IT Directors: 7 Strategies to Secure Your Network for Telecommuting

IT Directors: 7 Strategies to Secure Your Network for Telecommuting

During the massive shift to telecommuting due to COVID-19, companies quickly adapted by implementing telecommuting solutions. However, security hasn’t been a top priority in most cases. This is exposing companies to a range of threats such as brute force attacks, phishing, ransomware, data exfiltration, etc.

In addition, many employees access the corporate network via their personal machines while telecommuting, which multiplies the risks to your network.

It’s is clear today that telecommuting isn’t going anywhere. So it’s up to IT and cybersecurity managers to beef up their network security to minimize the risk of remote work and telecommuting because the number of attacks by cybercriminals just keeps climbing.

The good news is that you have the opportunity to better protect yourself from cyberattacks in a telecommuting environment. So here are our recommendations for enabling secure telecommuting.

1- VPN access via Multi-factor Authentication (MFA)

Allowing users to remotely connect to the corporate network by entering only a password entails several cybersecurity risks. For examples:

A hacker can use an automated tool that will test multiple password combinations hoping to find one that is valid in your network. This kind of attack, called brute force, is easy to perform and is one of the most observed attacks. 99% of burte force attacks are launched by robots (botnets) that scan the Internet 24/7 without any human intervention. Meaning you are constantly being targeted and it is only a matter of time before a valid password is found in your network.

Your corporate information (including passwords, e-mail addresses, or user names) may be for sale on the Dark Web. This information can be collected by several means: hacking a third-party site where you are registered. Without MFA authentication, a malicious actor can buy your corporate information on the Internet and remotely connect to your network by taking the identity of an employee, which could, for example, allow him to deploy ransomware in your network.

Solution: Due to the high risk of intrusion into your network if you use password-only authentication, we strongly recommend that you switch to multi-factor authentication (MFA). When a user uses MFA, when they log in, after entering their password, they will be asked to enter an additional string of characters (token) that would have been sent to their smartphone. This token can be sent by text message, email, etc. Since you are the sole owner of your smartphone, the hacker will not be able to access the token, and therefore, will not be able to connect to your network.

Use VPNs for remote access for telecommuting. Avoid RDP-type solutions (remote desktop, port 3389) because they are not very secure and are widely exploited by hackers. We strongly advise against the use of remote access via RDP.

2- Manage endpoint security vulnerabilities and ensure that computers are up to date

Most cyber-attacks exploit existing security vulnerabilities. And every day, new vulnerabilities are discovered, which increases the risk. You need to constantly ensure that significant vulnerabilities are identified and patched in your network, whether on servers or desktops. It should be a top priority!

Solution: Perform security vulnerability scans regularly (at least once a quarter) and patch all vulnerabilities starting with the most critical ones. You should also do regular updates on your servers and computers whenever they are available, in order to constantly enhance their security. If you do not have the internal expertise to manage security vulnerabilities, Streamscan offers this service (included in our MDR Security Monitoring solution).

3 - Offer antivirus to users who telework with their own devices (BOYD)

With the shift to mass telecommuting, many employees are using their own computers and devices to telecommute. While it is possible to have strict control over corporate endpoints, IT teams have no idea of the actual security level of personal endpoints used to access the corporate network while telecommuting. According to our observations, personal terminals are very often not very secure: sometimes they have expired antivirus programs or none at all, security patches may not be applied, multiple users may have administrator privileges, etc. However, the compromise of a single vulnerable computer can allow a hacker to enter a network and take control of very sensitive systems (database servers, domain controllers, etc.)

Solution: You should assume that the personal computers used to access your network are potentially weak and put you at risk. At the very least you should check with each user if they have a good antivirus program on their computer. If you don't have confirmation, offer the user an antivirus to enhance the security of his terminal. This will be one of the best investments you will make this year.

4- Deploy a detection agent on all computers used for telecommuting

Internet browsing habits have changed a lot with the massive shift to telecommuting. Employees now have the ability to surf the Internet without going through the corporate network, which bypasses all the Internet browsing protection mechanisms in place (commonly called Internet browsing filters). These tools ensure that the user only connects to websites that are considered safe. Without web filtering, the risk of infection or hacking of a computer skyrockets.

Solution: Endpoint Detection and Response (EDR) technologies are designed to meet this need. They are installed locally on each computer, to detect and block malicious activities. For example: attempts to connect to malicious websites, data exfiltration, malicious lateral movements, etc.

The EDR does not necessarily replace the antivirus and they are very often complementary. Just like antivirus, we strongly recommend that you offer an EDR to each of your employees who access your network via their personal computer. As a rule of thumb, all corporate computers should have an antivirus and an EDR.

To understand the difference between these 2 tools, please consult our Antivirus or EDR blog post.

5 - 360 visibility and 24/7 monitoring of your network security

You can't protect against what you can't see. Every computer that is not in your field of vision is a blind spot that can be exploited by a hacker to enter your network and infect you with ransomware for example.So you need full visibility on your network security at all times, server-by-server and computer-by-computer. This 360-degree global visibility will allow you to quickly identify suspicious activities and eliminate them at the source to prevent them from contaminating the rest of your network, or turning into an incident.

Solution: You Should have an intrusion detection tool (IDS/IPS/NDR) that protects your network perimeter (like StreamScan’s CDS) and local detection agents on each computer (EDR, local IDS detection agent, etc). You need to monitor 24/7 all security alerts from all security tools in place in your internal network and in the cloud. Don't forget to include O365 in the scope of your security monitoring, it is one of the most commonly exploited doors by hackers today.

6 - User awareness

With massive telecommuting, the risk of phishing has increased significantly. In addition, personal devices used for telecommuting just aren’t all that secure, which increases the vulnerability of your corporate networks.

Solution: Organizations need to raise awareness of cybersecurity risks with employees more frequently (e.g. once a quarter). Awareness needs to cover all the means potentially used by hackers to find victims: email, text messaging, social networks, telephone, etc. and must cover at least the following elements:

Phishing
Installing only approved applications (or those with a secure source)
Risks related to e-mail (attached files or dubious links)
Risks related to Internet browsing
The need to separate professional and personal browsing

7- Have an incident response plan

Cyberattacks are an inescapable reality in today’s world and you need to accept and plan for the fact that one day you will be the victim of an attack. Therefore, you must prepare yourself in advance in order to react efficiently and energetically the day you are targeted.

Solution: you must define an incident response plan. This plan must clearly describe the actions to be taken in case of cyberattacks, step-by-step. You should test your plan regularly (at least once a year), to make sure it works.

Important point: if you don't have the in-house expertise to handle security incidents, don't try to cobble together or improvise, as this will only increase the damage during an incident. Cybersecurity firms specialized in incident response such as Streamscan offer a Retainer service that allows you to get quick support (3 or 4 hours maximum) in case of an incident. This type of service guarantees that incidents will be handled and managed by experienced experts in record time, allowing you to quickly get back to production.

How can Streamscan help?

We have years of experience providing network security, through security monitoring, and incident response. As a result, we constantly see the methods hackers use to penetrate networks, as well as the security weaknesses that are most commonly exploited, especially in the telecommuting environment. We can help you enhance your security and protect you from hacking in today's highly telecommuting environment.