For many organisations, the sudden move from an on-premise to a remote workforce has created unexpected information security risks.ย
โFor those enterprises that had not yet implemented a remote work strategy, the sudden lockdown left little time for them to roll out remote working security solutions. It was a matter of keeping business going as best they could, despite the risks,โ says Martin Potgieter, co-founder & Technical Director atย Nclose.ย
With the likelihood growing that some form of lockdown may be extended for months, organisations now need to take action to tighten up information security as best they can, maximising the tools they already have available.ย ย
โMany recommendations that have been made recently on securing the remote workforce are difficult to implement during a lockdown. For example, creating aย zero trustย network, while good security practice, could take months or even a year to implement. And now is not the time to roll out something new: you cannot install new hardware or send people in to carry out on-premise testing during the lockdown.โย
However, there are practical steps enterprises can take to improve information security right now, he says.ย
- Enable two factor authenticationย on all Internet exposed authentication portals. For companies not already using two factorย authentication, implementation could be challenging during a lockdown, however. Another option is geo-fencing that restricts access to certain portals to users within certain regions – within South Africa only, for example. โฏโฏย
- Maintain visibility. For organisations that have not deployed cloud-based EDR or cloud-based endpoint security, visibility may be limited once the workstations have left the corporateโฏenvironment. Consider modifying endpoint security technologies to allow for more efficient visibility of the endpoint. One option is to move to the cloud the existing AV management centre.ย
- Maximise endpoint security features. There are oftenย a number ofย features included in an endpoint security platform that are never deployed, says Potgieter. โNow is an excellent time to deploy these features considering many of the corporate network controls are not available to the remote work force.โ He recommends enabling:ย
- Endpoint Firewallsย ย
- Endpoint Encryption – encryption of the hard drive on laptops or workstations. โฏย
- URL filtering – filtering of web sites and web-based traffic, whichย Ncloseย says is one of the more important features to enable right now.ย
- HIPS (Host Intrusion Prevention System) โ Similar to the traditional IPS but running on the endpoint. HIPSย looksย at the application layer and operating system.ย
- NIPS (Network intrusion prevention) –ย Similar toย HIPS but specifically looks at the network layer.ย
4. If DLP technology is not available, consider applying very specific security controlsย such as disabling copy/paste functionality via RDP to limit risk when remote desktops connect to the network. Companies might also install a single โjump boxโ to enforce a choke point on internal network access.ย ย
5. Review your VPN configurationย to ensure VPN inactivity timeouts and other settings are set to correct best practice basis. Consider limiting VPN access based on user requirements. โฏย
6. Raise employee awareness.ย Phishing is likely as prevalent as it was before, but it may present a greater risk now that you have less control and visibility over the environment.โฏ Continue – or start -phishing awareness training. Whether this is done through standard information sharing or susceptibility testing, it is important to maintain employee awareness of cyber security risks. In most circumstances this can be done remotely. โฏย
7. Start planning for back-to-work.ย Consider also what your approach will be to maintaining information security once lockdowns are lifted and employees start bringing devices and data from their homes back into the corporate environment. โฏย
โThese basic tools can significantly improve security when there has been little time to prepare to move the entire workforce out of the secure enterprise network environment,โ says Potgieter.ย ย
โNclose, and the cyber securityย community as a whole, areย also very willing to share ideas to improve security โ particularly under the difficult circumstances we find ourselves in. We would encourage anyone to engage security communities to get innovative ideas on how to secure specific scenarios.โย
Aboutย Nclose
Ncloseย is a cybersecurity technology and services provider that supports southern Africaโs leading organisations against modern cyberthreats. Founded by a team of technology experts in 2006,ย Ncloseย is one of the countryโs foremost information technology security partners. We provide Security Assessment & Testing, Security Solution Management, Operational Technology Cybersecurity and Managed Detection & Response services to a growing portfolio of blue-chip clients.โฏwww.nclose.comย