IT systems are being tested like never before. With several states loosening shelter-in-place restrictions, some organizations aren’t ready for business-as-usual and view the work-from-home model as a long-term option.
While many contingency plans are working, information security and vulnerability management programs are being put on the back burner.
In this Q&A feature, Stinnett’s Data Privacy and Cybersecurity team touches on what your business can do to stay on top of information security controls.
Does working from home introduce new vulnerabilities?
Working from the office has the benefit of centralized client protection measures, yet remote workers are not afforded the same protections. Employee network traffic can be carefully monitored for suspicious behavior at the office but requires all traffic to flow in a controlled and centralized manner.
When working from home, the network traffic now comes from the employee’s home with few traditional monitoring options available. Lacking this ability, employees and your systems are at a greater risk for cyber attacks without any oversight.
How can we secure employee’s laptops while working from home?
This question is two-fold. You must protect the workstation as well as communications. The best solution is to provide each employee workstation with endpoint protection.
Endpoint protection software generates individual detailed logs. Capturing and storing these logs on a Security Incident and Event Management (SIEM) is the recommended strategy for gaining insight into the security of all your workstations.
Modern-day SIEMs offer a large array of functionality, including machine learning-based analytics and will:
- Provide a central repository for log storage
- Correlate events to help identify attacks and unusual behavior
- Report anomalies
- Analyze the risk of events to help prioritize work
How do we secure communications on employee’s laptops?
Virtual Private Networks (VPNs) are a popular option to protect employee communications over insecure networks (e.g. public internet, home networks). VPNs are often configured with weaker encryption algorithms leaving them insecure, but able to perform faster encryption.
Tips to overcome security issues:
- Use strong encryption algorithms
- Avoid broken encryption algorithms
- Use long encryption keys and modern hardware capable of the usage demand
- Stay on top of vulnerability management for any VPN solution
- Utilize Multifactor Authentication (MFA)
How can we efficiently manage vulnerabilities?
Properly managing vulnerabilities requires three components:
- A fully mapped attack surface and inventory of systems
- A managed vulnerability scanner and logging system
- Security professionals to manually verify vulnerabilities and alert IT staff on positive findings
Due to working remote, the attack surface of your organization has changed and so should the scope of your vulnerability management solution. Without an accurate picture of the new attack surface and an inventory of all systems, including any VPN endpoints, a vulnerability management program can miss key findings.
The scanner must also be properly configured for the environment being tested. An improperly configured scanner will give a false sense of security and not reveal vulnerabilities that could have been present for years.
Should we still test security controls?
Testing security controls is at an all-time critical high! Information Security groups should examine controls around remote access, vulnerability management and monitoring. New controls may need to be implemented to enforce and strengthen defense strategies. This must include manual security control testing such as network penetration testing combined with your organization’s vulnerability management program to increase the effectiveness of both protective measures.