Page 71 - Cyber Defense Magazine for August 2020
P. 71
Luckily there are several best practices beyond general endpoint protections and malware defenses that
every security administrator can and should implement today to protect remote workers from this threat.
Here are four keys to securing your off-network employees and fending off ransomware attacks as the
COVID-19 pandemic continues:
1. Implement ransomware education and training – According to Verizon, 80% of reported
security incidents involve phishing, and according to one report, phishing attacks are to blame for
two-thirds of successful ransomware infections in 2019. Although remote employees are not “on
their own” as they work from home, they are further away from your skilled IT and security staff
and must be trained to independently identify and avoid potential ransomware attacks.
Regardless of the size of your organization, invest in educational programs and regular training
that teach employees about common ransomware delivery techniques and red flags to watch out
for. Better yet, incorporate regular practical tests that entice users into clicking on would-be
malicious links or downloads, and provide additional training as needed. Investing in ransomware
education and training is well worth it when you consider the potential financial and reputational
damage caused by a breach.
2. Strengthen data access policies – Now that the majority of your workforce is operating outside
the office network perimeter, it’s never been more critical to tightly control permissions. Create
strict identity and access policies and buttress your access control lists so you can limit employee
access to areas of your infrastructure in which you’re storing valuable company data and content.
Shoring up these policies will allow you to enable or deny permissions by account, user, or based
on specific elements such as date, time, IP address, or whether requests are sent with SSL/TLS.
Use the principle of least privilege, only giving users access to the accounts, systems and data
that’s absolutely necessary for them to be productive. This is a crucial step when it comes to
ensuring attackers or unauthorized parties can’t get access to, delete or expose your business-
critical data.
3. Require multi-factor authentication – It goes without saying that you should put in place policies
that require users to set complex passwords that are 16 characters at a minimum. That said, even
strong passwords are no longer enough when it comes to secure authentication. Given enough
time, a simple brute force attack can crack highly complex credentials. Deploying a multi-factor
authentication solution should be a no-brainer for every organization today, especially with so
many employees accessing company data from outside the enterprise perimeter. A second or
third authentication factor delivers another critical layer of protection, so that even if an attacker
gets their hands on a weak or stolen employee password, they’ll be unable to log in and
compromise your systems without a physical token, personal smartphone or unique biometric
signature.
4. Reexamine and harden the compute layer – If you haven’t already, now is the time to assess
and secure your compute layer to ensure your systems and data remain available and to keep
any threat actors that could potentially find a way in through one of many remote entry points from
using your resources to spread malware. One easy way to do this is to remove outdated or
unnecessary programs from user devices, which just offer additional attack surfaces for bad
Cyber Defense eMagazine – August 2020 Edition 71
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.