Cybersecurity has always been an evolving challenge for IT teamsโeven before the pandemic and subsequent mass exodus to the home office. At the Protect & Streamline Summit for IT Leaders, experts from the IT and cybersecurity space came together to share advice for IT leaders scrambling to contend with a new set of business risks.
Read on for key takeaways or access all session recordings for a deeper dive.
Cybercriminals are preying on pandemic fears
Webroot threat researchers have found that 2% of the 20,000 websites created with โcovidโ or โcoronavirusโ as part of the name in the last two months were malicious. COVID-19 has given birth to a new set of online scams that capitalize on fear and uncertainty, from fake government stimulus emails to free Netflix scams.
Donโt let the cheesy โCorona Antivirusโ examples fool you. Cybercriminals are paying close attention to the changes in how we work and adjusting accordingly to create more believable offers. For example, malicious files with the word โzoomโ in them have increased 2,000% since March.
Newly remote workersโdealing with distractions, disruptions to the normal routine, and information overloadโare a prime target.
Shadow IT is now a fact of life
IT teams have significantly less control over their usersโ environments than ever before.
Thereโs a good chance your users arenโt working on the devices you gave them, at least not all the time. In fact, an April 2020 study of remote workers in the UK found that 61% were using personal devices rather than corporate-issued devices. They may be using public Wi-Fi or sharing Wi-Fi with someone else in their building. They (or their kids) may be using their work device for gaming, shopping, or any number of other activities, as the lines between work and home blur. Ultimately, thereโs not much you can do about that.
So, what can IT leaders do to protect their organization in this time of heightened risk and reduced control?
IT teams must secure the experience
As Auvik Networksโ Alex Hoff explained, thereโs a need for IT teams to shift their focus from controlling the environment to securing the experience. This message was echoed by SKOUTโs James Hatzell who advised IT teams to establish the data and systems they want to protect the most, then build concentric rings of security around that data.
Here are a few key ways to secure the userโs experience:
- Use multi-factor authentication on every web-facing application. As Jon Murchison of Blackpoint Cyber demonstrated, compromised credentials are frequently leaked to the dark web. At this point, you have to assume your password is already out thereโso MFA is a must. There are various types of MFA out there, with app-based MFA generally considered to be the most secure. The prevailing message throughout the summit was that IT teams canโt put off MFA any longer. As Hoff put it, โItโs like medicineโdoesnโt always taste good, but itโs good for you.โ
- VPN back to a trusted networkโand keep your VPN secure. VPN use has skyrocketed, and itโs easy to see why: Theyโre a crucial link to the resources your users need to do their job. With the increased volume of VPN use, hackers are favoring mass internet scanning for unpatched VPN servers and using remote-code execution vulnerabilities to grab credentials and cause destruction. Itโs paramount to stay on top of patching. You can also leverage tools like Auvik to monitor VPN capacity and traffic, giving you the visibility to spot streaming traffic thatโs going through your VPN or other work-from-home gotchas.
- Dial up your security awareness training. Generally speaking, itโs easier to get someone to click an email than to find a vulnerability in a device. People are easy targetsโso thatโs why itโs imperative to continue training users on the latest trends and tricks that hackers are using, so theyโll recognize and react appropriately to these messages when they land in their inbox.
Your Guide to Selling Managed Network Services
Get templates for network assessment reports, presentations, pricing & moreโdesigned just for MSPs.
Leave a Reply