Governments around the world recently began introducing previously unseen restrictions on the freedoms of individuals during peacetime with the aim of reducing the impact from the outbreak of novel Conronavirus COVID-19. These restrictions include travel bans, forced closure of businesses, mandatory isolation and generally encouraging people to stay at home. These changes are impacting the lives of millions across the world and they might just be impacting the cyber security landscape too because these new distancing measures have given flight to an unexpected social and economical experiment; millions working from home.
Office workers across continents suddenly were no longer allowed to leave home or otherwise politely asked not to if they could help it. Computer hardware stores like BestBuy and Walmart alluded to changes in their operations to keep up with the demand for work from home equipment. Businesses needed to enable their workforce to work remotely or not at all, a new experience for many of them.
Fast forwards a few weeks and we have millions of people working remotely accompanied by computer equipment most likely provided by their IT department, we assume mostly laptops, tablets and surfaces. These devices are no longer protected by the advanced, expensive security tools and practices that are in place at the office.
Cyber security teams should take action to ensure the continuity of their security posture in this new remote landscape. Below are some (hopefully) provoking questions to get you started. Can your organisation comfortably answer them?
- Are your devices physically secure?
We cannot expect our work from home employees to install swipe card systems at home, we must assume their devices are in a more precarious situation than ever before. Would the devices your team are handing out to staff withstand a physical attack? Are the hard drives encrypted? Is the BIOS protected from tampering? Could company data easily be stolen?
- Do your security sensors work outside the network?
With your devices outside the LAN can your security tooling still send telemetry in for alerting purposes? Do clients have to be on the VPN for security data to flow? Will you get anti-virus or EDR alerts for malicious activity on a machine in a home office?
- Is patching possible?
Are the the devices you provisioned for home working current on their patching and can they be remotely patched if a critical, easily exploitable vulnerability is disclosed? Can you certify that patches were installed?
- Internet filtering
Now user devices are outside the network they are most likely not going to be protected by corporate firewall policies and geo restrictions. Does this mean your endpoints are at greater risk? Are any ports now open that shouldn't be? (445 maybe?) Is the host based firewall enabled? Is there any web content filtering on the host? (I recommend at least installing uBlock Origin across the estate) Can users browse to questionable websites in their new home office?
- Software Installation
With no IT department at home and the internal IT department probably flooded, users will undoubtedly begin searching the web for help. Grabbing software from a Google search page at this point is very likely. Can your organisation reliably control what users can install? Do you manage a trusted repository of software that users can access? What if your Chief Financial Officer needs an Excel addon right now, can you check its safe and provide it to them in a timely fashion?
- Mass storage
Users have just brought home a shiny new and probably high spec laptop, how long will it be until they need to backup a phone or store some family photos just for a little while? Undoubtedly some home users won't be able to resist that open USB port. Are you blocking mass storage? Can you provide proof that its working?
The list does on and on, although not exhaustive hopefully these questions give cyber security teams something to chew on. The corporate workforce is changing, perhaps for good. Is your team ready? If not, check out this excellent guide to remote working best security practices, published by the UK government. We recommend checking it out if you are trying to get to grips with the above questions.