Many issues continue to arise as the COVID-19 crisis grips the nation, but one that may not initially come to mind are cybersecurity concerns. Cybercriminals are utilizing this window of unease to their benefit. Cybersecurity experts at many strategic service providers have already helped clients deal with a rise in ransomware, phishing and malware incidents as vital information shifts from an office setting into work-from-home environments. With many employees working from remote locations, IT departments now have thousands of spaces to secure.
I've spoken with our experts at InterVision and compiled cyber hygiene tips for keeping businesses secure as employees work from their homes. Many organizations are migrating to the cloud for flexibility during these uncertain times. AWS is the most popular cloud option, owning 32% of the market according to a report from Canalys.
For brevity's sake, these tips will focus on how to secure AWS technologies for a remote workforce. However, the overall intent applies to all cloud service providers.
1. Ensure secure authentication and access
When employees work from various locations, you must secure access to their duties and exclude outsider access. This process involves working with existing authentication services to increase control. Multifactor authentication and digital certificates are great places to start and will significantly strengthen your network security.
With AWS' virtual desktop infrastructure (VDI) offering, WorkSpaces, you must monitor key functions such as group membership changes, tag deletions, image imports and rotations. Best practices include using metadata to track and manage security restrictions and using other AWS security tools like AWS Security Hub to maintain compliance validation measures. Also, consider tapping WorkSpaces Application Manager to break up containerized applications and simplify deployment.
2. Build an extensive governance policy
Any cybersecurity plan starts with a comprehensive governance policy that incorporates endpoint protection and prevents malicious cybercriminals from accessing the system. However, a governance policy should evolve whenever issues arise. This can include using existing connectivity through a VPN connection and setting up policy-based cloud controls, a process that creates segmentation and network isolation among everything from Virtual Private Cloud endpoint policies to public/private networking. Activating flow logging on AWS will feed everything into GuardDuty and, in turn, share with Security Hub.
This is the new normal of networking and an important aspect of proper cyber hygiene. Once you establish this foundation, you can search for new, innovative solutions to further their security measures.
3. Enhance logging
One of the simplest but most important aspects of maintaining security within a remote workforce is knowing who has accessed what and why. IT departments must quickly ramp up how closely they track activities. While this can be difficult with staff so spread out, it's critical to be able to retrace steps if a breach or other issue occurs. A quick fix for this concern is to maintain a detailed log of every action with logging tools.
When using logging tools, watch for place connections or disconnect measures from the platform. From there, collect all authentication, authorization, events, access points, network flow, security detections and any other data so it can be appropriately evaluated.
Another key aspect of logging is to set alerts for the items listed above. It does no good if these events occur but are missed and not addressed right away.
4. Verify endpoint protections
While AWS WorkSpaces and VDI possess additional built-in protections, you must continue to use and improve standard endpoint controls. This is especially important for Windows-based systems. You must also ensure you are confident with included Trend Micro endpoint technology and, if not, incorporate your preferred solution.
Within AWS, AppStream 2.0, a cloud-based application hosting offering, removes endpoint protection of vital applications from employee devices and elevates them to the server level. Therefore, employees only need secure internet access to perform their duties, allowing them to worry less about each device's security.
Also, within AWS you must encrypt all storage systems. While this does mean an additional cost, it is warranted to ensure maximum security. AWS Key Management Service is simple and supports managed keys if necessary. Once you incorporate this additional layer of protection, test the backup recovery of files and data to set yourself up for success in the event of a crisis.
The new normal requires flexibility
Every business has learned something from the continuing COVID-19 crisis. One thing it has taught many is that companies must be flexible and prepared when challenges arise.
Cybersecurity and IT professionals must embrace these new models of remote work and the proper cyber hygiene they require. While it can be challenging, acceptance is critical as we operate in a new normal. IT departments must adjust to issues at hand, prepare for the next possible uncertainty and maintain flexibility as security needs evolve.
About the author
John Gray is CTO of InterVision, a strategic services provider based in St. Louis and Santa Clara, Calif.