16 Ways We Learned to Protect Your Remote Workforce
By Nicole Denton, Cybersecurity Risk & Compliance at Braintrace
October 27, 2020 3:52 pm ET
Cyber-attackers have always been doing all they can to infiltrate into an organization to access information with many different motivations. In 2020, those instances have drastically increased due to COVID-19, forcing organizations to scramble to get employees set up remotely. Many organizations did not have procedures and policies in place for the pandemic.
When COVID-19 started to impact our lives, companies scrambled to get supplies for employees to work remotely. This year, vulnerabilities, and cyberattacks increased significantly.
Here are 16 ways to protect your organization from attacks (BEC, ransomware, virus, etc.):
- If an employee is working remotely, ensure each employee has anti-virus and anti-malware on their mobile devices.
- Make sure to monitor logs of traffic coming in and going out of the organization’s network.
- Implement a SIEM (Security Information and Event Management), which will monitor the network and produce logs.
- Implement an EDR (End-Point Detection & Response) and MDR (Management Detection & Response such as Dragonfly. EDRs can help with the following:
- Implementing an EDR will identifying any known malicious applications or files and preventing them from executing and their malicious behaviors.
- Identifies any IPs and traffic across the network that could be malicious or unknown, alerting such behavior.
- Keep logs centrally from your firewall(s), networking equipment, servers, and other protection solutions in place; saved for about six months to a year on a network resource that can have the logs on that system with the capability to store all logs.
- Putting in place firewall rules that allow only the specific IPs needed to access the company’s network. Limiting or not allowing IPs from other countries to have access to the network.
- Be sure to close all ports that are not in use, which do not need to be open to anything outside of the network.
- Patching all:
- 3rd party software
- operating systems
- firewalls/networking equipment
- Consider implementing GPO restrictions and Microsoft AppLocker together. This is an easy and affordable way to restrict ransomware and malware from installing on the network. Consider referencing Computer Internet Standards (CIS).
- Ensure all things require a password to be at least 15 or more characters long (using upper and lower case letters, numbers, special characters). Use a passphrase of the same length or a generic password of the same length and same characters randomly created by a password manager or password generator application.
- Have security training for all employees at least annually.
- Understanding the organization’s network and how it works (i.e. getting your networks baseline).
- Putting into place an application that scans and filters emails before they are sent on to the user.
- Ensuring all controls and policies are in place, and each is tested regularly.
- Restrict administrative rights to only one person, and it is used for emergencies only. All other users are only allowed access relevant to the user’s job role. Consider implementing LAPS (Local Administrator Password Solution), which can be done through Active Directory. LAPS does require the system to be on the domain.
- Put into place a backup process that is done regularly and not live. It is also a good idea to test backups regularly. Have a plan in place for recovering a backup.