How to Setup Your Remote Workforce and Defend Against Cyber Attacks

This article provides actionable steps that GPSG’s Cyber Team is sharing with our partners in light of the COVID-19 pandemic to help them transition to a remote workforce while maintaining their cyber defenses and managing the increased cyber threat from coronavirus-related online scams.

Business continuity and the increased need for return on cyber and technology investments is driving organizations to setup remote workforces. As COVID-19 continues to spread, IT and security teams are being asked to setup remote workforces quickly in the private and public sectors.

This can lead to misconfigurations and overlooked cybersecurity best practices that makes intellectual property and other sensitive corporate data vulnerable to cyber attackers or accidental exposure on the Internet.

Ensure Workforce Preparedness for Working from Home

The following recommendations can help your IT and security teams setup a secure remote workforce:  

1. Make sure your InfoSec team is working from the same, documented playbook. Ensure that the steps for setting up and securing each user for remote work are well documented and that each InfoSec team member has access to them and follows them. If your Infosec team has already been forced to work remotely, set up a secure communications channel for them to communicate live. If possible, seek to apply separation of experts (social distancing) of key team members. See NIST Special Publication 800-46 v.2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security, for more information.
2. For Windows admins, ensure just enough or Just-in-Time administration. This helps ensure that users only have escalated privileges for specific periods of time.
3. Confirm adequate supplies of of laptops and cables for your remote workforce with backups. Share those backup supplies with employees who are in a high-risk category for the pandemic, so they don’t have to travel to the site or electronics store to replace something, which could increase their health risk.
4. Properly configure corporate devices and ensure they are up to date. How will your remote devices stay updated? Formulate a strategy for your  InfoSec team and share it with your remote workforce for awareness. Consider home network connectivity speeds, configurations to be used, and property security protocols for shared equipment. See CISA’s Understanding Patches and Securing Network Infrastructure Devices for more information.
5. Consider your VPN infrastructure. Is your VPN infrastructure prepared for a significant increase in VPN accesses by the workforce? If so, for an extended period of time? In addition to bandwidth, consider license counts, countries with poor telecom infrastructure. For endpoint devices, use Next Generation Antivirus (NGAV) and consider offering strong anti-virus licenses for employee personal devices. See more information from CISA on Enterprise VPN security.
6. Enable whole-disk encryption on smartphones, laptops, tablets. Data encryption helps protect your information if corporate devices are lost or stolen.
7. Setup communications channels for employees to connect. Remember that not all users are used to working from home and the transition to working remotely may be more challenging for them.
8. Provide a channel for your workforce to report lost or stolen corporate devices. A BYOD or Mobile Device Management (MDM) policy should address how to treat sensitive data on lost or stolen devices prior to having to address an incident.

Prevent Cyber Attacks on Your Remote Workforce

The following recommendations can help your IT and security teams manage the increased cyber threat from coronavirus-related online scams against your remote workforce:

1. Use multifactor authentication (MFA) and strong passwords. If your organization doesn’t use MFA, start now to add an extra layer of protection. Do you have enough user licenses to support multifactor authentication? If not, start enforcing it with privileged users accessing sensitive Internet-facing business services and admin interfaces such. Then, prioritize MFA implementation for the highest risk users first vice trying to roll it out to every employee at the same time. See CISA’s Choosing and Protecting Passwords and Supplementing Passwords for more information.
2. Increase the filter on Junk Email or Spam. Temporarily making the filter more aggressive will likely catch more junk messages. It will likely result in false positives, however, it provides more risk management of email from phishing campaigns and other types of attacks during the period that more employees are working remotely.
3. Disable removable media channels. We have repeatedly seen intentional insider attacks conducted via open USB ports, whether unintentional such as agent.btz malware loaded onto Pentagon classified systems in 2008 or intentional such as the defense engineer attempting to sell satellite information to the Russians .
4. Provide a channel for your workforce to report suspected cyber incidents while they are working from home. Also provide them with cybersecurity training materials so they know what threats to be on the lookout for—-empower them to be your first line of digital defense from coronavirus-themed and other types of cyber attacks.
5. Optimize any behavioral analytics tools for users working with critical data. Update, whether manually or automatically, user behavior analytics tools for users working with critical data.
6. Encourage your employees to turn off proximity setting when they are not using them. Configure devices so that the user has to approve any connection request and turn off Bluetooth when not in use.
7. Increase workforce awareness of cybersecurity best practices at home. Regularly communicate with your workforce and remind them to use passwords, protect them, and refrain from sharing them. Remind them to lock screens when they are not using their devices. For more information, see GPSG’s 16 Best Practices to Prevent Social Engineering Attack and CISA’s Avoiding Social Engineering and Phishing Attacks.

These are not the only methods to set up your telework employees and try to prevent them from becoming a victim of a cyber or social engineering attack.

However, they help serve as a starting point or preliminary playbook for your InfoSec team’s efforts to protect your people and your organization during the shift to telework.

Contact GPSG at cyberteam@gpsg.co for a free consultation on setting up and hardening your remote workforce.

Disclaimer: This blog provides ever changing content, conversations, and insights on cyber threats and trending solutions that is accurate to the best of our knowledge. Although we are cybersecurity experts, we provide information which we hope is helpful, and do not endorse any specific products, tools, or solutions referenced herein. Consult with your cybersecurity team before taking any action.