Back to Insights

Risk Management In Futuristic Work Environment

Cyber security 05/28/2020 - 13:17 by Sabita Sriram

With work from home becoming the new normal, professionals and students spend more time indoors. They pass time by studying online, working remotely, and learning new skills, shopping online and video streaming to keep themselves entertained. Now, there is an increased need for collaboration tools. This has increased the need for cyber controls.  For starters there could be anxious employees who are trying to connect online, this could render VPN useless or attempts by employees to bypass controls. There could be a possibility of relaxing firewall rules to get things done in a lockdown, only the business risk is heightened.

It is time to keep track of security of collaboration tools that we use, remote infrastructure needs proper technical vulnerability management. Patch management and systems hardening becomes all the more critical. Cloud security is a basic aspect of IT operations to keep organizations stable. Defense needs to be with more depth and emphasis. Multi factor authentication becomes business critical.

Proper management of access control is indispensable. A step wise approach would be to determine sensitive data, systems and networks, the roles which are required to come in contact with such systems and the business need as well as, compensating controls.  Be it a system administrator or application administrator or developer or network administrator proper segregation of work is a basic necessity to ensure reduced scope for fraud.

Security testing at a piloting phase of an application will help in reducing vulnerabilities or scope for exploits.IT and cyber security teams must account for shadow IT which implies creation of certain tools or using certain system resources that are not authorized. Emphasis must be laid on considering additional risks from using such infrastructure. These are present to augment in office IT capabilities.

Adopt and embrace virtualization for your IT infrastructure. This offers the desktop interface that is more hassle free from a security perspective. This is being one step ahead in handling additional risks arising from a lax working environment. For instance, imagine your employees working from their couch and browsing social media pages/blocked pages in between work hours from their mobile device. End point protection is of massive importance in such a scenario wherein there is minimal scope for monitoring. Alternatively, an employee may respond to a phishing email or divulge some confidential data.

End user trainings for increasing information security awareness is of considerable importance. Besides this, digital laggards can no longer afford to use cyber security as an excuse to avoid emerging technologies.

Somewhere a lot of cyber-security related communication is drowned out in emergency or crisis related communications. This is where we need to pay attention to effective means to engage audiences. Wikis, post it notes, real time querying or incident reporting anonymously are all some ways to enhance effectiveness of two-way communications. Send informatory mails to users periodically to keep them aware of latest security attacks or threat vectors.

A risk based approach to handling new attack vectors or threats is the only answer to all these concerns. To begin with, start by identifying high risk user groups, classify sensitive data and monitor for anomalous behavior patterns. For instance, if someone is accessing systems during unusual times try to log their actions/ restrict such untimely access. It could be bulk downloads of data or unusual bandwidth consumption.

Robust and scalable IT processes help in ensuring that business needs are not compromised. IT helpdesks may be more stressed or worked up now because of increasing workloads they need to tackle. Deployment of security tools may put increased demand of capabilities, here companies can explore the possibility of using contractors for quicker deployments/ surged demands. Explore the availability needs of existing collaboration tools and validate their business continuity/ disaster recovery capabilities.

Encourage employees to implement proper record/ document management and retention practices for physical copies of information. Ensure secure retention and disposal of mission critical documents. At a time when there is a hiring freeze, furloughs the demand for security consultants is increasing. The simple reason is because organizations recognize the need for recruiting more personnel in their security operations at a time when digital transformation is taking lead.

Security stack of every firm varies depending upon the approach, availability of resources. However, we need to take cognizance of security and incident event monitoring tools which need to be implemented to improve our cyber readiness. If there are some information processing facilities of the organization which are not monitored then these constitute a major vulnerability. One point we need to consider is the insecure and uncontrolled channels that employees use. This should not be the loophole in the IT infrastructure.

Many social engineering attacks are being launched on employees. These include phishing, vishing, smishing, using fake websites to deliver malware or solicit payments. A large government entity in North America suffered from a distributed denial-of-service attack aimed at disrupting services and issuing misinformation to the public. A major hospital in Europe was hit with a cyberattack that forced it to suspend scheduled operations, shut down its IT network, and move acute-care patients to another facility. And a department of a local government had its website encrypted by ransomware, preventing officials from posting information for the public and keeping employees from accessing certain files.Remote access

A combination of technical controls, employee engagement.

Supply and configure a work laptop and network connection such as a wireless mobile connection. Consider using USB dongles, all communications need to be encrypted and split tunneling must be disabled in Virtual Private Networks. Instruct remote workers to avoid unnecessary web browsing activities using the organization’s infrastructure.

When it comes to remote access ensure that only limited access privileges are granted within the system, a unique paraphrase is used for every system.  Educate employees to maintain a private physical space, that remote workers lock sessions and maintain secrecy of their authentication information.

Consider the use of a Virtual Local Area Network to segregate the traffic relating to corporate work. Some technical solutions need to be implemented in the corporate side and these include setting up a vulnerability monitoring facility, real time monitoring of remote access logs, disabling internet protocol or geolocations.

Consider providing a logically segregated access to personnel working from home. Prioritize remote access connections if there is an overload.

Start by creating a network architecture document, identify points for remote access, the potential weaknesses.  Ensure there is a clear documentation for all changes. Patch systems wherever possible. This logical flow of data must also have sufficient detailing to ensure that business continuity aspects of infrastructure and application is captured.

A robust backup and change management process is needed to handle proposed and unforeseen configuration changes. Keep a rollback point or a decision point to manage the implementation. Disconnect systems which are identified as launching internal attacks. It is about maintaining a vision of alerts that need to be in place to handle anomalies or malicious attacks. This involves an interplay of incident response and crisis management/communications planning.

Ensure you hire sufficient telecommunications specialists and cyber security specialists to manage the infrastructure during critical times. There needs to be formal communications between different stakeholder groups namely, security operations, change management etc.

A combination of virtual private network, virtual desktop infrastructure and demilitarized zone would make the organization’s systems more secure. Use 2 jumps to establish a remote connection. Needless to say, principle of least privilege, maintaining unique identities for users, ensure that edit functionality is disabled in remote access. Do not allow drive redirections that help in information disclosure or malicious file transfers. Verify the authenticity of patches prior to deployment.

Consider reports for monitoring anomalous activities. Ensure audit trail for incident response and planning. There could be context specific brief alert messages which are sent to security operations teams and minimize the scope for false positives.

There could be data capture in unencrypted regions within the organizational boundaries or sniffing attacks, so try to mitigate these issues. An internal and external scan or penetration test will help reduce many risks, ensure this does not harm production environment. Remote access

Cybersecurity challenges

The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cybersecurity. If you’d like to know more about how your business can benefit from managed services, just give us a call, we are here to help.

To prepare for changes to technology work, the workforce, and the workplace, C-suite executives can focus on the big picture like remote access.