Most of us understand by now (hopefully) that this COVID-19 emergency is not the time to take chances with our health and safety. The benefits of being disease free far outweigh the costs of some social distancing and extra diligence about hygiene. However, I’m worried that many companies don’t seem to make the connection between what they’re doing to protect their employees and what they should be doing to protect their data.
That’s dangerous because hackers are heartless. In their world, COVID-19 doesn’t bring suffering and death; to them, it’s all about opportunity and wealth. Like a virus, they’re attacking the most vulnerable and leaving untold damage in their wake.
Unfortunately, we’ve seen and heard about companies across America that are making hackers’ jobs easier. For example, the additional strain of accommodating remote workers has caused many IT departments to open ports and grant access that they would never allow normally.
RDP, VPN, oh my!
One common problem is companies opening remote desktop protocol (RDP) access, which can be easily exploited. Others have VPN configuration errors that slow network traffic, frustrate users, and put pressure on IT staff to relax security measures in order to improve productivity. And some are not monitoring network traffic, which can open the door to brute force attacks. Raxis is seeing this firsthand in many of our external and remote internal penetration tests we are currently conducting for our customers.
Add to this the challenge of team members accessing the network with their home devices. Each one brings with it a high degree of risk that most office-based IT teams aren’t accustomed to managing at scale.
The bad guys know all this, of course. That’s why we’ve seen a surge of attacks, many based on the COVID-19 emergency itself. Scammers know we’re scared, tired, and worried for ourselves and our loved ones. We’re more likely to click on a malicious link or reveal sensitive information – and less likely to have appropriate safeguards in place when we do.
Where to start
So, what’s the solution? Our previous posts in this series have talked about ways to make networks more resilient from a technological perspective. But this is also a time when IT pros have a responsibility to safeguard their companies infrastructure and protect their employees. It’s up to you to make sure that productivity doesn’t come at the expense of security, even if that isn’t what your C-suite leaders or colleagues want to hear right now.
The good news is that you don’t have to go it alone. Raxis experts can help you discover and document any unintended security consequences that come from your team working remotely. We can provide a fresh, hacker’s-eye evaluation of your perimeter defenses along with continual assessments to make sure they remain effective. We also offer many remote solutions that go hand in hand with the new workplace guidelines for many of our customers.
Just as the coronavirus has made us more careful about our physical health, the resulting work-from-home experience should make us much more conscious of our cybersecurity posture. Give us a call and let’s talk about how Raxis can help you emerge from this crisis more secure and more confident about working remotely.
Contact Raxis for more information.