together as a global community to limit the spread of Coronavirus and flatten the curve of the rate of infection, organizations have to adapt quickly to a new model with a mostly—or completely—remote workforce. With a little focus on the basics, you can ensure that your workers remain productive without sacrificing security.

Learn more about Champion’s security services at: https://championsg.com/security

 

PREV

The Most Pragmatic Approach to IT Security: Secure Your Credentials and Data

NEXT

What's New In BigFix 10

WRITTEN BY:

Erick Bacallao joined Champion Solutions Group in 2015 after a career of Software Development in Cuba at the National Cancer Care Institute of Cuba, followed by moving to the States with allAware.

 

Champion acquired allAware and its properties and Erick has utilized his extensive background and expertise in IT and Software Development to rise to VP of Product Development in less than 5 years. During this time, Erick has been involved with key projects that led to the launch of numerous products including CSP Boss, Inscape platform and 365 Productivity Insights.

 

Erick has a Bachelor of Science in Computer Science from the University of Havana. He won Gold Medals for Programming from the Ministry of Education in Cuba, and he is certainly still a Gold Medalist for Champion!

 

As President and CEO, Chris is responsible for the development of key strategic alliances and solution portfolio. He leads Champion’s go-to market and execution strategies for integrated offerings in the cloud, in security, and in digital infrastructure, always focusing on improving the customer experience and driving transformative business outcomes.

 

He also aligns key partner initiatives with company strategy and oversees corporate marketing and messaging to gain mindshare with customers and partners. It’s his vision and innovativeness that have catapulted Champion up the ranks to become a $100M+ organization—and one of the most respected solution providers in the industry.

 

Over the past two decades, Chris has also focused on mergers and acquisitions, as well as innovative product development. He is the original founder and an active member on the Board of Managed Maintenance, Inc., a SAAS provider and consulting firm that utilizes their award-winning One-View Portal to help the IT Channel and its customers manage their IT Maintenance.

 

Chris is also the original founder and chief strategist behind one of the original storage cloud providers, Storage Access / BluePoint. During the course of a few short years, he had raised $20M and took that company public on the Toronto Stock Exchange. It has since been acquired by Pomeroy.

 

In 2012, Chris led the acquisition of MessageOps and continued the product development and worldwide launch of its premier SAAS, 365 Command. Built on Microsoft Azure, 365 Command is currently managing over 1 million seats of Microsoft’s Office 365. After achieving this phenomenal milestone, 365 Command and other MessageOps O365 utilities were sold to Kaseya.

 

Over the past 35 years, Chris as worked tirelessly to not only advance his own career, but those of his employees. In addition to leading a $100M organization, Chris can also be found sitting with sales teams, cold calling and coaching, and validating why Champion has been listed on Best Places to Work by both South Florida Business Journal and Computerworld.

Ultimately, the success garnered by Champion Solutions Group, its associated companies, and their employees is due in large part to the leadership of its President and CEO. Perhaps the most fitting award Chris has earned is South Florida Business Journal’s 2013 Ultimate CEO Award.