There is no precedence to the unconscionable way hackers exploit human distress during these times. Albeit a few hacker groups “swore” on paper they won’t attack hospitals (gee, thanks), the reality is one of taking gruesome advantage of the situation.
The global pandemic is accompanied by a global “Phish-demic”, “Mal-demic”, and “Frau-demic”. Not many can withstand the temptation of clicking on the phishing emails these days, supposedly from the Centers for Disease Control and Prevention (CDC), stating a critical notification for the public in the shape of “An updated list of Corona Virus cases in your neighborhood at this link”.
It gets worse. With the current lock-down and social distancing, workplace IT managers are required to connect their remote workforce to the corporate environment. Let’s pause to give this some thought.
The typical household includes:
- 3-5 mobile phone
- 2-3 laptops or tablets
- 1-2 Wifi routers
- 2-4 email accounts
- 2-3 Browsers with stored cookies and passwords
In other words - the typical home is a “malware Petri dish”.
And then the VPN opens it to the corporate network
At that point - all the malware, ransomware, and crypto-ware try to make it into the uncharted waters of the other side of the VPN. This isn’t the severe threat, as they are likely to be blocked down the path by the first firewall they hit.
However, the hacker gains control of the home computer and the VPN access credentials are stored or shared in the browser with other accounts, the hacker can easily create a command and control channel and compromise the enterprise through the “front door”.
Looking for the 7 quick wins?
- Find a way for your employees to have a separate “work computer”
- Do not allow any installations of any software or add-on that is not authorized
- Instruct your employees not to store credentials in the browser
- Insist on multi-factor authentication - a token or one of the authenticator apps would do
- Create group access policies
- VPN - get one that can run configuration checks on the endpoint prior to connecting
- NAC - install a network access controller to allow only authorized devices to connect
Now you can sleep soundly. Not!
So you got the task done, people can work remotely and the business is running. But how do you know what loopholes and vulnerabilities were created in the process. How do you know that a single compromised remote user won’t bring down the entire business in the form of a breach?
The most important thing these days is to continuously validate the security of your network as a whole. The technology is available to test your security controls, vulnerabilities, credentials, and privilege setting in a VPN IT environment, against the most advanced hacking scenarios.
Got your remote work employee connectivity addressed? Great!
Now test and test and test - only then you can rest.
The writer is the CMO of Pcysys, the home of PenTera - the Automated Penetration Testing software, with the advice of Comm-IT expert, Lior Bialik.