Risky Business: Securing a Remote Workforce Comes with Its Challenges – but Also Solutions

3/4/2021

In the past year, businesses around the world have had to fundamentally transform how they work and communicate. And not that work from home is new, but it’s certainly never been done at the current scale. To maintain productivity, organizations have had to move quickly to connect a much broader remote workforce — but often without the necessary polices, technology, and training to ensure security.

Some of the more common issues with trying to secure a remote workforce are:

Remote desktop protocol: To connect remote workers to office systems, organizations can turn on remote desktop protocol (RDP), as it easily allows one computer to connect to another for remote use. The problem, however, is that cybercriminals continue to successfully target RDP exposed to the internet. In fact, remote access is the primary method of intrusion Arete sees in ransomware cases!

As a solution, organizations should consider implementing a virtual private network (VPN) with multifactor authentication (MFA), which allows distributed offices to connect securely.

Social engineering: Social engineering is all about deception. Threat actors try to trick victims into giving out confidential information that they can then use to gain access to other systems or data. For example, they may try to lure users into clicking on a link in an email; or they may call employees, claiming to be tech support and asking for passwords. The key is to remain vigilant. Don’t click on links or open attachments from suspicious sources. And always investigate any requests for money, personal information, or anything of value before handing something over.

Weak passwords: Weak passwords have resulted in many a breach. Organizations can address the issue by mandating complex and unique passphrases for all accounts, implementing password manager tools, and most importantly, implementing MFA wherever possible.

Outdated systems: Outdated software has vulnerabilities and might not be able to withstand an up-to-date attack by cybercriminals. Thus, it’s critical to continually update software and systems — all computers, phones, and tablets — with the latest patches and versions.

It’s the little things that are important. It’s the little things that put you at risk.

The Arete Managed Detection and Response (MDR) team recently helped a client address not only the security challenges above, but also a new one: remote workers’ home network security.

This work-from-home client had disconnected his home Wi-Fi router/firewall and plugged his laptop directly into the modem. A firewall establishes a barrier between a trusted network and an untrusted network, such as the internet. It prevents unauthorized access and inspects traffic to identify and block threats. By directly connecting to the modem and thus, the internet, the client exposed his laptop to scanning and attack.

Fortunately, Arete’s MDR analysts immediately saw threat alerts in their SentinelOne Endpoint Detection and Response (EDR) console. They quickly escalated the issue, locked down the laptop, and contacted the client. Next, they placed the laptop back behind the firewall, helping the client avoid a data breach or ransomware event.

Tips for maintaining home network security

If you are working remotely, there are several steps you can take to secure your home network:

• Change the default username and password — on both the login to the router administrative controls and on the Wi-Fi network you join.
• Turn on wireless network encryption. We recommend using the WPA3 protocol as it’s the most secure.
• Most Wi-Fi routers have a built-in firewall. Check to see that the firewall is turned on.
• Disable remote administration. Attackers are using this feature to break into home networks.
• Keep the router software and firmware up to date. Manufacturers provide updates with important security fixes.
• Have trained and experienced security staff investigate all alerts immediately. A fast response can mean the difference between
  an hour of remediation and a full-blown ransomware event.
• Deploy an EDR solution like SentinelOne on all business endpoints — from servers to remote employee laptops.

Next-generation SentinelOne EDR for optimal protection

Ransomware operators often use polymorphic malware, which can easily evade even the most advanced enterprise antivirus solutions.

For this reason, Arete analysts use the next-generation SentinelOne EDR toolset. Designed to identify, kill, and quarantine any malicious executable found in an environment, SentinelOne relies on behavioral analytics — not common signature-based detection — and acts as a force magnifier for our experienced cybersecurity professionals. Its behavioral artificial intelligence (AI) automatically detects and remediates threats based on how they act and by leveraging dynamic threat intelligence gathered by Arete and SentinelOne analysts.