COVID-19 and Remote Work Challenges

By Devin Callaway Insight Blog Security March 20, 2020

Is your organization prepared to meet the demands of your Teleworkers?As the response to COVID-19 pandemic grows, businesses and organizations are sending their people home to work remotely.

Have you done the proper planning to ensure your company’s remote-work program is not introducing unnecessary risk? As more remote workers take the playing field, the standard perimeter, device management, patching, and securing our digital footprint become more challenging.

There will be no ‘one size fits all’ solution, as the needs and risk tolerance of each organization will shape what is critical. Understanding the risks and evaluating them is the essential first step; allowing your organization to move from reacting blindly, to a proactive and targeted approach to improve security posture and mitigate risk. It’s even likely that the actions taken today to address this crisis will enable better IT and Security operations in the future, and perhaps become the gateway to enabling a longer-term remote workforce.

PEOPLE AND PROCESS FIRST
The first step of any remote-work action plan is to inventory worker actions and make sure that the remote access technology meets the needs of the users. If it does not, the employees may take un-secured measures to get their job done remotely, while unknowingly introducing risk to the environment. Understanding worker actions is essential to a successful remote work policy. Conducting a remote tabletop exercise with multiple departments can uncover aspects of remote work that have otherwise gone unaddressed. Below you will find a list of questions that IT professionals should be asking as remote-work plans roll out.

INVENTORY WORKER ACTIONS AND RESOURCES

COMPANIES NEED A CYBER SECURITY POLICY THAT ADDRESSES TELEWORKERS
While tech conferences and domestic/international travel, as well as any in-person internal meetings are being banned around the world, companies are struggling to keep operational goals on track. Policies need to be updated to incorporate the mass influx of teleworkers to the enterprise. Healthcare, banking, legal, insurance, and manufacturing are examples of verticals that are ill-prepared for the fast growth of remote workers. Compensating controls will become more important to organizations as they quickly deploy less than ideal security in response to the rapid growth of remote workers.

This is not a new operational threat to organizations, and it is important to note that some companies already have a Pandemic section to their current BCP (business continuity plan). Also, NIST has a special publication on telework: NIST SP-800-46 (Guide to Enterprise Telework). Companies should not find themselves re-inventing the wheel on this issue.

CONTINUED USER EDUCATION TO DEFEND AGAINST COVID-19 SCAMS
A little education can go a long way to help users make smarter decisions. In early March, Sophos reported that operators of a Trickbot spam campaign had adapted their payloads in Italy to focus on the outbreak. Also, in March, Malwarebytes detected trojans being distributed from a site scraping the Johns Hopkins outbreak map. The Cybersecurity and Infrastructure Security agency has issued guidance regarding telework and increased Vigilance surrounding the COVID-19 pandemic. As secure email gateways have become more prolific, mobile attacks using SMS, iMessage, WhatsApp… etc. will become more prevalent. Understanding the ‘why’ of many of the decisions that are made for security will also make some of the extra controls seem reasonable to users. Strong end user security hygiene is a must:

Guidance from CISA (Cybersecurity and Infrastructure Security Agency)
• Avoid clicking on links in Unsolicited emails and be wary of email attachments. • Use trusted sources—such as legitimate, government websites—for up-to-date, fact based information about COVID-19.
• Do not reveal personal or financial information in an email, and do not respond to email solicitations for this information.
• Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.

REMOTE WORK PLANS PROVIDE AN OPPORTUNITY TO IMPLEMENT MFA SOONER THAN LATER
As you scale remote access and remote workers, scale your strong authentication and multi-factor authentication solution to match. Not doing so might leave you open to the range of credential spraying and stuffing attacks as users almost inevitably re-use passwords or use previously breached credentials.

BEHAVIORAL ANALYTICS TOOLS FOR DETECTING SUSPICIOUS ACTIVITY
UEBA tools can be useful in detecting suspicious activity, and they can be specifically targeted toward admins and power users who handle critical data. As enterprises expand their remote work capabilities, the analysis of remote user behavior will become more important to the overall security capabilities of the organization. Many SIEM’s include UEBA capabilities as well as next-gen endpoint protection. There are also stand-alone UEBA solutions on the market.

