Five tips to get security-ready for the future of remote work
FYI, this story is more than a year old
Article by Varonis Australia country manager Adam Gordon.
With the recent pandemic forcing most of us to work from home, we've seen an unprecedented increase in VPN access, in addition to the cloud through the likes of Office 365 and Teams. Business continuity has become the number-one goal for IT departments, and unfortunately, this has forced security to take a backseat – and attackers are taking advantage.
Home-based workers often log in from unsecured Wi-Fi, use unpatched personal devices, or turn to unsanctioned services tools to collaborate, communicate and share documents.
The remote work move has significantly expanded the threat landscape for cybercriminals. As the crisis continued, we saw a sharp rise in brute-force attacks against corporate VPNs and Advanced Persistent Threats, but also insider threats. It's likely that many companies have been compromised and simply don't know it yet.
We can't turn back the clock on remote work and it appears this is now the 'new normal', with offices opening with limited staff, and more employees embracing the flexibility and work-life balance improvements.
Here are five suggestions to shore up your cybersecurity defences in our new remote work age.
Know what happens in Teams
Microsoft Teams helps workers collaborate by creating and sharing files, folders, and more in the cloud, and understandably its use is exploding. But Teams also allows users – not administrators -- to call the shots. Users can spin up news teams, share files, invite internal and even external users, and share all kinds of information if the right controls are not in place. To complicate matters, files shared in Teams are then stored in new locations within Office 365. Teach staff about setting up Teams securely, restrict who can create groups and add users, and ensure you keep watch on the data that users share in Teams and where it ends up within Office 365.
Take a data-first approach
Data is the lifeblood of every organization, but most companies know very little about this critical asset. Your network file shares likely include salary information on employees, banking and payment information, business contracts and plans, intellectual property, and much more. Too often, data is overlooked and left open to everyone in the organization.
Should a breach take place, a hacker would gain the same access to your data. Visibility and context are key—know what you have and where it is, and understand how it may be at risk.
Restrict information access
Employers typically give their staff far more access to information than they need to do their jobs. In a recent report, we found that 53% of companies had at least 1,000 sensitive files open to all employees. Files typically multiply as employees copy, share, and resave information where it's often open to everyone.
When criminals steal user credentials, they gain access to everything the user has – and from there can manoeuvre at will, explore what's interesting on your network, access data, and more. Limiting access to data will help minimise potential damage when a breach does occur.
Get ready for more targeted attacks
Cybercriminals are focusing their efforts on specific companies, breaching their networks, and quietly searching for sensitive content. They will try to remain under the radar and steal critical files. Once they grab what they want, they'll hold up the victim for ransom and threaten to release the stolen files. Prepare by watching for unusual access and activity, especially during "off" hours.
Back up your critical data, and leverage automation to stop ransomware in its tracks. Should a ransomware attack hit your network at 3:00 am on a Saturday, technology will be the first line of defence.
Watch for signs of compromise
Remote workers should be leveraging VPNs and secure cloud services for work, which ensures that an employer can track and monitor data use. There is always the danger of employees accessing data maliciously, which is why close monitoring is so important.
If a user is logging into the network from two places at once, for instance, that could mean their account was hijacked by an attacker. Similarly, if a user starts accessing a lot of sensitive information they've never seen before, it should trigger an alert and investigation.
Remote work is shaping up to become a long-term reality. Attackers are well aware that companies are more likely to let their guard down when employees are remote.
Take steps now to understand and monitor your data, limit access, and prepare for possible compromise. Your data – and your company – depend on it.
Learn more by watching our Remote Work Risks webinar: Register.