Whether they like it or not, many organizations have been forced to adopt work from home practices to continue operating. Working from home isn’t new. In fact, between 2005 and 2017 the numbers of people that were able to work from home grew 156%. However, it has generally been seen as a bonus rather than a given and more traditional workplaces have been resistant. 

Despite the fact that 49% of office workers have never experienced working from home before, this experiment has largely been a success. Empowered with communication tools like Slack, Microsoft Teams, Google Hangouts. and Zoom, teams have had deep connectivity even from their own living rooms and many organizations have actually seen increased productivity.

Even so, the challenges of working from home are enormous and are invariably compounded by technological difficulties and poor home security practices.

Security teams, in particular, are feeling the pressure. With numerous workers now operating outside the corporate network security controls, new attack vectors have been opened up which are being exploited by cybercriminals.

Cybercriminals Taking Advantage of the Pandemic

Several security providers have put together data sets which show clear spikes in malicious activity since the beginning of the pandemic. McAfee created its own coronavirus dashboard which shows malicious detections quickly growing from the hundreds into the thousands over the last six months. The most common threat type has been Trojans with Spain and the US being clear outliers in the number of threats detected.

As of August, there were nearly 2 million malicious detections against over 5,500 unique organizations. McAfee go into detail about the families and types of attacks that they’ve seen a spike of cases in since the pandemic began.

WFH challenges for security teams

We’ve established that cybercriminals are taking advantage of the security breaches created by a sudden adoption of working from home but what is it exactly that makes working from home lees secure and what exactly are the security flaws threat actors are targeting?

Working from home doesn’t necessarily mean working from home, it could also mean working from anywhere and many workers have already figured that out. This means workers can (in theory) escape their houses and head out to cafes, restaurants, libraries or other public spaces with free WiFi networks. Zoom, with its virtual background feature, has incidentally supported this. The key issue with this is when workers operate on unsecured open networks. 

Ultimately security professionals have to try and ensure device security and data protection in the work from anywhere model - a challenge made significantly harder with over 50% of employees using their own devices during this period. IT teams have tried to make the security transition easier, with some 70% increasing VPN use among employees, however, 1 in 4 workers according to the Morphisec report were unfamiliar with their company’s security protocols.

This challenge for security professionals has resulted in the majority of security professionals seeing a sizeable increase in workload since their companies began corporatewide remote work. And while most of the transition to WFH went smoothly, respondents reported an increase of security incidents, with the top issues including a rise in malicious emails, non-compliant behavior by employees and an increase in software vulnerabilities.

What can be done to improve WFH security?

Security teams have had years to develop best practices for combating the ever-evolving cyber threat landscape. The sudden move to work from home though has shifted power away from them and brought a greater reliance onto workers who simply do not have the expertise to maintain proper cybersecurity protocols. 

Worryingly, 20% of workers said their IT team had not provided any tips as they shifted to working from home. This has opened exploitable attack vectors and introduced new challenges for security professionals. This though isn’t to say that there is nothing that can be done.

Step 1: Control the WFH Environment

This is all about educating employees about best practice and the reasons for these practices when working from home. For example, informing them not to use open networks.

Step 2: Control the WFH Computer

It’s a good idea to supply the computer being used so that you can install the proper security softwares and control access to sites which might offer security risks as well as maintaining control over permissions.

Step 3: Improve your Phishing Responses 

The crossover between home life and work life extends beyond the location. People are more likely to spend time on social media networks and working on private projects than they would be if they were in the office. This opens them up to more phishing campaigns so it’s important they know how to avoid falling for them.

Step 4: Restrict Remote Access to Sensitive Documents and Data

Lockdown permissions and access to sensitive documents and data. If they really need access they can communicate this need with you directly and you can ensure it is done securely and safely. 

Step 5: Monitor Surface, Deep and Dark Web for Emerging Cyber-Threats

Use an OSINT tool like Signal to monitor for cyber threats, planned attacks and data breaches.

Step 6: Encourager VPN Usage

VPNs are a simple and easy way to improve security. It’s worth ensuring the company has a quality VPN service that doesn’t slow a users internet connection unnecessarily as this might persuade workers to turn it off.

Step 7: Don’t Allow Split-Tunnels

Split-tunnelling allows a user to access networks through both the encrypted VPN service and a potentially unsecure network simultaneously.

The Role of Threat Intelligence for Improving Work From Home Cybersecurity

One of the key benefits of using an OSINT solution like Signal is the ability to create customized searches with Boolean logic to uncover hyper-relevant threats in real-time with SMS and email alerts. 

Ways that this has been used in the past to improve cybersecurity include:

• Early detection of data breaches. The average cost of a data breach in 2020 is $3.86 million. The earlier you catch a data breach the faster you can take action to mitigate the associated financial and reputational damage.

• Discovery of new cyberattack strategies, exploit kits, phishing tactics which were talked about or for sale on the dark web.

• Organizations have uncovered attacks that are yet to be carried out. This is true for both physical attacks against an asset or person as well as cyberattacks. For example, details of a phishing strategy and the targets within the organization were discovered after being talked about in a darknet forum. 

• Monitor employee online activity. For example, this can allow security teams to identify employees who have been targeted and even blackmailed by cyber attackers for access to company data.

Corona Virus has for many been a rude awakening. Companies have been left scrabbling in an attempt to put in place contingency plans and deal with the spread of misinformation, all whilst facing tumbling share prices.

COVID-19 is the most recent global incident, it’s not the first and it won’t be the last, however, it has thrown into harsh light the realities and weaknesses that surround many organisations international structure. Our increasing levels of globalization throw local isolationist policies out the window and if a company wishes to maintain economic growth changes in the way that they manage their response to global incidents is needed. 

In the wake of a global incident, corporations need fact-based reliable information from official sources and they need it fast. The smart adoption of technology can help facilitate the means for companies to protect their teams and assets as well as mitigate potential damages to the business.

Dealing with Misinformation: Disruption is the new normal.

The rapid spread of news and information online has sparked a recent increase in global headlines highlighting critical outbreaks. International concerns can cause loud and distracting noise when trying to identify specific data.

On top of this, panic has followed in the wake of COVID-19, stocks have plummeted to levels that haven’t been seen since 2008, people are rushing to stores to stock up on necessities. This panic has been spread and amplified by both a lack of preparation for a global crisis of this nature, as well as an amount of misinformation spread rapidly through both social media and even through more trustworthy news sources. 

To tackle this, the first thing any organisation needs is accurate, relevant and trustworthy information. You don’t want to be relying on secondary, potentially egregious sources, not only because it will take longer to uncover news forcing, but you also won’t know how reliable that information is. Sad as it may be to admit, many media outlets aim to sell news, and facts aren’t necessarily lucrative, spectacle sells. 

Using an open-source intelligence (OSINT) software like Signal you can create a custom real-time stream from official sources such as the World Health Organisation, or the CDC to get reliable information and updates fast. Easily sift through unwanted information to detect only the most valuable in an outbreak.

Better situational awareness for a more efficient response

Increased situational awareness allows companies to proactively respond to crises. It allows them to get accurate information first, and create actionable and effective strategies based on reliable data to efficiently counter emerging threats.

As well as having multiple sources, companies can use OSINT tools to identify trustworthy and “official” statements and sources and tailor their live stream searches around those. This is often where the news breaks first and will give an unbiased account of the facts.

Examples of responses to COVID-19 can be seen from several large companies including Facebook and Amazon. In areas where there are outbreaks, such as Seattle, they have closed down offices and asked employees to work from home. They have also both cancelled  conferences which would have drawn thousands of people together with potentially disastrous results - instead they are looking at creating a virtual experience instead. This is just one example, of how companies, armed with accurate information can then use available technology to facilitate preventative measures mitigating the threat of the outbreak.

How OSINT software can help

Improve employee safety

Knowing how to respond and then implementing an effective response without causing further panic or further spreading misinformation allows organisations to effectively protect their staff in and outside of the office. 

For example, knowing how COVID-19 is spread as well as understanding the the severity and location of the outbreaks means you can form effective localised preventative measures without causing undue widespread panic or unnecessarily harming your business.

Better executive protection

Executives travel, and travel entails risk especially with an evolving international crisis of this nature. In this scenario, for example, it would be sensible to protect these executives by taking simple precautions such as delaying trips to areas with severe outbreaks such as China or Italy.

In line with current government recommendations all employees should be practicing social distancing and where possible managing meetings with video conferencing technology. Adapting in the face of an emerging threat such as COVID-19 allows companies to reduce the risks that they face and better protect their staff from exposure. 

Supply chain management

Those businesses that are built on the foundations of large and complex international supply chains have to question their structure and practices. What is the backup plan? How do you mitigate the threat to a potentially compromised supply chain? And perhaps, more importantly, how do you protect those staff and assets that are involved? 

First, you need actionable and accurate information in real time allowing you to fully understand potential risks and issues and only then can you form an effective plan of action.

Summary : The Importance of Accurate Real Time Data

Coronavirus is the only the latest example of a disruptive global crisis and it won’t be the last.

Due to the rise of unofficial media sources which can easily disseminate news through the internet, especially social media platforms, there is a lot of potentially unreliable information being consumed. Fact-checking can be immensely time-consuming and many people don’t bother, which is how false information propagates. As an organisation though this misinformation can be as harmful or even more harmful than the reality. Getting ahead of and tackling false news becomes an important task.

In terms of dealing with a global crisis such as COVID-19, think about spreading fact-checked sources through internal communications to allay fears spread through potentially incorrect or misleading media. This will also show employees that you are on top of the situation encouraging trust in the organisation and your official response.

To truly and effectively mitigate the threat of global incidents, how companies utilise technology to adapt to the scenario will make a huge difference. Ask yourself: Does your business offer flexible working practices? How can your business support workers if they need to self-isolate? Do you need your executives to attend events in physical locations or can business be done virtually? And as a final consideration - a side effect of these changes - how might these adaptations become more normalised to improve employee efficiency as well as supporting a healthier work life balance?

Resources 

• https://www.who.int/

• https://www.cdc.gov/