Not long ago, cybercriminals used the coronavirus crisis as an opportunity to trick people into installing a variety of malware and data stealers—a hack made easier as much of the world’s workforce made a rushed transition to work from home. One scam by antivirus-covid19.site advertised a “Corona Antivirus” that urged people to install a digital antivirus that turned out to be malware. Another dangled information about COVID infection data in local communities as bait to lure users into giving away credit card data.
In another case, it was the newfound popularity of collaboration tools, such as Zoom, that allowed hackers to scam people. Remote employees were clicking phishing emails that appeared to be sent to them by Zoom. “The Netflix Free Subscription” scam is another example of how even the more wary people can be lured into sharing personal and payment information with the use of a simple message: “Due to the pandemic, Netflix is offering everyone a free year of service to help you stay at home.”
According to channel security vendor Webroot, 2% of the 20k websites created with COVID or coronavirus keywords were malicious. During the same time, files marked malicious with the word “zoom” increased to an alarming 2000%. When you pair 768% growth in Remote Desktop Protocol (RDP) in 2020 with a lack of endpoint management, cybercriminals enjoyed an incredible opportunity to deliver ransomware.
The threat of cyberattacks continues to loom large in 2021, so securing your clients’ remote workforce should be an MSP’s top-of-mind concern. Start with a thorough evaluation of the IT infrastructure and follow it up with important changes to day-to-day security controls.
Understand your network map
Sketch out an overview of your clients’ devices and cloud storage. Having a network map will empower you to see vulnerable endpoints and the list of unauthorized devices. The overall exercise should help you establish the access and restrictions for each device on the network—something you’ve probably done before, but will need more rapid refresh cycles as workplaces remain fluid.
At the same time, create risk management programs to evaluate risk. Simple security incident questionnaires for remote employees and industry-standard security posture assessments will help you evaluate each remote worker’s access.
Add a layer of remote security with automation
Cybercriminals often take advantage of holes in outdated software. To combat this, automate software updates on all remote machines and automatically institute monthly password updates that require employees to set “strong” passwords periodically.
Create standardized processes to ensure that security updates are installed immediately on each remote machine. This also applies to remotely connected devices, which should be replaced if outdated. If replacing or upgrading those systems is not possible, build new security controls to compensate. Automate backups whenever possible and try to keep the frequency regular enough so rolling back to these backups does not cause you issues.
Trust no one
To prevent unauthorized remote access, implement 100% multi-factor authentication rather than requiring employees to connect to the corporate network. With this approach, only certain remote applications will be exposed and all remote accesses will be verified. The same can be achieved by using secure web gateways instead of traditional VPNs. Also, do not forget to conduct periodic reviews to ensure only authorized remote users gain access to each system.
Use the power of “encryption”
Automate processes such as data identification, classification, encryption, and masking to monitor data loss in real-time. If you are using third-party video conference tools such as Zoom for remote meetings, make sure each meeting is conducted using encryption. Create waiting rooms for attendees as you “enable/disable” a participant or all participants to use the “record” feature. As an organizational policy, protect all meetings with a password.
Promote cyber literacy
In the new normal, security must become a part of all security programs across vendor applications, infrastructure, cloud, and data. To create such end-to-end visibility of security metrics, improve cybersecurity literacy among your clients and their remote employees through awareness campaigns, mandatory quizzes, and company-sponsored cybersecurity certifications. It is also important to provide users who are granted administrative accounts with additional training on the risks brought on by their privileges.
Put a response plan in place
With cyberattacks becoming frequent and consequential in recent years, your MSP should have a well-considered and thorough incident response and business continuity plan. These plans should be regularly tested, exercised, and stored offline. Your MSP must have a designated team for dealing with data breaches or potential ransomware attacks. Ideally, plans should be approved by the CEO and include comprehensive prevention protocol training. Don’t forget to clearly communicate to your MSP clients what the plan is and when it would be in effect. Knowing that you are prepared for the worst-case scenario is a value-add for your customers.
Final Thought: Cybersecurity risks are increasing due to increasing digitalization and remote work in the post-COVID economy. Amidst increasing phishing attacks and distributed-denial-of-service (DDoS) campaigns, MSPs need to prioritize security and design an integrated approach to safeguard their remote workforce as well as their clients’ distributed workplace.