Now is the time to protect yourselves
Covid-19 has changed all of our lives and put many at a standstill. Some organizations are able to operate remotely, some required to lay off all employees until further notice. For those that are able to operate remotely, we have noticed many were not prepared for a 100% remote workforce. What I mean is, lack of "secure" remote access, lack of hardened and properly secured devices to be used at home, and due to the extremely limited preparation time lack of testing to ensure fluid operations.
Many have been adapting to make due, allowing employees to take workstations home, providing whatever laptops they can find, or allowing employees to use their personal devices to connect to the office. A "whatever it takes" mentality is great and justified at this point. However... take a peak at what's going on in the cyber threat world:
- UK medical firm hit by Maze ransomware
- COVID-19 Vaccine Test Center Hit By Cyber Attack, Stolen Data Posted Online
- Czech hospital hit by cyberattack while in the midst of a COVID-19 outbreak
There are over 95 reported phishing incidents relating to COVID-19/Coronavirus. Many of which have resulted in ransomware infections or credential harvesting attacks.
A great article from the amazing team at SentinelOne Labs team about the latest threats they're seeing.
Now is the time where the malicious attack
Safeguards to Verify / Implement Now
Secure Remote Access:
- For those who require access to on-premise resources or Cloud hosted resources, secure network connectivity should be top of mind. If you are not currently connecting to those resources using a VPN with Multi-Factor Authentication, please contact us or your preferred provider to secure your data.
- If possible, implementing a Zero-Trust remote access model is optimal. Contact us today to learn more.
- Quickly implementing a mobile workforce has many drawbacks, some of which were outlined above. The lack of visibility into employee networks and employee systems opens up additional areas of attack. Requiring all employee systems including personal computers (if used for business operations out of necessity) to have adequate endpoint protection to prevent malware infections is a must.
- After rigorous testing, we chose SentinelOne as our preferred and only endpoint protection solution to deliver simple and effective three-tiered endpoint protection leveraging artificial intelligence. Contact us today to learn how we can have this deployed and maintained immediately.
- Whether employees have taken home workstations or laptops from the office or are permitted to use their personal systems, centralized patch management prevents "low hanging fruit" attacks and significantly reduces risk to your employees and corporate data.
- Leading patch management solutions like Automox not only provide patch management for operating system updates but also for 3rd party applications that are so often attacked like Adobe Reader and Microsoft Office applications. We're happy to help implement and even maintain this for you. Reach out today to learn more.
- Your workforce is close to 100% if not fully remote at this time. Penetration testing to validate your internal and external security is most likely the last thing on your mind. Well it shouldn't be. Have you ever validated your defenses operating in this manner? Most organizations do not conduct penetration tests while all users are remote, leaving many unknowns to be discovered potentially by malicious actors.
- With proprietary capabilities we are able to provide not only external penetration testing remotely (as it always is) but also internal penetration testing. No on-site presence required. In addition, we can provide results in 1 week or less along with prioritized tasks to minimize your risk of attack now. Reach out today to learn more.