How Do IT & Security Teams Face the Challenge?
More importantly, how do we do that proactively to ensure minimal downtime for clients as well as ensuring environments and infrastructures are kept secure throughout the process.
The Coronavirus, or COVID-19 pandemic, will be with us for a while, and is already changing everything – including IT and how work is done.
The efficient functioning of IT systems is critical to the world economy, employees’ sense of purpose (not to mention bank accounts), and maintaining the infrastructure critical to keeping health care, government, transportation and utilities all operating.
That means there is immense pressure on IT professionals, who we count on to make all this work. The challenges are massive. IT is not only responsible for maintaining the status quo, but at the same time driving massive change, largely around a workforce often unable to perform their duties in the office. Employees need their productivity software to keep running smoothly, of course. But even more so, they require collaboration and communication software to be an effective member of a team – even when physically dispersed.
Mature IT organizations are already on top of collaboration, with strong Digital Transformation Initiatives driving new ways to work. With Coronavirus, and the expectation that another crisis is only a matter of time, Digital Transformation is no longer a NICE thing to have, but a MUST do. Coronavirus is literally forcing the Digital Transformation issue.
Software-as-a-Service (or “the cloud”) is Your Friend
Many companies in Coronavirus-stricken areas such as Italy and the Pacific Northwest already demand people work remotely, and more regions are asking the same as a precaution. If you are not in this situation, your time may unfortunately be coming.
If your workers use on-premises productivity software, you should consider a SaaS solution such as Microsoft Office 365 or similar hosted applications as well as other remote access applications and/or collaboration & productivity solutions. This way, employees can work from anywhere, and any device.
Is the Remote User Really YOUR Remote User? Detecting Compromised Accounts
Now that workers are scattered over hill and dale, IT needs to track to make sure all these remote logins are legit. The answer is to monitor suspicious sign-in activities. Knowing how many suspicious sign-in attempts are happening, where they are coming from, and what they are targeting is a key security best practice – and especially critical during this crisis. Here are suspicious sign-ins you should track:
- Sign-Ins from Infected Devices
- Sign-Ins from IP Addresses with Suspicious Activity
- Sign-Ins from Multiple Geographies
- Impossible Travel Sign-Ins
Even better is to have reports to identify not only remote login attempts, but also to discover targeted accounts, MFA status, and the reasons the login failed.
During this crisis, some are working from home, still just miles from the office. In other cases, workers are leaving the area, going to vacation homes, living with friends or relatives, fleeing the hardest hit zone. There is no telling what devices they use for work, and to connect to the corporate network. While a productivity boost, all these unmanaged devices can be a security nightmare.
IT should know exactly what devices are connecting for several reasons. Systems are only secure if they are patched and using up-to-date modern software, including operating systems. Windows 7 since reaching EOL no longer rates as a high security platform! What is the OS, what is the patch status? Is the device safe?
Mobile devices have the same concerns. What kind of OS is running? Is it up to date?
Keeping software patches and anti-virus/cybersecurity tools up to date requires that IT knows, and can validate the configuration of workstations, laptops and mobile devices, and what software is installed. More to the point, how do you know if the device is infected? And if it is, how do you know what that device did to potentially spread malware or other malicious software?
Moving to SaaS – Migration and Management Issues
If you move to a SaaS productivity solution, there are migration issues in terms of onboarding users and helping them access data. While migration is a key undertaking, the actual operation and security of that solution is just as big a concern. Include as part of your cloud office migration strategy the ability to address both short-range (on-premises to cloud office) and longer-range (ongoing platform governance, tenant splits, consolidation or cross platform shifts) migration demands.
The Risks and Benefits of External Users
Keeping relationships going with partners means sometimes inviting them into your environment as guest users. In a pinch, you may even have to extend these invitations to employees now relegated to remote work.
External users are riskier than employees are since they are harder to secure, monitor, manage and control. Risks Include:
- Anonymous external users making changes that admins cannot track
- Employees inadvertently sharing sensitive data with external users who were not the intended recipients
- External users accidently or purposely sharing sensitive information
Admins should insure the safety of external users by:
- Crafting a governance plan that determines what external users can do, data they can access, and what they can and cannot share
- Use Least Privilege Access to limit the rights of external users
- Disable anonymous sharing
- Apply Data Loss Prevention (DLP) policies to automatically discover dangerous information sharing
- Disable or limit external sharing of sensitive data
Control, Manage and Secure Remote Workers
Key security best practices include strong password policies, multi-factor authentication, tight mailbox security, and file storage security. Proactively establishing best practices in these areas dramatically reduces security risks. Basic layered and defense in-depth security tools simply do not dig into specific vulnerabilities and security problem areas.
Locking down end-user accounts through secure passwords and rigorous authentication is also essential. Multi-factor authentication (MFA) requires at least two forms of personal user identification and is recognized by the National Institute of Standards and Technology (NIST) guidelines for password security. The United States Department of Homeland Security now recommends that all Office 365 users implement MFA. MFA adoption is easy and Multi-factor authentication is a surefire way to prevent unauthorized logins, and there is little excuse not to use it.
Meanwhile, monitoring employee activities such as their mailbox practices can identify risky behavior and proactively secure business-critical data. Preventing risky activities such as auto-forwarding to external email addresses and limiting access rights to other users’ mailboxes can prevent the spread of malware and the leakage of data through emails. In addition, being aware of unusual email activity prevents targeted spam or social engineering tactics common among today’s cybersecurity threats.
As Gartner argues, “Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement, and mistakes.” That means a poorly configured or managed platform of services is an attack waiting to happen.
Driving Remote Productivity
With the rise in remote work, organizations NEED to make this move. How else can they keep the company going during trying times? Having a remote work or collaborative solution available is not the same thing as putting it to work, and fully realizing its value.
For remote workers to match their in-office productivity, they need to really stretch their legs and begin utilizing these apps to familiarize and experience the value it brings.
Help and Support for Remote Workers
Your newly remote workers have enough to worry about; software problems should be the least of their concerns. Alleviating these frets requires a responsive and effective help desk and/or security operations center.
Contact us today to find out how we’re addressing this ongoing situation for our clients proactively.