AdobeStock_332252567.png

27-Mar Security Update

Any system that has enough pressure applied, will eventually start to show signs of weakness.  The speed at which COVID-19 has forced workforces to operate from outside the fortifications of their usual office systems and tools, has exposed gaps in cybersecurity practises. Some are cavernous, others more subtle.  

Now that we are all starting to develop our routines in the “the new normal”, it’s time to take a breath and look at how we are operating from remote locations, and what we can do to improve our security.  

Our observations over the first 48 hours of lockdown

Covid_0001_exclamation-triangle_0005_shield-alt.jpg

Responsibility to secure information 

Our obligations to secure sensitive data have not altered. In the first 48 hours of lockdown many of us have found that our processes rely heavily on people to manage and monitor our systems.  

Security controls for non-distributed workforces typically depend on the local networks in our offices. Devices that are no longer connected directly to the local network are more difficult to update, manage and monitor. be rest assured, they are well supported by your normal site engineers.

Covid_0001_exclamation-triangle_0004_user-secret.jpg

Increase in scams and attacks 

World leaders are obsessed with deploying measures to eradicate COVID-19. Media outlets are being used to reinforce government messaging and directives, focusing our attention on the gravity of this situation.  

Inadvertently, we are dropping our guard and the bad guys are taking full opportunity to exploit this situation. Ransomware, phishing and malware disguised as official COVID-19 or Coronavirus information is on the increase and are continually testing users' abilities to identify what is legitimate.

Escalation details are on our website (https://www.yorb.tech/covid-19.html)

Covid_0001_exclamation-triangle_0003_home.jpg

Adhoc work from home arrangements

Those of us with newly distributed workforces have found that hunkering down at home has been a challenge.  

  • Remote access solutions are struggling to cope with capacity  
  • Permissions are being elevated to cater for access issues.  
  • Residential internet connections are under pressure when trying to cater for kids streaming schoolwork, Netflix and Teams video conferencing all at the same time 
  • Printing is proving to be a regular request for support teams. 

Home devices (BYOD) have been required to bridge gaps where there is not enough business equipment available 

Covid_0001_exclamation-triangle_0002_fingerprint.jpg

Multi-factor authentication 

There has been a lot of discussions held around Multi-factor authentication for some time, but very little traction in deployments. For many, being forced into a distrusted workforce, an added layer of security would be a welcomed comfort right now.

Covid_0001_exclamation-triangle_0001_phone-laptop.jpg

Devices left in offices unattended

Many end users left the office in such haste that countless devices remain turned on and unattended in offices. Without regular interaction from people, these devices provide opportunity to be exploited. This is especially important if updates are not automated and applied in timely fashions.  

There are still examples of backup solutions which require the manual changing of portable drives to be taken offsite. The backups are likely to be running to schedule but will be overwriting the currently attached disk, and under the lockdown regime, you have no ability to get them offsite. 

Covid_0001_exclamation-triangle_0000_dog.jpg

Distractions

Sharing workspaces with competing priorities is a challenge. Kids wanting your time and attention or to do something on the computer, the cat wanting a pat or fear of a deadly virus getting into your house are all taking our attention away from security.  This is a time where employee focus is essential. 


What can we do in the coming weeks to reduce this risk?

Covid_0001_exclamation-triangle_0005_shield-alt.jpg

Increased vigilance for scammers 

The best thing everybody can do - turn on you bullshit radar!  If it looks too good to be true, it probably is. 

Make sure you have good processes in place to authorise payments. Don’t rely on email alone. You must confirm email requests by verified voice contact with the requester. Be sure who you are paying is genuine! 

Now is the time to keep investing in training staff. Continue your email phishing testing and make it more challenging. If you don’t have this in place, consider deploying it.  

When checking if something is true or not, use trusted sources of information. Ring our Support Centre or use government sites such as Cert NZ.  

Covid_0001_exclamation-triangle_0004_user-secret.jpg

Backups online

If the restoration of your business information remains in a portable disk inside an inaccessible building, then you need to give us a call to discuss options now.  

There are many online solutions that can easily be configured remotely that will provide you with some comfort that your data is at least available for recovery if needed.  

Covid_0001_exclamation-triangle_0003_home.jpg

Accessing systems behind locked doors and Securing information 

Rather than allowing home devices access to your systems with, at best, limited security prevention installed, give us a call to see what is best for your situation.  

We have a COVID-ready solution available that will allow staff to securely connect to a desktop inside your office from a home device without fear of any cyber-nasties getting in. 

Covid_0001_exclamation-triangle_0002_fingerprint.jpg

Planning

The current lockdown is unlikely to be the one and only time we experience this type of event. With time away from the water-cooler chats and general office distractions, we are using the enforced lockdown to do some business planning and critical thinking, and we think you should to.  

If you don’t already have plans in place, now is an ideal time to start working through your Business Continuity plans or to look at improving your security posture with multifactor authentication technology.  

If you have not already adopted a modern workplace, then now is also the time to look at how the current situation is affecting your business, and how a mobile, modern workplace can help your business stay relevant.  

Regards
The Yorb Team