Search
Close this search box.

How to be cyber safe while working from home

Share:

Via AMUST

Due to the current COVID-19 situation, many employees must work outside of the office to minimize the spread of infection. But until recently, most organizations have not required employees to work remotely, so there is now a rush to implement the necessary technology to do so.

What is commonly neglected is the need for secure channels to facilitate access to internal systems by external users.

There are severe consequences for failing to implement security controls that prevent an attacker from obtaining the same access to a company’s systems as a remote employee.

A common vulnerability is the Remote Desktop Protocol (RDP) and other remote access protocols, especially when these are open facing to the internet.

From Gridware’s experience in incident response, having RDP accessible to users outside of an organization is often the root cause of attacks that can cripple a company’s IT infrastructure and halt operations.

There has already been an immense impact on Australia’s economic growth and the livelihood of businesses due to COVID-19. Because of this, businesses are left extremely vulnerable to further malware attacks that can shut down operations permanently.

Another significant risk is the increase of phishing campaigns and scams that take advantage of people’s fear during the COVID-19 pandemic.

According to Scamwatch, there were already 2401 reports made to the Australian Competition and Consumer Commission (ACCC) of phishing scams in January 2020.

In contrast to this, as of the 20 February 2020, there has already been 2942 phishing scams reported for this month alone (https://www.scamwatch.gov.au/about-scamwatch/scam-statistics?scamid=31&date=2020).

More specifically, the Australian Cyber Security Center (ACSC) has been notified (https://www.staysmartonline.gov.au/alert-service/covid-19-scam-messages-targeting-australians) of a scam being distributed through text messages that purport to come from a “GOV” sender with a link for details on “how to get tested in your geographical area” for COVID-19.

The public is in disarray already during this current crisis, with supermarkets being left barren and shelves emptied by panic-buying shoppers. Because of this, individuals are more vulnerable to these kinds of phishing scams that play on people’s fears; many are desperate to be tested for the virus to avoid spreading it to other vulnerable family members, such as the elderly and small children, and others want to seek clarity in this current state of disorder.

It is imperative that the community is educated on the cyber threats that will arise during the current COVID-19 pandemic and that businesses have the required knowledge to secure their systems in case of attack.

To assist in this, Gridware has prepared a checklist of what remote employees need to stay cyber safe based on our experience in responding to cyber incidents:

  1. Ensure RDP isn’t open to the entire internet – While protocols such as RDP are necessary to allow employees to gain remote access to systems within a company’s internal network, this can be a significant security risk. If an employee can connect to a company’s internal systems from the outside, so can a potential attacker. Although having the correct user credentials is often required for RDP connectivity, it is a simple task for attackers to brute force or steal user credentials. In many incidents Gridware has been involved in, all it takes is for one insecure machine to be accessed by an attacker for malware to then spread to other connected machines within an organization’s internal network.
  2. Use a corporate VPN (https://www.cisco.com/c/en/us/products/security/vpn-endpoint-security-clients/what-is-vpn.html) – VPN is short for virtual private network. Using a VPN service is essentially the virtual equivalent of an internal, private network that remote users can connect to over encrypted channels. By implementing a VPN, this can allow employees to connect to an organization’s systems remotely without having to have a private network open to the entire internet, thereby ensuring that remote-access protocols aren’t accessible to unauthorized users.
  3. Multi-factor authentication (MFA) (https://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984#) – Multi-factor authentication is a method that uses two or more authentication factors for authenticating a user. Usually, this is implemented by requiring a user password for login and a one-time password (OTP) that can be generated by an authenticator app or sent over SMS as a one-time code. Enabling MFA on all employee email accounts can eliminate the risk of a business email compromise (BEC) occurring where an attacker can hijack an email chain from a legitimate user’s account. Additionally, MFA can be enabled for all VPN accounts that employees use to connect to the organization’s internal network and RDP clients. This can significantly reduce the risk of an attacker brute-forcing RDP credentials to gain unauthorized access to a company’s systems, ensuring that remote employees can work safely and without disruption.
  4. User education – last but not least, is user education. Educating users is a highly effective method and is listed as one of the Australian Signals Directorate (ASD) Strategies to Mitigate Cyber Security Incidents (https://www.cyber.gov.au/publications/strategies-to-mitigate-cyber-security-incidents). Users can be given the knowledge to avoid phishing emails, avoid unsafe websites and use strong passwords with multi-factor authentication. Education is especially important to notify users of potential scams that are being distributed during the current COVID-19 pandemic and how to avoid these.

While cyber-attacks are on the rise as businesses switch to working remotely, your organization does not have to be at risk.

Gridware has extensive experience in incident response and assisting businesses in formulating strategies to keep systems secure. For more information, consult Gridware to see how we can help you.

Author picture

Gridware is one of the leading cybersecurity providers in Australia, delivering world-class outcomes for our clients. We are uniquely positioned as an independent advisor, giving clients the confidence that they have mitigated their cybersecurity risks to best-in-class standards. If your organisation requires an approach to cybersecurity that is robust and reflects best-standard approaches to the latest threats, get in touch with us today for a discussion.

Contact

Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Company

Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →

Services

Services

Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl
360

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution

Solutions
Resources

Resources

A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →