Attackers are capitalizing on our fear
Cybercriminals and malware authors always try to find the most effective way to trick users into making poor, risky choices. Fear is an extremely effective mechanism, so in the last weeks we’ve seen this happen with the pandemic. Phishing attacks that purport to carry news about quarantines and lockdowns, infections, vaccines, and “did you see which celebrity tested positive” are on the rise. Mobile apps that claim to help you track the spread of the virus actually introduce malware onto your mobile device. We’ll see more of these in the coming months, and then when the proverbial smoke clears, there will be another round warning people about another crisis that’s even worse.
Company networks under strain
As the workforce moves from offices to homes, businesses are forced to adopt remote worker practices, often with no experience with this model. This might mean a greater reliance on VPN technology. Of course, if your business isn’t used to monitoring a suddenly-packed VPN appliance, your security monitoring effort might miss unauthorized VPN access from stolen accounts. Make sure you’re using multi-factor authentication for your VPN solution.
Other businesses might give up and expose internal applications to the internet to facilitate greater remote access,but without properly protecting those applications. The right way to make these applications public involves strong authentication, filtering traffic and requests to the app (using intrusion prevention and web application firewall tools), and ensuring sensitive data exposed by the application cannot be accessed by unauthorized users or assets. Make sure your servers and network infrastructure are getting patched, too.
Finally, more company assets might be attached to more untrusted networks than a few weeks ago, mostly home networks. While we’d like to think they’re just as clean and safe as the company network, there might be exposure to a compromised or infected machine. You need a strategy to patch, enforce policy, and update controls and defenses on your workstations wherever they are.
Cloud solutions, a blessing and a curse
We’ve got plenty of customers that have migrated many of their essential applications to the cloud and so find themselves in a good spot. The apps are already broadly accessible from the internet, no need to have folks in the office anyway!
However, we also see plenty of these workloads operating without proper governance. Now might be a good time to look at how data is protected in these workloads, how servers and applications are hardened, and if the security controls in place are actually addressing the business’ risk, or if they’re just a placeholder. Is that enough to worry about? Our goal isn’t to add to your anxiety, but to relate, and to offer help. Talk to our experts for assistance in dealing with any of these challenges. And stay healthy!
Visit OnX to learn more.