rwt-as logo
Story image

Five tips to get security-ready for the future of remote work

19 Jun 2020

Article by Varonis Australia country manager Adam Gordon.

With the recent pandemic forcing most of us to work from home, we've seen an unprecedented increase in VPN access, in addition to the cloud through the likes of Office 365 and Teams. Business continuity has become the number-one goal for IT departments, and unfortunately, this has forced security to take a backseat – and attackers are taking advantage. 

Home-based workers often log in from unsecured Wi-Fi, use unpatched personal devices, or turn to unsanctioned services tools to collaborate, communicate and share documents. 
The remote work move has significantly expanded the threat landscape for cybercriminals. As the crisis continued, we saw a sharp rise in brute-force attacks against corporate VPNs and Advanced Persistent Threats, but also insider threats. It's likely that many companies have been compromised and simply don't know it yet.

We can't turn back the clock on remote work and it appears this is now the 'new normal', with offices opening with limited staff, and more employees embracing the flexibility and work-life balance improvements. 

Here are five suggestions to shore up your cybersecurity defences in our new remote work age.

Know what happens in Teams 

Microsoft Teams helps workers collaborate by creating and sharing files, folders, and more in the cloud, and understandably its use is exploding. But Teams also allows users – not administrators -- to call the shots. Users can spin up news teams, share files, invite internal and even external users, and share all kinds of information if the right controls are not in place. To complicate matters, files shared in Teams are then stored in new locations within Office 365. Teach staff about setting up Teams securely, restrict who can create groups and add users, and ensure you keep watch on the data that users share in Teams and where it ends up within Office 365.

Take a data-first approach

Data is the lifeblood of every organization, but most companies know very little about this critical asset. Your network file shares likely include salary information on employees, banking and payment information, business contracts and plans, intellectual property, and much more. Too often, data is overlooked and left open to everyone in the organization.

Should a breach take place, a hacker would gain the same access to your data. Visibility and context are key—know what you have and where it is, and understand how it may be at risk. 

Restrict information access

Employers typically give their staff far more access to information than they need to do their jobs. In a recent report, we found that 53% of companies had at least 1,000 sensitive files open to all employees. Files typically multiply as employees copy, share, and resave information where it's often open to everyone.

When criminals steal user credentials, they gain access to everything the user has – and from there can manoeuvre at will, explore what's interesting on your network, access data, and more. Limiting access to data will help minimise potential damage when a breach does occur.

Get ready for more targeted attacks

Cybercriminals are focusing their efforts on specific companies, breaching their networks, and quietly searching for sensitive content. They will try to remain under the radar and steal critical files. Once they grab what they want, they'll hold up the victim for ransom and threaten to release the stolen files. Prepare by watching for unusual access and activity, especially during "off" hours.

Back up your critical data, and leverage automation to stop ransomware in its tracks. Should a ransomware attack hit your network at 3:00 am on a Saturday, technology will be the first line of defence.

Watch for signs of compromise

Remote workers should be leveraging VPNs and secure cloud services for work, which ensures that an employer can track and monitor data use. There is always the danger of employees accessing data maliciously, which is why close monitoring is so important.

If a user is logging into the network from two places at once, for instance, that could mean their account was hijacked by an attacker. Similarly, if a user starts accessing a lot of sensitive information they've never seen before, it should trigger an alert and investigation.

Remote work is shaping up to become a long-term reality. Attackers are well aware that companies are more likely to let their guard down when employees are remote.

Take steps now to understand and monitor your data, limit access, and prepare for possible compromise. Your data – and your company – depend on it. 

Learn more by watching our Remote Work Risks webinar: Register.

Story image
Forrester names Thycotic a Leader in privileged access management
Thycotic received the highest possible score in 11 of the 24 criteria in the study, including SaaS/cloud, innovation roadmap, and integrations, deployment, supporting products and services, commercial model, and PIM installed base.More
Story image
42% of Australia’s older workers have lost their job or had hours reduced amid pandemic
Over half of older workers in Australia have been financially impacted by the pandemic, according to a recently released survey from Humanforce.More
Story image
NetMotion announces SASE platform leveraging Microsoft Azure
The platform offers integrated transport and web proxies, distributed firewalls, network access control (NAC), zero trust network access (ZTNA) or software-defined perimeters (SDP), a VPN highly optimised for mobile access, and AI-driven policy and risk analysis.More
Story image
Video: 10 Minute IT Jams - Who is OutSystems?
In this IT Jam, we speak with OutSystems vice president for A/NZ Paul Arthur, who discusses the company's role in the A/NZ region, how things have changed for the company and the industry amid pandemic, and what he sees in the future of visual development and digital transformation.More
Story image
Hands-on review: Fitbit Versa 3, the actual star of the smartwatch show
This year Fitbit released the Versa 3, and just like the first two, it did not disappoint. More
Story image
Hybrid cloud is the ideal IT infrastructure model, says majority of IT execs
76% of surveyed IT decision-makers reported thinking more strategically about IT because of the pandemic, and nearly half (46%) have increased investments in hybrid cloud as a direct result of COVID-19.More