Security Lessons Learned Working from Home in 2020

Posted by Geraldine Hunt on Thu, Nov 5th, 2020

As many states are still closed or slowly opening due to the pandemic, it’s clear that lockdowns have changed the face of employment. Companies learned that allowing employees to work from home has increased productivity and Zoom meetings are a good replacement for conference rooms. Unfortunately, with a large work-from-home staff environment, attackers know that cybersecurity is far more important but lacking in many areas.

131% Increase in Malware Activity

In a new ThreatPost report, researchers saw a 131% increase in viruses spread across the internet and 600 new phishing attacks a day. Many of the phishing emails played on the pandemic and the public’s need for information. Attackers used emails purported to be from the CDC or COVID-19 related information. The urgency and anxiety felt by the general public led to many more successful attacks as users were unaware of the phishing red flags.

Right when the lockdowns began, organizations were forced to provide quick access to employees working from home. This meant that cybersecurity could have been weakened and employees used personal computers to store data and receive email. This led to opportunities for attackers to steal data, credentials, and install malware on personal devices. Most individuals have lax cybersecurity compared to an enterprise network that uses advanced threat detection and mitigation. This phenomenon has led to data breaches and compromise of personal devices storing sensitive data.

Planning Better Transitions

Administrators must offer a work-from-home environment, but it must be done with cybersecurity  as a priority. Software Defined-Wide Area Network (SD-WAN) development increased allowing home users to connect via VPN to data centers where cloud computing and identity management provided secured access to company software and resources.

Zero-trust networking is also a must-have in this new environment. In a zero-trust network, employees are given permissions to only the resources needed to perform their jobs, and no one is trusted even if they are authenticated into the network. Heavy logging and monitoring are applied to network resources to mitigate and detect attackers. Attackers in this environment could be insiders (e.g. employees or authenticated contractors) with stolen credentials, so a zero-trust model ensures everyone is limited to only necessary resources.

Cloud Cybersecurity

The cloud is secure, but there is shared responsibility between the cloud provider and the customer. Even with advanced security tools, just one misconfiguration can leave business data available to the open internet. Hackers even have scripts that scan cloud resources such as storage to find misconfigurations.

The use of data centers is foreign to administrators used to on-premise resources, so it’s also common for organizations to ask a Managed Service Provider (MSP) for help. MSPs have worked with more cloud resources and dealt with cybersecurity attacks, so it’s beneficial for organizations to leverage lessons learned from MSPs rather than make attempts to secure cloud resources haphazardly. Just one data breach can cost millions, so it’s not something to jump into without the right direction. An MSP can ensure that organizations move cloud resources in the right way rather than make mistakes that could lead to breaches.

Cybersecurity and a Home Workforce

Done correctly, organizations can safely move users and their data to the cloud. Most cloud providers have several cybersecurity measures already in place such as identity access management (IAM), VPN services, cloud infrastructure, SaaS applications, storage, and email. The way these resources are configured determine success.

MSPs that help their clients can set up IAM, VPN, infrastructure, storage and SaaS applications, but email security must be integrated using third-party services. To eliminate phishing and malware sent in email, the email server must use cybersecurity that detects and blocks spoofed messages or those with malicious attachments.

Email filters using DMAR (Domain-based Message Authentication, Reporting & Conformance) will stop much of the spam and malicious content that comes from phishing emails. MSPs can set up this cybersecurity or administrators can install third-party applications and configure them based on their own unique requirements. Emails can be quarantined so that any false positives can be sent to the recipient inbox and the software trained to differentiate malicious content from benign content.

Without email security, organizations have a much higher risk of compromise and data breaches due to phishing, but DMARC and cloud email can stop most of the attacks targeting organizations and their work-from-home staff. Email security is one of the single best cybersecurity additions to a cloud network that will greatly reduce risk of a data breach and protect users from compromising their home devices.