TitanHQ

TitanHQ Blog

As Remote Work Becomes the Norm, the Security Fight Moves to Cloud

Posted by Geraldine Hunt on Thu, Aug 20th, 2020

With the introduction of a mandatory at-home workforce, companies must find solutions that give these employees access to critical applications. The easiest way to do this is to set up a cloud environment where users can access files and applications without accessing the local network. While this type of environment might be convenient, it also leaves the organization open to additional cybersecurity risks. Even with these risks, organizations can take precautionary steps to protect sensitive business data from attackers.

IT Challenges with Work-from-Home Employees

The Coronavirus pandemic forced many businesses to use work-at-home employees. It was the only choice to keep productivity and revenue up during the global lockdown. This change in work habits forced IT staff to find unique ways to give employees access to data without rushing changes to infrastructure, which can lead to mistakes. The easiest way to set up new infrastructure is to host it in the cloud (e.g. AWS, Azure or GCP). Files can be stored on cloud storage and applications can run in the cloud where users can access them using a standard browser.

One major factor with cloud services is that you no longer isolate applications from the public Internet. Cloud services are open to the public, and it’s the responsibility of the organization’s IT to correctly configure authentication and authorization. Cloud providers also have their own cybersecurity defenses, but you can’t rely entirely on these protections. The wrong configuration can leave your data opened to the public and could lead to a security breach.

In the recent Verizon 2020 Data Breach investigations Report, 43% of breaches targeted cloud applications. These findings demonstrate that cloud applications are a primary target for attackers. IT staff must configure cloud resources to ensure that vulnerabilities are caught and mitigated before they can be exploited. Defending sensitive data takes the right configurations, but even more important is the right monitoring and detection tools. Cybersecurity should be proactive rather than reactive to avoid major data breaches, and monitoring and detection tools will proactively detect potential threats.

Office 365 under attack

Microsoft has made great strides in cyber security, yet headlines continue to report countless exploits where hackers have undermined an O365 environment. If your company has moved to Office 365 as a hosted email solution, your email is being hosted in a Microsoft Data Centre and most likely being filtered using Microsofts Exchange Online Protection (EOP). Although the Office 365 spam filter offers a reasonable level of security, some businesses find it basic and lacking when it comes highly-sophisticated cyber threats especially advanced and persistent spear phishing attacks.

Unfortunately, Office 365s email security features don’t match the features of many dedicated on-premises and cloud-based email security gateways, which include pattern learning and intelligence. The only secure solution for email includes the ability to anticipate new attacks using predictive technology.

Are you concerned with Phishing and Malware in Office 365? Get a free personalized demo and see how SpamTitan can help secure your Office 365 environment today.

Fighting Cybersecurity Risks During COVID

Even though the organization introduces more risk in the cloud, certain technology is available to help stop threats. The first is to use monitoring tools that identify misconfigurations, suspicious traffic, and resource usage. For instance, AWS has CloudWatch to help monitor applications and IT resources. Azure has several monitoring tools that provides actionable reports to deal with any issues.

On the user side, users should be using VPN to access any internal resources. If a VPN isn’t available, any connection to cloud resources should always be encrypted. Encryption protects from eavesdropping. Eavesdropping can happen if the user is on a public Wi-Fi or at home.

Multi-Factor Authentication

Multi-factor authentication (MFA) should be implemented to defend against phishing and social engineering. Attackers know that home users usually do not have the enterprise-level resources for cybersecurity defenses. Phishing campaigns can be successful  even with good cybersecurity defenses and just required one human error, so attackers know that one good spear-phishing campaign could provide access to corporate resources. MFA stops most phishing attacks by forcing an additional layer of authorization before access is granted.

With the pandemic lockdown, phishing attacks are on the rise. Therefore, corporations should have the right email protections in place. Third-party applications have their own filters to detect and stop phishing attacks, but organizations hosting their own email servers should have monitoring and filters in place that stop malicious messages from being sent to an employee’s inbox. Malicious messages could include simple text with a URL or ones with suspicious attachments.

Email filters can quarantine messages for an administrator’s review in case of false positives, but this type of email cybersecurity greatly reduces the risk of phishing as users work from home. Users should be trained to identify malicious messages should any reach their inbox, but email filters will stop most messages from every being viewed.

In addition to filters, email servers that implement DMARC (Domain-based Message Authentication, Reporting & Conformance) increase effectiveness of email cybersecurity. DMARC uses a combination of DNS whitelisting and encrypted signatures to determine the legitimacy of messages. IT staff use DNS records to identify the IP addresses that can be used to send messages, and signatures verify the message authenticity to ensure it has not been altered.

DMARC seems complex, but with the right setup, it’s a valuable cybersecurity tool that defends against phishing and malicious email content. With phishing on the rise as one of the most common ways attackers can steal data, it’s important for organizations to implement the right application and rules that stop these messages before they can reach a user’s inbox.

While SPF provides a certain degree of protection against email spoofing, DMARC is far more dependable. SpamTitan email security incorporates DMARC authentication to provide even greater protection against email spoofing attacks.

Securing the Email and Web Component of Cyberattacks

Working with cloud infrastructure doesn’t mean your organization must be lax on cybersecurity. The right resources, monitoring, and detection can be used to stop common cybersecurity attacks including the increase in phishing due to the pandemic lockdown. IT staff can implement these cybersecurity techniques without affecting user productivity, and the organization can operate safely while protecting corporate data.

On Thursday May 21st  join us for an exclusive  webinar  -  If  you're worried about protecting remote workers from phishing, zero-day attacks, malware and dangerous websites then this webinar will be very useful. Our experts will discuss and show you why it’s vital  to protect against the  email and web component of cyberattacks to help you meet the challenge of protecting a fully distributed workforce.

We will discuss:

  • Covid-19 exploitation by cybercriminals in malicious cyber attacks
  • Types of Covid themed threats
  • Meeting the security challenge of protecting a fully distributed workforce
  • LIVE demo of how our  solutions dovetail to protect your distributed workforce
  • Panel includes an IT professional from a  large MSP, we'll discuss the daily challenges of supporting SMBs during the current crisis.

Date : Thursday, May 21st, 2020
Time: 11am CDT   Duration: 30 minutes

Sign up for the webinar here.

Can't make it on the day? No problem! We'll send you a copy of the webinar by email.

Never Miss a Blog Post

Sign-up for email updates...

Start Free Trial Request Demo
TitanHQ

Talk to a Trusted Security Advisor

Call us on USA +1 813 304 2544 or IRL +353 91 545555

Contact Us