Companies around the globe are encouraging their employees to work remotely to deal with the risks that the COVID-19 pandemic poses to everyone, and in some regions, employees have already been forced to transition to their home offices by local authorities. In this time of sudden and unprecedented change, ensuring operational efficiency means that some organisations may overlook data security.
However, IT security is crucial and not something that businesses can afford to skip during this period. Despite everyone’s primary objective to keep the business functioning, organisations cannot ignore risks that remote work sometimes poses to data. Employees that access a corporate network from their own devices or from unprotected networks may unintentionally threaten data security, just because being at home may cause them to pay less attention to cybersecurity practices or completely ignore them.
The inability to check whether employees use secure devices to access corporate networks, excessive file downloads from file shares and collaboration tools and a general lack of control over data access may put an organisation’s sensitive information at risk.
To strengthen the security of enterprise data in this new reality and mitigate the risk of data breaches, best practice is to enable greater control over who is doing what and who has access to what is within the IT environment. With this in mind, it is worth considering implementing the following measures:
1. Set alerts on logon activities
Any suspicious logon activity may be a sign of a security incident. Therefore, it is suggested that setting alerts on activities like attempts to log on from multiple endpoints, subsequent logons in a short period of time and an unusually high number of logon failures. This will enable businesses to quickly detect and investigate these events and to take action against potential data threats.
2. Audit who is accessing what data
When it comes to access to corporate data, especially sensitive files, being vigilant is always key. To minimize the potential risks from remote workers, businesses must keep an eye on any data access patterns that differ from users’ past behavior or the behavior of their peers. Also, if IT teams notice any spikes in failed activity, they must be ready to check the activities of this particular user, as this account might have been compromised by a hacker.
3. Keep control over file downloads in the cloud
When users switch from office work to remote working, it might be tempting for them to download all the documents they are working on from cloud collaboration platforms (e.g., Office 365). Despite the convenience, this may pose a threat to the organisation’s data, as employees may work with data from unpatched or infected devices. Therefore, it is recommended that businesses enable automated auditing of the IT environment to see who is downloading, modifying or sharing what data in the cloud.
4. Monitor activities around network devices
VPN sessions are an essential part of a remote work set-up. However, data may be at risk if someone tries to access the corporate network from an unpatched or infected device. Therefore, carefully monitoring successful and failed VPN logons to network devices and keeping track of how much traffic VPN sessions generate is vital. This will enable businesses to quickly react to spikes in logon activity or a suspiciously high volume of traffic, which might be a sign of a security incident.
5. Don’t let unwanted group membership changes jeopardise data
Platforms like Microsoft Teams facilitate working from home. However, use of cloud collaboration tools may lead to a situation when many employees will ask you to extend their access rights for specific tasks. Although it might be convenient for their work, sooner or later businesses might lose track of whom they have granted access to, and to what, which contradicts the least privilege principle and creates a lot of unnecessary risks to data. The best practice is to monitor the IT environment to detect suspicious group membership changes and regularly review effective permissions to data to be sure that users have only the minimum privileges they need to do their job.
6. Keep on top of excessive file downloads
Remote work is not always popular among employees, as the chance of being disconnected from the corporate resources due to VPN failures may prevent them from doing their job. Therefore, it is increasingly likely that employees may become tempted to download as many documents as possible from the corporate file shares, with software such Office 365, SharePoint or possibly other types of shared drives and then store this data on their own personal hard drives. However, an infected or unprotected device poses a serious security risk to sensitive data. To mitigate these risks, it is essential to monitor who is downloading what content, and take action if spikes in downloads are detected, or if a particular user has moved a lot of data
Ultimately, the key to a better control over insider activities and better data security is automation of activities like auditing and user behavior analytics. This will speed up detection and investigation of potential incidents, and if organisations set alerts on suspicious user behavior patterns, they will be able to quickly address security issues without sacrificing other IT tasks. Keeping control over changes to access rights is also essential, since it is important to ensure that everyone has minimum privileges, but enough to allow them to do their job. Finally, it is recommended that all companies are able to identify which data is the most critical in their organisation and where it resides, as prioritization of security efforts according to the value and sensitivity of information will help them to navigate security challenges.
It should always be remembered that a shift to a home office set-up will probably cause changes in users’ access patterns, given that many employees may access sensitive files outside of working hours, for instance. As a result, in the first weeks of remote working there may be a higher number of false positives than usual, and organisations need to take this into account when analyzing data from a machine-learning based behavior anomaly detection solution.