By @NileshGavali, CISSP, Security+
Covid-19 – Teleworking Guideline
As You all are aware that not only, we should fear Corona Virus but also Security Viruses (Malware, Ransomware, Worms, etc.) so hygiene is most important part of IT team. Encouraging organizations to adopt a heightened state of cybersecurity when considering alternate workplace options for their employees. Remote work options—or telework—require an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network.
The following are cybersecurity considerations regarding telework.
• As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors.
• As VPNs are 24/7, organizations are less likely to keep them updated with the latest security updates and patches.
• Malicious cyber actors may increase phishing emails targeting teleworkers to steal their usernames and passwords.
• Organizations that do not use multi-factor authentication (MFA) for remote access are more susceptible to phishing attacks.
• Organizations may have a limited number of VPN connections, after which point no other employee can telework. With decreased availability, critical business operations may suffer, including IT security personnel’s ability to perform cybersecurity tasks.
Organizations to review the following recommendations when considering alternate workplace options.
• Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.
• Alert employees to an expected increase in phishing attempts.
• Ensure IT security personnel are prepared to ramp up the following remote access cybersecurity tasks: log review, attack detection, and incident response and recovery.
• Implement MFA on all VPN connections to increase security. If MFA is not implemented, require teleworkers to use strong passwords.
• Ensure IT security personnel test VPN limitations to prepare for mass usage and, if possible, implement modifications—such as rate limiting—to prioritize users that will require higher bandwidths.
Avoiding Social Engineering and Phishing Attacks
What is a social engineering attack?
In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.
What is a phishing attack?
Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.
Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as
• Epidemics and health scares (e.g., H1N1, COVID-19)
• Natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
• Economic concerns (e.g., IRS scams)
• Major political elections