For many organisations, the sudden move from an on-premise to a remote workforce has created unexpected information security risks.
“For those enterprises that had not yet implemented a remote work strategy, the sudden lockdown left little time for them to roll out remote working security solutions. It was a matter of keeping business going as best they could, despite the risks,” says Martin Potgieter, co-founder & Technical Director at Nclose.
With the likelihood growing that some form of lockdown may be extended for months, organisations now need to take action to tighten up information security as best they can, maximising the tools they already have available.
“Many recommendations that have been made recently on securing the remote workforce are difficult to implement during a lockdown. For example, creating a zero trust network, while good security practice, could take months or even a year to implement. And now is not the time to roll out something new: you cannot install new hardware or send people in to carry out on-premise testing during the lockdown.”
However, there are practical steps enterprises can take to improve information security right now, he says.
Enable two factor authentication on all Internet exposed authentication portals. For companies not already using two factor authentication, implementation could be challenging during a lockdown, however. Another option is geo-fencing that restricts access to certain portals to users within certain regions – within South Africa only, for example.
Maintain visibility. For organisations that have not deployed cloud-based EDR or cloud-based endpoint security, visibility may be limited once the workstations have left the corporate environment. Consider modifying endpoint security technologies to allow for more efficient visibility of the endpoint. One option is to move to the cloud the existing AV management centre.
Maximise endpoint security features. There are often a number of features included in an endpoint security platform that are never deployed, says Potgieter. “Now is an excellent time to deploy these features considering many of the corporate network controls are not available to the remote work force.” He recommends enabling:
Endpoint Encryption – encryption of the hard drive on laptops or workstations.
URL filtering – filtering of web sites and web-based traffic, which Nclose says is one of the more important features to enable right now.
HIPS (Host Intrusion Prevention System) – Similar to the traditional IPS but running on the endpoint. HIPS looks at the application layer and operating system.
NIPS (Network intrusion prevention) – Similar to HIPS but specifically looks at the network layer.
4. If DLP technology is not available, consider applying very specific security controls such as disabling copy/paste functionality via RDP to limit risk when remote desktops connect to the network. Companies might also install a single “jump box” to enforce a choke point on internal network access.
5. Review your VPN configuration to ensure VPN inactivity timeouts and other settings are set to correct best practice basis. Consider limiting VPN access based on user requirements.
6. Raise employee awareness. Phishing is likely as prevalent as it was before, but it may present a greater risk now that you have less control and visibility over the environment. Continue – or start -phishing awareness training. Whether this is done through standard information sharing or susceptibility testing, it is important to maintain employee awareness of cyber security risks. In most circumstances this can be done remotely.
7. Start planning for back-to-work. Consider also what your approach will be to maintaining information security once lockdowns are lifted and employees start bringing devices and data from their homes back into the corporate environment.
“These basic tools can significantly improve security when there has been little time to prepare to move the entire workforce out of the secure enterprise network environment,” says Potgieter.
“Nclose, and the cyber security community as a whole, are also very willing to share ideas to improve security – particularly under the difficult circumstances we find ourselves in. We would encourage anyone to engage security communities to get innovative ideas on how to secure specific scenarios.”
Nclose is a cybersecurity technology and services provider that supports southern Africa’s leading organisations against modern cyberthreats. Founded by a team of technology experts in 2006, Nclose is one of the country’s foremost information technology security partners. We provide Security Assessment & Testing, Security Solution Management, Operational Technology Cybersecurity and Managed Detection & Response services to a growing portfolio of blue-chip clients. www.nclose.com