UNTRUSTED LOCATIONS
Facilities at an alternate location may be less secure or private. In a shared living space without a dedicated home office, the physical privacy of a device or phone call is far from assured. Homes today include a plethora of Internet of Things connected devices that are not present in most offices. With recent research from Palo Alto Networks showing that “More than half of all internet of things (IoT) devices are vulnerable to medium- or high-severity attacks,” having business endpoints sharing networks with these devices opens a range of new issues that increase security risk.

REMOTE ACCESS
Secure access service edge (SASE) can also be an element of a remote access strategy by offloading multiple tunnels to a cloud location and having fewer tunnels back to corporate gateways. By distributing load and managing all the remote access, some efficiencies of scale can be gained, and often this can be accomplished without the need to deploy new hardware.

IT AND SECURITY SKILLS ASSESSMENT NEEDS TO BE REVIEWED OR CONDUCTED
The pandemic will put a tremendous amount of pressure on technology staff. Network admins that manage remote access VPNs, as well as system admins who are running VDI pools and remote application solutions will have additional pressure to perform. As the reality of the pandemic lands close to home, these vital technical leaders and stakeholders may fall ill. It is important that we identify single points of knowledge and know-how and address them through cross-training and establishing relationships with partners.

THINGS TO AVOID
There are a few items that Presidio sees as significant missteps. First, we have to think of the user experience – not just of security – and not make it more difficult for the user than absolutely required. The two must be balanced as complexity is the enemy of security, and because we do not want users to be attempting to circumvent protection.

Second, from a process perspective, you cannot stop routine tasks and operations. Doing so will leave you open to more attacks. If you have a managed services provider or trusted outsourcer already in your ecosystem, it may be the time to step up their use or to procure additional services.
Third, several conveniences are likely to lead to trouble. You should not enable insecure remote access (such as Internet-facing RDP) to elevate availability, and any direct Layer 3 / Layer 4 access from untrusted endpoints should be extremely carefully managed and monitored.

Finally, as you scale remote access and remote workers, scale your strong authentication and multi-factor authentication solution to match – not doing so might leave you open to the range of credential spraying and stuffing attacks as users almost inevitably re-use passwords or use previously breached credentials.

PARTNERS ARE CRITICAL
As organizations plan for disruption events, selecting the right solutions integration partner is critical to a successful deployment and adoption of technology. At Presidio, we put customer experience first. We are here to support businesses to create a remote work plan that is both effective and secure.

We have a number of options that we can deploy quickly into your enterprise. Please reach out to Presidio today.

Devin Callaway

+ posts

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other".
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_111355416_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script.
_hjIncludedInPageviewSample	2 minutes	This cookie is set to let Hotjar know whether the user is included in the data sampling defined by site's pageview limit.
_hjIncludedInSessionSample	2 minutes	This cookie is set to let Hotjar know whether the user is included in the data sampling defined by site's daily session limit.
_hjTLDTest	session	Hotjar test cookie to check the most generic cookie path it should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.
oktgid	1 year	This cookie is used for storing the visitor ID of the user who clicked on an okt.to link.
oktsid	session	This cookie is used for storing the session ID of the user who clicked on an okt.to link.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
personalization_id	2 years	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by YouTube and is used to track the views of embedded videos on YouTube pages.

Cookie	Duration	Description
__gwtCookieCheck	session	This cookie is used to check if the visitors' browser supports cookies.
AnalyticsSyncHistory	1 month	These cookies are used to deliver advertisements more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited a website and this information is shared with other organizations such as advertisers.
li_gc	2 years	These cookies are used to deliver advertisements more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited a website and this information is shared with other organizations such as advertisers.
UserMatchHistory	1 month	LinkedIn - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

COVID-19 and Remote Work Challenges

Devin Callaway

BRID GRAHAM

MICHAEL KELLY

KEVIN FLEURIE

WAHEED CHOUDHRY

BRYAN CALDER

KEVIN WATKINS

JENNIFER JACKSON

ROBERT KIM

SHARAN GURUNATHAN

MANNY KORAKIS

JUSTIN FILIA

GOPINATHAN PANDURANGAN

STEVEN PALMESE

CHRIS CAGNAZZI

Dan O’Brien

VINCENT TRAMA

ELLIOT BRECHER

BARBARA ROBIDOUX

Please select your venue city and
complete registration form below.

Please complete registration
form below.

Dave Hart

CHRIS BARNEY

JOHN HANLON

Greg Hedrick

Courtney Washington

CHRISTINE KOMOLA

VINU THOMAS

JULIETTE AUSTIN