In a previous post we looked at how to protect users that store data on their remote devices. Now we are going to look at protecting your network systems from your remote workers. They won’t do it deliberately, but remote users could be delivering evolved forms of ransomware right into the heart of your organisation’s infrastructure.
Over the last two weeks, getting remote users set up and working has been the priority for many companies. Planning this would normally take weeks, if not months, but IT teams have not had the luxury of time. The priorities had to be getting the basics done; provision hardware, sort connectivity and bandwidth and delivering the application access needed to resume operations
It looks like for many, these tasks have been achieved. As we enter the next phase of remote working, Cyber security should become the priority. Since the end of February 2020 phishing emails have increased by over 600%, as criminals seek to profit from the COVID-19 pandemic. With phishing being the source of 90% of successful cyber attacks, and remote workers being more vulnerable to phishing scams than when they are in the office, further protections are needed to safeguard the remote staff and the data they are using and storing.
On average it takes 190 days for a company to detect that they have had a breach.
What are attackers doing during this period of six months?
They are trying to locate invoices, create bcc rules on mailboxes for accounts staff and directors, gain admin access to IT systems and search for vulnerabilities across all key IT systems.
They also plant ransomware, evolved forms that can search and locate backup files, and infect files with hidden code that can traverse networks, infecting other files as they move. This evolved form of ransomware does no detonate immediately, but on a daily basis it is infecting the source data, so local and offsite backup files are also contaminated. Authors of ransomware understand if they can disable the ability to recover data, it more likely the company will pay the ransom, and remote workers storing files to a network are the perfect mechanism to deliver evolved ransomware
How do you combat this?
1. Re-iterate cyber security training
It doesn’t count as nagging when you are protecting your business. In the same way that the government is currently urging us to stay at home, you need to ensure that the message gets through – loud and clear!
- Mention it during virtual team meetings.
- Include it on internal communications.
- Hold regular top-up training sessions.
- Make use of a ethical phishing company to test your team.
2. Secure the links to your network
As discussed in the previous article, make sure that they link to your network only over a corporate VPN – one you control.
3. Limit who uses their laptop
If you have issued your team with laptops, you can say who uses them and who doesn’t. Ban family members from using those machines. It may sound harsh, but family members won’t have had the training and they may go visiting sites they shouldn’t. You cannot afford the risk.
4. Network scanning
Network scanning will identify infected files; files that you need to isolate and delete. You don’t want them in your network and you definitely don’t want them on your backup images.
5. Backup scanning
Is your backup application scanning files as they are backed up? If you aren’t you are running a risk that may prove extremely costly. If you inadvertently backup an infected file – and you need to restore from that backup image, you may start an Attack Loop. Attack loops mean you will never get a clean, infection-free restore.
Next Step
Click here for more information on how our Cloud Backup solution provides the network and backup scanning. It is agentless and therefore non-disruptive to your existing security and prevents Attack Loops.
Alternatively, simply call us on 0333 344 2380 and let’s talk.