The outbreak of the COVID-19 pandemic has forced most of the companies to operate with their employees working from home. The home working setting is not always suitable for the company as the network used for formal communication can lack the required security.
The most important element of effective security in a time of change is to realize that while you can do anything, you can’t do everything. The job of security is not to eliminate all risks, because all threats are not equally dangerous or likely, and they won’t all be exploited at once. Discuss risk early and often, and revisit triage on a regular basis. The risks you face today will not be the ones you face next week or the week after.
Here are four major risks businesses need to address to get ahead in this period of adjustment:
Hackers can Manipulate VPNs
Virtual private networks, or VPNs, have become the new lifeline for many businesses, extending encrypted networks to homes. However, many home networks are already infected with malware or compromised hardware that can be exploited for staging attacks through machines with VPN termini. A compromised identity or a machine, especially when behavioral baselining on the backend is in flux, can allow hackers to piggyback through the VPN.
Endpoint First, then Mobile
Although there are many endpoint challenges, the first priority is to ensure critical business processes recover. Then, make sure the new enterprise footprint is brought into the fold from a policy and control perspective. Next, focus on mobile, which is the most pervasive and ubiquitous platform in our personal lives. Employees who have to learn new devices and applications will turn to their phones even more than usual because they feel familiar.
Information can be Weaponized
- In the past few weeks, attackers have started taking advantage of human weaknesses. For example, hackers developed a malicious mobile application posing as a legitimate one developed by the World Health Organization.
- A vulnerable person could easily mistake this malicious app for a real WHO app. Once installed, the application downloads the Cerberus banking trojan to steal sensitive data.
- These types of attacks essentially weaponize tools and information, because they can easily be done with applications that provide legitimate benefits, too.
Physical location matters again
When employees take their machines home or use their home machines for work, those machines now sit in a physical and digital space unlike any within the office. Between routers, printers, foreign machines, devices, gaming consoles and home automation, the average home has a more complex and diverse communication and processing system than some small companies.
Security is never “finished” because the opponent is never finished; cyber criminals are endlessly innovative and adaptive. In the words of Winston Churchill, “Never let a good crisis go to waste.” Use this as the chance to start a new, ongoing security dialogue within your business.