INSIGHTS FROM ENGINEERS
Assessing Functionality and Restoring Security
In the middle of March, state by state, shutdown orders sent all businesses scrambling to find a makeshift plan to keep business functional in a dysfunctional situation.
The COVID-19 pandemic shock left many businesses making last minute decisions that were not the best for security. Many businesses did not previously have an ability for their workforce to remotely access their corporate infrastructure. Workaround strategies ensued. Yet these jury-rigged decisions left the network vulnerable to different attacks. It also normalized destructive practices that could ultimately result in the loss of money, data integrity, and operational time.
The installation of third-party remote applications, and pieced-together solutions, and even the act of allowing employees to take corporate desktops home with them, can all add up to network vulnerabilities. In other words, as employees return to their offices, they may be bringing with them some unwelcome problems.
But the issue is not merely addressing the post-COVID data security cleanup concerns, it is also essential that businesses not miss this critical moment to address how to make sure that this kind of a crisis never blindsides the business again. To make sure that, next time, the business can respond with no loss of time, no loss of security posture, and no loss of business communication.
Yes, now is the time to start the planning.
The Post-COVID Debriefing
Now that you have experienced the pain of trying to operate securely during a crisis, while the experience is still fresh and the debriefing process has the greatest clarity, assess your list of actionables.
- What changes do you need to make so that your users can operate more securely and more mobile?
- Are your applications running in a static environment without any redundancy?
- Are your users required to VPN to access their applications and files?
- What pain points came up during the pandemic?
- How did you collaborate with your users and customers during the pandemic?
- Did you give out personal cell phone numbers to your employees, vendors, and customers?
- Were your users productive during this time?
- Were there connectivity issues with applications, email, files, VPNs, or phones?
- Did you lack a conferencing platform that worked for your business?
Was Your Network Compromised as a Result of an Unplanned Remote Network?
Most COVID Scams were not this obvious,
And they did a lot of damage to businesses.
Was your business attacked in any way during this time? We had several incidents reported to us where the business was exploited. It is important to do a review of whatever mitigation efforts took place during this time that the network was managed in an abnormal way:
- How did you handle the incident?
- Was there a loss of data?
- Did you have a loss of business or capital?
Once you have re-assessed what you have done, and what losses you weathered, then ask the questions:
- What are you going to do to resolve these issues for the future?
- Do you have a solution planned out?
Now is the time to plan it.
- Do you know the cost of this solution?
Is it scalable for your organization? Now is the time to make room in the budget to invest for it.
Common Remote Workforce Problems We have Seen
There are a host of scams that went into operation to take advantage of the pandemic mayhem. If you were impacted, you are not alone. Here are some important takeaways for your consideration:
- Incident Response – Do you have a clear report and logs of what happened?
For example, we worked with one company that received an email that appeared to have the same email name and signature of an existing vendor. That vendor had been compromised, which resulted in their email system sending a copy of all correspondence (both emails received and emails sent) to the bad actor. Meanwhile, the bad actor registered a similar looking domain name so as to “spoof” the vendor’s emails, posing as the vendor. The bad actor had gone through all the usual steps to assume the appearance of credibility, down to a completely cloned signature of the original vendor.The bad actor then starts up a correspondence with the company, including the attachment of an invoice – an invoice of work that the company recognizes, since the bad actor has been privy by spying on email correspondence of all the work the company has been doing. This brand of Business Email Compromise (BEC) is a kind we explain at length in our blog article, called the Bogus Invoice. It leads to an employee paying an invoice that, indeed, was probably already paid to the vendor, now going to the bank account of a criminal.So in this example, the lesson is this: A company with an Accounts Payable department consisting of two or more employees, operating out of two or more homes, can mean a breakdown in communication that would have prevented this scam. These are the kinds of incidents that should be reviewed, and plans prepared in advance of the next crisis.
- Devices and Security Complications as a result of Work-From-Home
Something that I eluded to earlier was some companies were sending users home with desktops or workstations from the office.When the computers are brought back to the office, it is likely that there were some problems:
- First, the system (which belonged to the local active directory) has not been connected to the domain controller in so long, with the result that it has lost trust with the domain. This will require an administrator to join the computer manually back to the domain at the office.
- Second, if the computer was used by the end user to access personal things, it might have gotten infected. Or, it spent time on the same network at home with the other computers in the house, and possibly infected with malware, ransomware, or command and control software. Which means the office computer is not an infected business work station. Once it comes back to the office, all of the other computers and servers get exposed to this.
- If all of your security software, updates, or group policies were on the local network or domain your system have a good chance of being exposed or compromised.
- If it has been longer than the password required time to change for the users to change their passwords on the domain, they are probably locked out. With a computer that is no longer trusted, this isn’t going to resolve itself very easily without an administrator to get it resolved.
- If the majority of the systems are like this, your users could be down for quite some time.
Most Important Tools to Protect Your Network Moving Forward
There is a strong possibility of infections inhabiting various business devices, while they were operating offsite. The rate of incidents are high among devices that did not have right tools in place to protect them. These two tools are the essentials of network device protection:
- DNS filtering
- Endpoint Security
Together these can give you visibility you need to screen every remote device before bringing them back into your corporate network.
If you have these in place already, review your logs and dashboard and determine if each device is safe before bringing it back into the office.
If you don’t have DNS filtering or endpoint security, now is a good time to start a trial. At the very least, utilize a trial period as a screening device to at least temporarily safeguard your company data and applications. Even if you feel it is cost-prohibitive at the moment, for the sake of the life of your business, you will want to plan for the investment of these two security functions as soon as possible.
There are a lot of bad actors out there, and they prey on businesses that leave themselves vulnerable. Don’t let your business be their prey.
DNS Filtering and Endpoint Security can give you the visibility you need screen every remote device before bringing them back into your corporate network.