To Secure Your Remote Workforce, Follow These Best Practices

Varonis

Thanks to the recent, rapid transition to remote work, IT and security teams saw an unprecedented increase in VPN access along with an explosion in Office 365 and Microsoft Teams use. Accordingly, we saw a sharp rise in brute-force and phishing attacks against corporate VPNs and Office 365 accounts as cybercriminals and APTs took advantage of the noise and chaos, not to mention an uptick in insider threats.

Cybercriminals expect companies will let their guard down in the shift to a new working model. Keep these best practices in mind to understand and monitor your data, safely limit access, and prepare for possible compromise.

  • Put your data first. Data access controls are often overlooked and left open to everyone in the organization, which is a problem for many reasons. If a user's account gets hijacked through a brute force or phishing attack, the hacker can immediately access data that's open to everyone. Visibility and context are essential—know what you have, where it's located, and understand how it's at risk. Staying in the dark isn't an option, so start with a Data Risk Assessment.
  • Prepare for Ransomware 2.0: "Big game" ransomware attacks target specific organizations. They hold up the victim for ransom and threaten to release stolen files. Watch out for unusual activity, like users on devices they've never used, from locations they've never been, or at strange times of day. Connecting the right dots is critical so you're not chasing ghosts, especially with users working remotely. Back up critical data and leverage automation to stop ransomware in its tracks.
  • Look under the hood in Microsoft Teams. Using Office 365 and Microsoft Teams can be a productivity boon, but it also creates security gaps since users can create new shares, share files with internal and even external users, and overshare information if the right controls are not in place. To complicate matters, files shared in Teams are stored in new locations within Office 365. Audit your security configurations and make sure users know what kind of data should be put into the cloud so you don't end up exposed.
  • Lock down access. Companies typically give their staff far more access to information than they need to do their jobs. We found that 53% of companies had at least 1,000 sensitive files open to all employees. Data multiplies as employees copy, share, and resave information where it's exposed, and the problem can quickly escalate – making it extremely difficult to identify and fix without a lot of effort. Limit access to data to minimize damage when a breach does occur and ensure that data is kept private by design.

Watch for signs of compromise. Malicious employees are always a danger. If a user logs into your network from two places at once, their account could be hijacked. Would you know if a brute-force attack was successful? If a user then accesses a lot of sensitive information they've never opened before, it should trigger an alert and investigation. In a world where IT and security teams are remote, lowering time to detection and time to resolution for incidents is crucial.

Sustaining Partners