The cybercriminal ecosystem: evolution and…
The ecosystem in which cybercriminals operate is constantly changing, with cybercrime becoming ever-more sophisticated. Law Society partner Mitigo explores the risks.
Remote working is helping to get control of the coronavirus emergency and mitigate the economic impact to business. However, without exception, we find that remote working is one of the top three critical vulnerabilities which can result in a serious cyber incident. There are a lot of things to consider and guidance will vary by business, but below we offer our advice to proportionately reduce the risk of a cyber breach for your firm.
Staff behave differently in a home-based environment and cybercriminals are actively creating new attacks to exploit the change in business arrangements. Here’s what you need to consider:
Business and personal life should not be blended. The starting position should be work-use only.
Be conscious of who can see your work and lock your machine when unattended. Encourage staff to set laptops and computers to auto lock after a maximum of five minutes.
Increased vigilance is vital, especially as fraudulent emails and infected videos related to coronavirus are already proliferating.
Tip: Staff should redo cyber training and tests when they start remote working. A simulated attack may be appropriate for a prolonged period of home working.
Important technical controls which are run centrally in the office network environment do not operate when working away from the office network. They simply fall into disrepair. It is important to get work laptops properly set-up otherwise they will become increasingly vulnerable.
Make sure that anti-virus applications are up to date and configured to proactively scan device, attachments and downloads. You should consider upgrading to a version with a cloud portal so that control and alerts can be maintained centrally.
Typically Windows or Mac, operating systems are usually centrally managed when connected to the office network, but remote working prevents this. Machines need to be reconfigured to update independently, and staff shown what role they must play in that update.
This will vary hugely by business setup. Seek advice on the new configuration setup required.
Tip: A periodic check on a sample of devices – to check that these three controls are working – it's a simple way to get some comfort in this area.
The change in working arrangements requires a change in the configuration of laptops’ defences. So, the machine settings on remote devices will need new configuration.
Encryption (such as BitLocker) needs to be enabled, without exception, to protect in the instance of a lost machine.
Make sure any local admin rights have been removed from users’ profiles.
Laptops should be configured only to allow secure wifi connections.
Tip: Seek appropriate advice on the changes required to keep all devices safe. Please make sure you think carefully about where to keep the encryption recovery keys.
This can go horribly wrong if done incorrectly. Our advice will vary dramatically depending on your business processes, your IT set-up and the third-party software you rely on. If in doubt, please seek support.
Services need to be brought up to the latest version to ensure they are patched against known cyber vulnerabilities.
Where at all possible, remote machines should be work devices, configured to the points above. Seek advice before connecting home and personal computers to your secure network.
Enable authentication settings on the cloud applications you use, such as multifactor authentication on Office 365 or two-step verification on G Suite. Most applications, where you log on via a web page, should have something that is stronger than just relying on a password.
Tip: If you must rely on a password, encourage staff to make sure it's strong and unique (not shared or reused) – and don't store it in plain sight.