Johannesburg, 29 May 2020
If you have a smartphone, laptop, or any type of device, you are carrying a massive amount of data – and with that data, comes the responsibility of information security.
As businesses are looking more to online business platforms and enabling their employees to work from home, strengthening their line of defence to keep doors open and bills paid is of paramount importance.
With cyber security risks on the rise, the businesses weaknesses are now more exposed more than ever as employees continue to work from home. Kagiso Mokgofa, SOC Principal Engineer for CyberTech, points out factors to boost your remote office security:
1. Educate your workforce
Employees could be the weakest (or strongest) line of your defence. By making employees aware of security threats, how they might present, and what procedures to follow when a threat is identified, you are strengthening the most vulnerable links in the chain. Awareness training goes beyond assisting employees in being security-conscious of the threats, but also benefits the organisations in not being targeted by using the users as a point of entry. Conducting random tests such as phishing e-mails, and monthly training is a way to effectively measure and improve employee responses to potential cyber security threats. Encouraging employees to report suspicious incidents which alerts the IT team to take action and remediate.
2. Exercise vigilance of patch management
Businesses can strengthen the security of their data by patching vulnerabilities through which malicious actors could gain access to their network assets. Security patches don’t just fix bugs on the operating system of the software, but also address critical vulnerabilities in the software that hackers use to gain unauthorised access to data. It is critical for businesses to address patches such as operating system updates, business-critical applications and anti-virus software. Businesses still struggle with patch management because they are either unaware of the security patches available and which are the most critical ones, and most likely still discovering applications in their environment.
In a time like COVID-19 where employees are working from home, Mokgofa points out that companies should make provision for employees that don’t have access to high-bandwidth Internet usage to schedule time to visit the office to do necessary updates. Zea Silva, Key Account Manager at CyberTech, explains: “Every new cyber attack is a reminder of why patching is important and while attacks could take place, businesses need to have the tools to detect and respond to these types of attacks. Tools like EDR and SOC as a managed service facilitates immediate response to threats and stops them in their tracks.”
3. Deploy EDR security
SOC analysts are highly-qualified individuals that understand cyber attacks and can leverage tools like endpoint detection and response (EDR) to identify and suggest remedial action when malicious malware is detected. EDR software provides valuable clues to malicious activity and protects employees from unknown threats by blocking these attacks which can be legitimate applications running malicious activity on the user’s machine.
Mokgofa goes on to mention that: “One of the reasons why an attacker gains entry using the end-user, is so that malware installed on the user machine can connect to a command and control server, so that it can take instructions on how to behave or what to do. EDR solutions do not operate like your traditional anti-virus software by looking at signature-based viruses or known threats, but rather focuses on looking at behaviour of the user machine. EDR will help detect and block malware downloaded and executed through a phishing e-mail or by a user visiting a Web site that has malware embedded on it. Our SOC will be able to see flow of events from when the malware is downloaded to what commands using legitimate programs are executed, lateral movement attempts, file encryption, or any other malicious behaviour.”
4. Protecting all users’ devices in the household
Mokgofa states: “What is often forgotten or not top of mind is that while users are working from home, they should remain cognisant of occurrences on the other users’ devices in the household. While parents often leave children with devices unattended, hackers are now targeting other members in the household who are less aware of the security risks, especially kids. The malware would most likely spread into the user's home environment, and then the organisation, which is why it’s important to be aware of the sites that are being browsed.”
Silva notes: “User behaviour has been a key driver as hackers identify patterns of behaviours. Hackers are tracking all data in all forms from Facebook feeds to online activity in order to identify how to target an individual with a more relevant phishing e-mail.”
Silva urges organisations to “embrace a data-centric approach through which they develop a strategic understanding of what data they have and how valuable that data is to their business operations. Setting strict permissions prevents any misconfigurations and enables access to only authorised users.”
Within the organisation, defences have originally been perimeter-based, forming walls around the network, but with more access points this approach is no longer enough and organisations must assume all data is at risk. Ultimately, for data and organisations to have a chance at survival, controls must be specific, controlled and responsive.
Share