Covid-19 has forced businesses to send their employees home, and criminals all over the world saw it as an amazing opportunity to steal data and wreak havoc among organisations everywhere. It seems the disease won’t be going away any time soon, so businesses need to strengthen their security posture going forward. Technical Lead within Cisco’s Talos Security Intelligence and Research Group, Martin Lee, discusses the possible risks and ways to make our collaboration technology safer.
What are the risks in not working from home securely, and in using consumer-grade tools in the enterprise?
Employees need access to sensitive networks, files and data in the course of their jobs. But accessing these from home carries additional security risks when compared to the typical office environment. Devices may be shared and used by other family members, Wi-Fi networks may be insecure, network infrastructure may be unpatched. For enterprise IT teams, allowing new connections to corporate networks that are home-based increases the number of potential cyber-threats.
There’s also a behavioural element to consider. Working from home, many staff can feel more relaxed and at ease, and as a result might not be quite as cautious of what they’re clicking on as they might be in the office. Additionally, there aren’t co-workers nearby to quickly ask for advice. This ‘dropping of their guard’ offers ripe opportunities for phishing and malware that take advantage of user actions.
Consumer-grade tools may seem convenient. Employees might be using some services in their personal lives already. However, data management and security may not reach the same standards of enterprise-grade software. Don’t forget that if you’re using a free service, chances are that your data is being analysed and resold to fund the platform. Overlooking security requirements in haste to get something up and working will always cause problems once the “quick fix” becomes a long-term solution.
What are some of the ways collaboration technology can be made more secure?
Collaboration tools need features like end-to-end encryption, dedicated meeting room IDs, and password protected meetings in order to be made secure. Simple housekeeping by the meeting organiser is also a must. Make sure that everyone who is supposed to attend is present, and that any unidentified attendees are removed before the meeting moves to discuss confidential matters.
Collaboration software is no different from any other software in that vendors need to fix vulnerabilities promptly once they are discovered, and IT teams need to ensure that these updates are applied promptly.
How can IT leaders keep themselves on the front foot when it comes to security during this current situation?
Remember that the fundamentals of security have not changed. With an increase in remote users, you still need to know where valuable information is stored, how it is managed, and whom has access. Remote devices still need patching, and backing-up.
Authentication of users is a priority. In a home environment, devices may be shared between household members potentially leading to unauthorised individuals accessing confidential systems. Two factor authentication and timing out session after a period of inactivity helps ensure that the person using a device and accessing systems really is genuinely authorised.
Visibility remains key. Having the ability to observe how networks and systems are being used allows teams to deliver extra functionality where it is required and allows any anomalies to be identified and investigated as potential security issues.
What are Cisco seeing from a threat perspective? How have cyber-threats evolved to take advantage of our current situation?
While it might feel like cyber-threats have increased, we’ve actually seen remarkably little change in the threat landscape. However, what we have seen is the use of Covid-19 themes within the social engineering lures used to trick users.
Malicious actors are always taking advantage of the latest concerns and news topics to grab users’ attention, and the current virus crisis is what’s front of mind right now. By using this to trigger emotional or rapid reactions, users can be coerced into making mistakes – whether that’s clicking on a link, inputting sensitive information or making payments.
What role do employees have in combating cyber-threats from home? How do you best educate them, and what advice do you have for them?
Any consideration of security must also include the employees themselves, as they have an important role in protecting themselves and the organisation they work for. Many of the actions they can take are simple, being aware of common threats, or locking their laptop when not in use. Some require more understanding, such as only using approved systems to store and share work data instead of the tools that use to share information with friends and family.
Working remotely, it’s easy for employees to forget basic security steps. Now is a very good time for security teams to remind users of basic awareness of promptly installing software updates, backing up systems, or ensuring data is only kept on systems which are regularly backed up. It is also a time to ensure that staff who are unsure or who have queries know where to address these questions and get responses from security teams.
How does keeping safe and secure online for work translate into personal life as well?
Security is all about knowing what to protect. With our increasingly digital lives, take a moment to review what services you use which if compromised could cause you harm. The most valuable services, such as any online financial service should be secured with two factor authentication. Check which services are linked directly to your debit or credit card, and either add two factor authentication to these, or consider if you really need to have your card information stored.
It’s good practice to review the personal information that you might have inadvertently stored in your social media or personal email accounts. Remember if the information isn’t stored, then it can’t be stolen. I was recently horrified to find that I had forgotten to delete a scan of my birth certificate from the sent items folder of my personal email account. This prompted a long overdue spring clean of what I was storing in my email accounts, so that anything which could be used for identity theft was removed.
Do you think this situation will give IT teams any long-term lessons about security for the future, following the lockdown?
The last few months have emphasised that the only constant for IT teams, is rapid, and frequently unpredictable change. IT teams have worked heroically to support remote workers and keep business functions ticking over under incredibly difficult conditions.
The ability to rapidly innovate and support change is enabled by having well architected systems that have been built to scale when required. Good security has proved to be an enabler of the move to remote working, allowing users to authenticate themselves and access the data and systems that they need from home.
When we look back at what has worked during this time, I think that we will find that the systems which worked best, were those that were simple to use and configure, friendly to end users, and that gave control and visibility to security teams.
Martin Lee, Technical Lead, Talos Security Intelligence and Research Group, Cisco