Welcome to another episode of Ask the Security Expert!

We have more questions for Joe about the security concerns of working from home.  To start with, how many AME employees are working from home, and what types of adjustments have you made from a technical/cybersecurity perspective?

Photo of Security Expert

Joe Danaher, CISM, CRISC
Senior Security Analyst
The AME Group

 

We have almost 200 AME employees working from home.  Sixteen offices have a staff person present to receive shipments.  AME was well-positioned with laptops and secure connectivity to all of our applications (including our phone system) we need to provide 90% of our services remotely.  Our staff is fortunate to have home offices with adequate bandwidth to be able to successfully and smoothly make that transition.  The use of Microsoft Teams in the office made a seamless transition to our work-from-home (WFH) offices.  It is an easy and effective tool to facilitate communication across the company and to continue to meet virtually with our clients.

Has the IT profession seen different cybersecurity issues since mid-March? Or has it been business-as-usual (BAU) for phishing and other scams?

By their nature, hackers are opportunistic, so that part is BAU.  They jump on the hot topics, like the pandemic, working remotely, sales of coveted items (masks, toilet paper, etc), and use them to bait their victims.  With that said, the COVID-19 crisis led to a sharp rise in related fake websites and phishing.  Many employees working remotely for the first time are ill-prepared and not as protected as in the office.

Cybercriminals are taking advantage of COVID-19 to launch more phishing attacks, malware-laden websites, and fake GoFundMe schemes so we have seen a rise in activity since late in March.  The week of 3/23 alone saw more than 5,000 new domains (website/email URLs) with “COVID-19” or “corona” in the name and although some of these are legitimate a large portion is registered for use in cybercrime.  Our clients have not experienced this, however, users unfamiliar with how to securely configure RDP (remote desktop protocol) or set-up tools like Zoom have led to some breaches.

Have certain industries been more prepared than others?

It really varies across the continuum.  Some businesses had not invested in laptops or laptops with cameras so a shortage of both led to delays in procuring those devices, primarily as a domino effect the COVID-19 crisis is having on the supply chain from China.  I would say some Engineering companies who deal with very large AutoCad files (digital drawings/schematics) have the biggest challenge due to the bandwidth required for those files.  Usually, these large files are run on local servers and not in a cloud setting.  Our clients were mostly prepared. However, since work from home was not previously as widely implemented, we were stretched to set-up secure VPN access.  The AME Engineering teams worked very hard to get that done for our clients who needed it.

What do you suggest as WFH best practices and does it vary for small businesses and large?

The basic best practices fit across the board no matter the size of the business. We recently provided a webinar on securely working from home and maintaining productivity.  You can view the Webinar on Demand or view see the slides for many great tips.

For any given business’ IT department is there anything they’ve done exceptionally well and anything that has been a particular challenge?

Overall, we do work with some IT departments and they have done what most of us do during a crisis and that is work to get the job done in a timely and secure manner as possible so the work of the business can continue.  The role of IT is to support the main goals of the business and I believe they have done that in this case across the country.

What would you suggest as a midstream course correction?

I believe we must remain diligent to emerging threats from a security perspective as a phased-in return to work begins.  Very few companies have ever had to source masks and gloves for their staff or visitors and that is the next landscape for phishing attacks and malware-laden websites.  Also, as other businesses come back from working at home, some of our projects and support that occur at the business location will look differently so our engineers will need to work out the social distancing, mask, gloves processes in what will be the “new normal”.  I see companies taking a closer look at making work from a home an option and a critical part of their Business Continuity plans for the future.  I believe the use of VPN’s combined with 2FA (2-factor authentication) is key security that will be more widely implemented.  Companies can better learn how to configure their choice of remote meeting software in a secure and professional manner.  I think you will see more formal policies and procedures around working from home begin to become more prevalent as well.

Here’s a nice example of a Remote Work Policy and a full Remote Workforce Playbook (contact us if you’d like this in an editable format).

Anything else you’d like to say on this topic of cybersecurity?

There is the right way to securely implement work from home, and if you ignore the security,  you are opening the door to new threats to your data that you may not have ever considered.  We recommend taking a step back and really assessing the new risks that come with working from home to ensure your business is prepared and has those risks mitigated.