Register for path TuesdayMany organizations are prioritizing the health and well being of their workforce in the wake of the current global pandemic. Many threat actors are also taking advantage of this opportunity. I’ve seen recent examples of social engineering—with calculated phishing campaigns preying on those who seek information on the COVID-19. As noted by Security Researcher Brian Krebs, one hacker group even used a copy of a legitimate map of the impact of the virus to infect machines with malware.

The FBI is taking notice, warning users about the increase in these attacks and to be extra vigilant when sifting through their inbox, visiting a website or clicking on a link.

This is a new world when it comes to network security. It’s likely that quarantine, stay at home orders, etc., will have a permanent effect on how organizations do business. With that in mind, here are five recommendations from Ivanti CISO Phil Richards on how to make security a priority in these trying times:

1. Asset Management

Your network has just expanded. You have new devices and new networks. You need to be thinking in terms of these new assets, how to identify, track and manage them and how to make sure your users have access to what they need and nothing more.

I recommend a solution that can provide with remote asset discovery. It’s likely you’ve already encountered BYOD, but with a growing remote workforce, you may see new devices trying to access corporate systems.

It’s critical that corporate-owned assets are performing at peak, even though they’re not physically in your building. A good asset management solution can provide you with the insights to tell when a device might be having an issue, allowing you to get out ahead of any potential major problem.

2. Good Security Hygiene

Cyber criminals have been working from home forever. Your team is new to it. An employee’s home network is now the easiest access point to your environment.

Your IT team needs to be leading the push to preserve good security hygiene now that users are at home. It may be tempting for users to visit sites they wouldn’t normally access at the office, but hackers are counting on this. A little education campaign may be in order to make sure users aren’t taking liberties and visiting sites that have been known to infect devices with malware.

Users are still on the corporate network even if it’s via their own modem and router. Let this serve as a reminder to keep systems up to date and to take proactive defensive measures. This is particularly true if you are allowing employees to connect with their own devices. 

3. Configuration Management

Your corporate VPN is your first line of defense. Use GPO policies and configuration settings to control the systems that attach to your network. Configure your VPN for allowed devices only. Ensure that vendors or customers accessing your network have the right security structure in place before connecting.

It’s never a good idea to have all employees attached to your VPN. This increased load puts a strain on your systems and could compromise performance and access for those who actually need it to do their job.

Now’s the time to identify and plan for configuration drift. It’s crucial to minimizing risk and maintaining disaster recovery systems.

4. Patch, Even if it Isn’t Your Computer

Whether you have an Ivanti solution, are using SCCM, or another vendor’s endpoint management solution—Ivanti’s patching capabilities can help you secure your environment in less time with less effort.

5. Add AV on Your Remote Systems

We’ll start with a story. Recently Ivanti did an organization-wide deployment of Crowdstrike’s AV/AM solution. We deployed to more than 1,700 endpoints and only one person noticed. There was no disruption to business-critical systems, no unnecessary or unplanned downtime, it was as smooth as can be. The one person that noticed emailed IT only because they spotted a notification that Crowdstrike was now active on their machine.

With threat actors taking advantage of an increased demand in information on the global Coronavirus pandemic and a remote workforce who largely relied on the protection of their corporate networks, it’s time to get familiar with the above practices.

Chris Goettl and I go in-depth on these topics on our Threat Thursday webinar series. Register now for the series and see past episodes.