How to neutralize the biggest remote working cybersecurity threats

Emsisoft AmriMalware graphic

Please enjoy our guest article by Jareth. He is a writer with Emsisoft., a Corporate Armor partner.

COVID-19 prompted a rapid global transition to remote working. While allowing staff to work from home has been key for maintaining business continuity, it has also introduced a range of security challenges by dramatically expanding attack surfaces, magnifying existing vulnerabilities and exposing companies to new threats.

Managing these risks requires serious thought and time investment – luxuries that COVID-19 hasn’t afforded. For some businesses, the switch to remote working came almost overnight, giving them little time to prepare in the way of policies, training and security solutions. Some 85 percent of CISOs admitted to sacrificing security to enable remote work, according to a Netwrix report.

As an all-remote cybersecurity company, we find ourselves in a unique position to help organizations mitigate the risks associated with remote working. In this blog post, we’re going to explore some of the biggest cybersecurity threats facing remote businesses and discuss best practices for securing the company network and reducing the risk of compromise.

Remote working cybersecurity threats

Newly expanded IT infrastructures, abrupt changes to work processes and softening of security policies to accommodate teleworkers have left remote companies uniquely vulnerable to a variety of cyber threats.

1. Malware

Almost 1 in 4 companies paid unexpected expenses to address a malware attack or cybersecurity breach following shelter-in-place orders, according to a Malwarebytes report. Remote companies may be more exposed to malware due to:

Weakened security controls: The diversity of the home network makes it almost impossible for IT teams to implement the same rigid security controls used in-office on remote working devices. In addition, many remote workers use personal devices for work purposes and, therefore, may be rightfully resistant to employers trying to impose restrictive security controls on their devices. Almost 4 in 10 remote workers admit to using personal devices to access corporate data, according to a recent Trend Micro study.

Infections spreading from home devices: Remote companies may be more vulnerable to malware due to the possibility of existing infections on home devices spreading to business networks. Remote office networks are about 3.5x more likely to have a malware infection than in-office corporate networks.

Staff cutting corners on security: Security practices are often not as closely observed at home as they would be in the office. Reduced IT oversight can lead to employees cutting corners on security in order to work more productively. In other cases, a disruptive home working environment can distract employees from adhering to normal security protocols. In either scenario, neglecting security processes can greatly increase the risk of malware infection.

2. Phishing

Phishing uses social engineering tactics to coerce users into disclosing company information or clicking on a malicious attachment or URL. Remote workers may be particularly susceptible to phishing because of:

COVID-19 related spam: Malicious actors are preying on public interest in the pandemic to distribute COVID-19 themed phishing emails. These scams aim to trick the recipient into downloading malware, divulging other sensitive information and donating to a fake charity.

New remote working tools: Many companies deployed new communication and workflow tools to facilitate remote working. Remote staff may not yet be familiar with the interfaces, URLs and login screens of these tools and may, therefore, be more likely to fall for phishing scams.

Abrupt process changes: The way companies process and verify payments and requests have likely changed during the transition to remote working. Changes to verification systems can increase the risk of phishing and other types of fraud.

3. Data breaches

A data breach can result in significant disruption, revenue loss and reputational damage. With workers operating outside the protective bubble of the corporate network, remote companies may be at greater risk of a data breach due to:

Unsecured networks: Due to poor patch management, software misconfiguration and a lack of enterprise-grade security controls, home office networks are typically far less secure than their corporate counterparts. Communicating over the home network – or worse, public Wi-Fi networks, increases the risk of data breaches and credential theft.

Local data storage: In the home working environment, staff may be more inclined to store data locally, where it can be easily retrieved without logging into cloud services or worrying about potential connection issues. Locally stored data is at greater risk of being stolen, lost or corrupted due to physical damage or malware infection.

Device theft: Remote working devices are naturally at greater risk of being lost or stolen, which can potentially lead to data being accessed by unauthorized users.

Ransomware: Remote working devices are more vulnerable to compromise, which increases the risk of ransomware infection. Many ransomware incidents now involve data exfiltration, which puts immense pressure on victims to pay the ransom and can result in stolen data being publicly leaked in the event of non-payment.

4. Unauthorized network access

Attackers often focus on vulnerable appliances and remote access protocols to gain unauthorized access to internal networks. Remote companies may be at greater risk due to:

VPN vulnerabilities: While VPN appliances play a key role in enabling remote workers to securely access company resources, they also provide another possible entry point to business networks. Unpatched VPN appliances may contain critical flaws that allow threat actors to gain access to internal networks and/or remotely execute malicious code.

RDP misconfiguration: Many organizations have come to rely on remote desktop protocol (RDP) to allow remote workers to access locally stored files and applications. While RDP is generally regarded as a safe tool when used within a private network, improper implementation can lead to serious security problems. If RDP ports are left exposed to the Internet, anyone can attempt to connect to the remote server using freely available port-scanning and brute-force tools. See this guide for more information on how to secure RDP.

Security best practices for remote companies

The following best practices can help companies protect remote endpoints, secure company data and reduce the risk of network compromise.

Staff training: Companies should provide both remote and in-office employees with regular cybersecurity awareness training. Training must be an ongoing process to ensure staff are familiar with emerging threats and current best practices.

Antivirus software: Reliable antivirus software is critical for not only preventing infections, but detecting and removing existing threats on remote workers’ home networks. The home-user software ecosystem is diverse, so companies should consider vendors who have proven experience in consumer markets.

Spam filters: An effective spam filter can help keep employees’ inboxes clear of malicious spam and prevent the vast majority of email-distributed malware and phishing scams.

RDP management: As noted, RDP is a common attack vector and should be disabled unless it is required for business operations. If required, RDP must be secured using a VPN, RD gateway, robust passwords and multi-factor authentication.

Patch management: An effective patch management strategy ensures that security vulnerabilities are fixed as quickly as possible. This is particularly important for VPN appliances and remote access tools that can give an attacker unfettered access to internal networks if compromised.

Multi-factor authentication: One of the simplest and most effective ways to stop unauthorized access to services and systems is to enable MFA wherever possible, with priority being given to remote access tools, sensitive data repositories and privileged actions.

Principle of least privilege: The principle of least privilege is the practice of limiting user access to the bare minimum. This principle should be implemented on all systems, accounts, software and functions to prevent unauthorized access to critical systems and stymie lateral movement.

Conclusion

The pandemic shapes the way we work – and the way we look at security. While the abrupt transition to remote work may have required some corners to be cut in the name of efficiency, there has been ample time for organizations to revisit and strengthen hastily implemented systems.

Addressing the security vulnerabilities described in this article will enable organizations to reduce the risk of compromise and maintain a secure workforce, regardless of where employees are physically located.