The rapid transition for many companies to mobile working has increased the attack landscape for cybercriminals. Companies are forced to take care of a multitude of attack vectors, with attackers able to specialise in individual vulnerabilities and gateways. Even when working from home, a lack of awareness among employees often leads to serious security problems. According to a survey by KPMG and Harvey Nash from October 2020, spear phishing attacks have increased by 87 % since the beginning of the pandemic. This once again highlights the importance of cybersecurity awareness in the new area of remote work. Even though the rapid changeover has left little time for developing sophisticated security strategies, companies can take an important first step towards an increased level of information security by introducing simple measures that can be easily implemented.
The following points provide a summary overview of easy-to-implement measures that every company should take:
- Create a secure framework
Companies should have policies and procedures in place that leave as little room for interpretation as possible. These should be provided in writing and reviewed and accepted by all employees.
- Cybersecurity awareness
The partially existing security guidelines and organisational requirements in companies may contribute to an increased level of protection in theory, but these are usually not sufficiently observed in practice and are thus undermined. Human beings are now considered to be the biggest security gap. Awareness measures in the form of online training and attack simulations to educate employees are vital. This is because these campaigns convey the value of the information to be protected and help draw attention to the risks.
Setting up a secure communication channel, e.g. via secured virtual private networks, is essential. Depending on your requirements, free options can be used, or commercial providers can be consulted.
- Information protection
It is important to protect the home office workspace from unwanted attention. Therefore, employees should be sure to lock their work area when leaving and to not allow third-parties to look in, e.g. through windows.
Hardening IT systems
If work equipment provided for mobile working is not securely configured, there is a risk of violating various IT protection goals. Accordingly, it is necessary to harden the systems used. Particular attention should be paid to ensuring that the software used is up to date and that a firewall is in place. Under certain circumstances, it may be necessary for employees to use private notebooks. This should only be considered in an emergency. Since the implementation of measures must then usually be carried out by the employees themselves, precise instructions and training are necessary in order to minimise this additional attack potential.
Encryption of mobile devices and portable IT systems
Mobile workspaces are usually not sufficiently secured to exclude physical access to hardware. Working in a café or on the train can also lead to the loss of end devices, e.g. through theft. For this reason, all portable IT systems, data carriers and mobile end devices should only be used in encrypted form.
Logging and analysis of events
Any remote activities should be assigned to the appropriate users and any anomalies monitored with security tools, e.g. SIEM/UEBA. In order to work productively when working remotely, it is necessary to download data to computers/drives. The logs of the most important exfiltration points, e.g. VPN, Office 365, should be monitored and analysed in order to detect possible data protection breaches at an early stage.
When monitoring access authorisations, particular attention should be paid to anomalies, such as:
- the use of expired user accounts which are still active,
- illogical extension of authorisations,
- use of suspended user accounts.
Furthermore, the unauthorised transfer of access authorisations should be regulated with a policy and violations sanctioned. Often, lengthy approval processes are circumvented by passing on access authorisations. The following are examples of such violations:
- Users who attempt to log in from several locations at the same time,
- Users who are logged in and attempt to log in remotely.
Securing printers and multifunctional devices
Ensuring that multifunctional devices and printers are secure is often overlooked. Most households nowadays have a multifunction device that is connected to the private network via Wi-Fi. If several people in the household access the same printer, it is more difficult to ensure the required security measures. The most sensible thing to do is get a cheap second device that is only available for the home office. The second device should be connected to the workstation via LAN and only be used for business purposes, thus minimising the security risk.
Where possible, efforts should be taken to set up multi-factor authentication for all applications to increase security. Especially the access for employees to SharePoint, Google Drive etc. should be secured by multi-factor authentication.