For years, security professionals have cautioned companies against relying on traditional perimeter-based defenses. Trends like the proliferation of mobile devices, employees working remotely, and IoT devices have made it clear that the old castle-and-moat model of protecting the corporate network in a building no longer applies.
The COVID-19 pandemic has only hastened this trend. Companies across the globe had to shift to employees working from home nearly overnight. Cybercriminals increased their activity, hoping to capitalize on confusion and fear surrounding the pandemic. Unfortunately, the sheer lack of control for businesses made combatting attackers much harder. Employees let their guard down and tech teams had even less visibility than before as workers used home networks with varying levels of security.
Ultimately, this unfortunate moment has demonstrated that IT service providers must be able to reduce their customers’ security risks wherever the workforce sits—whether it’s a chair in an air-conditioned company office, sharing a couch at home with a dog seeking attention, or in their hotel room checking their work email on a trip before winding down for the night.
This requires a mindset shift. Today, we’ll focus on two important areas for dealing with this shift—what you control and what your users control.
What you control
For starters, let’s talk about hardening your customers’ defenses in the current environment.
With customers carrying sensitive work information and data wherever they go, endpoints become the new battlefront. Stay up-to-date with endpoint hygiene: force password resets every few months, patch endpoints quickly, back up critical data, and have some level of active malware protection on the machine. This leads me to my next point.
MONITOR FOR ENDPOINT THREATS
Antivirus (AV) has traditionally been a major part of endpoint defenses. However, AV is often passive, requiring you to wait for signature updates (and more advanced behavioral AVs can be bypassed). Plus, endpoint threats like weaponized documents or fileless attacks slip by traditional malware protection. For this reason it’s important to use a good endpoint detection and response product. These can monitor for anomalies on an endpoint and alert you when one appears. It offers more complete, active protection and can be key for turning the tide against cybercriminals.
PROTECT MOBILE DEVICES
If you’re responsible for mobile devices, then you’ll need to implement controls to protect them. For instance, you’ll want to make sure your RMM solution gives you the ability to remotely lock phones, change passwords, or wipe devices if needed. This should help with lost or stolen devices.
What your users control
Of course, people still play a role in cybersecurity. Even if you take the right precautions and put in the right security controls, mistakes can still happen. And with workers being home, even more of the responsibility falls on individual actions from end users. So you’ll need to enlist your customers’ end users’ help in keeping company resources safe.
You’ll need to train your end users on proper behavior. And with workforces being as distributed as they are, it’s worth sending periodic reminders—training simply can’t be a one-off event. When you do train them, make sure to emphasize the following:
REPORT LOST/STOLEN DEVICES
For starters, if an employee loses a device, whether it’s a smartphone or a laptop, they need to report it immediately. This gives you the opportunity to wipe the data and lock the device before a breach occurs. However, this requires you to emphasize that employees won’t get in trouble for losing devices—they need to feel comfortable coming forward. If you have a customer who’s liable to get upset at a lost device, try to remind them that recouping the cost of a lost smartphone is much smaller than taking a major reputational and fiscal hit from a data breach. Mistakes happen—they don’t need to become disasters.
BE CAREFUL ON EMAIL
Remind users to be think twice before opening emails and clicking on links. Cybercriminals took advantage of the COVID-19 situation to trick users via phishing emails. Having a healthy skepticism on email matters now more than ever. Make sure to remind customers to check for things like misspellings, odd domain names, mismatched display names, or unusual requests for information.
THINK TWICE ABOUT MOBILE PERMISSIONS
We already mentioned the need to manage your company-owned mobile devices. However, it’s also important to get customers to take care of their own personal devices. While they likely know to password protect their devices, far fewer give app permissions a second thought. Remind them to be careful about which apps get access to permissions like location data or in-app purchases. Industry outlets like DarkReading have reported a major uptick early this year in mobile fraud, including mobile app fraud.
PROTECT HOME WI-FI
With customers frequently working from home, they’re often using home Wi-Fi networks that can have dozens of devices on them with varying levels of security—from corporate issued laptops to personal gaming systems to IoT devices like smart speakers. Help customers protect their Wi-Fi from intruders by reminding them to use a strong password with WPA2 encryption (or better), and make sure they also change any default passwords on administrator accounts.
BE CAREFUL ON PUBLIC WI-FI
Finally, as employees work either on the road or at coffee shops, make sure they’re careful around free Wi-Fi. Remind them that even password protected doesn’t mean secure—if they’re on hotel Wi-Fi, they’re still vulnerable to attacks from people on that network. Also, remind them to turn off autoconnect on mobile devices for Wi-Fi networks—you never know when a hacker may attempt a watering hole attack by creating a fraudulent public Wi-Fi network.
What you can’t control
On a final note, it’s worth realizing that you can’t control everything. New threats will crop up. New vulnerabilities will appear as well. Sometimes, we’ll face a seismic change in the way we work—potentially even overnight.
You can’t completely control for these factors. Yet, your customers look to you to as the expert, so you have to remain calm under pressure and when facing the unexpected. Nearly anyone can get stressed during a security event or an overnight shift in infrastructure. It’s human. But trying to remain calm under pressure will help your team make better decisions and instill confidence in your end customers.
One of the most important ways to do this is to develop plans ahead of time for dealing with potential security incidents. Make sure people know the process, their roles, and the steps to take if an incident arises. And above all, practice this and run drills. This can dramatically cut down on the anxiety during an event. You can’t control everything, but you can take as many preparations as possible to reduce your risk.
Earlier in the piece, we mentioned the importance of endpoint detection and response. With endpoints becoming ever more crucial in the fight against cybercrime, it’s important to have more complete protection. SolarWinds® Endpoint Detection & Response (EDR) helps prevent endpoint threats using AI and machine learning to detect anomalies at the endpoint level—so even if an attacker uses a fileless attack that would normally slip past AV, EDR can catch the issue and take action. It even offers an automatic ransomware rollback to return endpoints to a known safe state without you having to lift a finger. Learn more about SolarWinds EDR today.