Staying safe at home: guidelines for IT security during the pandemic

To reduce the spread of the pandemic, governments and enterprises are asking millions of employees to work from home. Criminals have responded with attacks designed to exploit weaknesses in the security protections that home-based employees possess. Phishing, tech support and COVID-19-related attempts are rife.

Why are remote workers targets?

The move to working from home happened fast. Workers and enterprises had to quickly pivot to homeworking, often using personal equipment, and sometimes on hardly any notice. Enterprises have less control over the IT used across their company with employees potentially using unpatched or insecure equipment or networks. This leaves homeworkers vulnerable to all manner of attacks.

For criminals, remote workers are a tempting target. Not only are they frequently using personal devices and email for enterprise-related data, but they may be doing so without access to the same security protection. Even where corporate assets have been provisioned in support of home employees, the swiftness of the move may hold additional risks.

Bad actors want to exploit the opportunity of these and other risks.

The scale of the threat

At Orange Cyberdefense, CERT (Computer Emergency Response Team) has seen a spike in COVID-19-related malicious email campaigns. In one week, malicious emails focused around the pandemic were around four times greater than normal for that category of malware. Charl van der Walt, Head of Security Research at Orange Cyberdefense, also warned of brute force attacks against home routers, including attempts to redirect DNS systems to send users to dangerous web pages.

Geo-political attacks are also escalating, some of which target healthcare IT systems. These attacks comprise everything from phishing to watering hole attacks to ransomware attempts.

How can my enterprise protect itself?

We can’t control the threat, but we can manage the risk. Much of what we are facing is not new. The attackers and vulnerabilities are the same.

Orange Cybersecurity recommends taking these actions to protect against the current threat landscape:

• Establish emergency response procedures and systems
• Establish a security support hotline
• Review backup and disaster recovery (DR) procedures
• Educate users
• Provide secure remote access
• Establish visibility over remote endpoints
• Consider malicious mobile applications
• Patch and harden remote endpoints
• Review your insurance

While it’s beyond the scope of this article to explore each of these recommendations in depth (but do take a look at this in-depth white paper), these are the key points:

1. Think smart

Security isn’t just about reducing the risk of attacks, it's also about how to respond to them in the event they take place. Essentially, if we assume attacks will take place, we should plan how we will respond to them. Take ransomware, for example. How would your company deal with a successful ransomware attack? Would you pay, and with what? How would you negotiate, and who would manage your response? What are the implications of your policy on your cyber-insurance agreement, and does this need to change before any such event?

To be prepared for security attacks exploiting the pandemic, you will need to develop detailed response plans and procedures for the phishing, credential stuffing and ransomware attacks that are circulating on the back of it.

Your plans should extend to policy, response management and mitigation, as well as establishing security support lines and disaster recovery.

2. Smart employees

Education matters. Your employees must be security aware. This extends from simple advice, such as not clicking on links in unrecognized emails, to ensuring security software updates are installed on devices used for work. Remind employees to be vigilant, give them accurate information and ensure your teams know who to call in the event something goes wrong.

Password management is another challenge. Encourage users not to re-use passwords or to install and use password managers.

This need for education and positive partnerships extends to your suppliers, distributors and partners to help prevent so-called supply chain attacks, which accounted for over 60% of adverse cyber events in 2019.

The more you work supportively with all your partners and stakeholders, the better protected and better informed your company will be. All parties are facing crisis, so it matters that they know what to do in case of emergency.

3. Smart equipment

Most homeworkers are using their own mobile devices and computer equipment. This raises a host of vulnerabilities. Cybercriminals frequently target home routers. If they penetrate these, they may try to redirect DNS requests to phishing or watering hole attack sites. One solution is to control the DNS servers that workers use, whether by using VPN configurations or directing them to hardcode DNS resolvers on their routers.

Company employees are unlikely to be directly connected to your storage systems. This makes it likely there will be a build-up of locally stored data, which means there may be a place for strategic use of cloud-based storage systems (even Dropbox) in order to move data out of employee homes and back to your core systems.

Perimeter-based defenses are inevitably damaged by the fact that millions are working remotely. One response is to beef-up endpoint security using solutions such as Microsoft Sysmon or commercially available endpoint protection tools.

Information sharing and partnerships may also help mitigate the risk. Liaise with your suppliers, service providers and competitors to create security-focused groups. If one entity is attacked, put systems in place to warn others. There are government entities that can provide support in the event of attack, such as NCSC (UK) or ANSSI (France).

These are just a few ideas around securing your enterprise during the pandemic. For much deeper insight, please explore our extensive white paper, COVID-19: A biological hazard goes digital.