Tackling Cybercrime in a Distributed Workforce Environment
In just a few short months, the world’s workforce has gone remote. Once geographically and technologically united in an office “fortress”, coworkers and colleagues are now a collection of loosely connected islands and archipelagos. But as our digital business environment expands so too does the attack surface, offering cybercriminals an evolving array of opportunities for network intrusion, data theft and destruction, and fraud – led by identity.
The cybersecurity threats presented by these newly extended business networks are further magnified by their convergence with our personal lives. Boundaries that were once defined by buildings continue to blur. Homes are now not only offices, but also distance-learning school rooms for students of all ages. As a result, and out of convenience, many individuals are using their personal and professional electronic devices interchangeably. Unfortunately, a device’s security defenses are not reciprocal, leaving equipment, applications, and even communications exposed.
Though it takes different strategies to manage these kinds of threat environments, one thing remains the same; bad actors need tools, credentials, and time to succeed. Although it sounds simple, the best way to minimize risk is to eliminate one or more of these three factors while taking steps to reduce the overall attack surface and improve visibility.
1. “Turn it off” – just like your parents taught you.
One way to reduce the attack surface is by turning off and getting rid of unnecessary services (or even the computer when you aren’t using it). This includes disconnecting from wireless connections when not using devices, removing nonessential accounts and applications, and implementing two-factor or multifactor authentication for those remaining and required. For those application services you manage, implement methods of controlling and limiting who has access, and how; as Behaviosec does (for example).
2. “Know your friends” – good friends are better than more friends.
Practicing good hygiene on social media networks is another way to diminish the attack surface. We have much larger digital identities today than individual real life identities, with hundreds – sometimes thousands – of virtual connections. Take the time to occasionally review the people with whom you’re connected; and determine whether they should be part of your social group or not. Cybercriminals will use social media networks to engage with primary or secondary targets to identify and target individuals that have authority over their prime objective. If that objective is data theft they might target IT staff, or go after the controller or CFO if financial theft is the goal.
3. “Clean up after yourself” – a tidy workspace demonstrates competence.
Use antivirus software to improve your endpoint security. Whether next generation or legacy, antivirus solutions can help flag issues. And make sure to patch your system and keep it updated. This will also enhance antivirus performance. Most malware is intended to steal personal identifying information in order to facilitate account takeovers.
Collect and scrutinize log data, particularly on applications where account takeover is most likely to occur – financial interfaces, corporate bank accounts, social media platforms, and transactional systems – and anything that conveys an identity token. Log files can provide insight into normal system activities over time, thereby indicating atypical events that don’t conform to standard/expected processes.
4. “Be aware of your surroundings” – defense depends on situational awareness.
Lastly, strive to maintain the same policies and oversight in a remote environment for the departments and systems on which you depend as you would in the office, whether finance, HR, communications, or marketing.
BehavioSec board member Dr. Shane Shook is a recognized information technology and security authority with more than 30 years’ experience in the field of cyber security.