What Coronet is doing to ensure business continuity.
Posted: March 19, 2020 / Author: Dror Liwer
In the last few weeks, we all have of been experiencing a reality that seems to be taken out of movie script. Businesses, from all industries, big or small are affected by the Coronavirus (also known as COVID-19). With the virus’s rapid spread, the ban on gathering and quarantine regulations will only get tighter.
The only way to ensure business continuity while complying with new government regulations and directives is to allow employees to work remotely. Working from home has its own organizational and operational challenges, Cyber Security is one of the main issues. Organizations must ensure there is no security exposure when employees work from home and that the new situation will not expose the organization to attackers, data leaks or security breach.
As expected, we too, were impacted and transitioned all of our teams into working remotely. We expected this government mandate, and ran drills prior to those taking effect to ensure business continuity. We understand the immense responsibility we have in securing over 3.6 million people and will take every step necessary to ensure continuity and quality of our service.
Here are the 7 areas we saw remote work impacting, and the steps we took to ensure business continuation. We think anyone transitioning to remote work should implement the same steps.
Employees using private devices: When employees use their personal computers, it’s impossible to control the devices’ security posture. This could lead to malware infestation, and data and credential leakage. Most employees will not allow their company to install an MDM or impose limitations on their own computers. In some cases, these would be home computers used by the employee’s other family members. In days of financial troubles, it is not practical to purchase new laptops for employees, and even purchase MDM or other security software will be too expensive.
We sent the Coronet application link to our employees so that the Coronet client will scan for malware/ransomware and assures end-point posture. It’s a much more cost effective than purchasing licenses for device posture management and anti-malware/ransomware for the employees’ personal devices.
The home network: Most of our employees have a consumer WiFi configuration at home, which means limited bandwidth, non-static IP and absolutely zero security. because we use Office365 and many other cloud services, VPN was not a practical option. Beyond the latency it introduces, A VPN service running on a device that is not secured is a perfect backdoor for any attacker. Also, providing a VPN too all our employees working remotely, would result in a major incremental expense.
We turned on the built-in Coronet Wi-Fi threat detection and mitigation to ensure the network is secured. Otherwise we would have had to upgrade the employees’ internet connectivity to an advanced internet service and that would have been more expensive.
Email security. There are three aspects to consider when using email remotely:
Coronavirus as a trigger for phishing: We already see evidence where attackers are using the Coronavirus to send variants of spear phishing and malicious URLs pretending to be Coronavirus related and coming from a trusted sources.
We are protected because we do as we preach, using Coronet’s anti-phishing capability. We also had a mandatory webinar with all employees to make sure they are aware of phishing and spear phishing threats.
Secured email access while working from home: We, like many organizations use Office365 for email. To protect against malicious access, and malware/ransomware attacks, we switched Coronet email protection to “High Sensitivity”
Data leakage through email: One of the risks when employees are working remotely is that they might not comply with corporate policy on document sharing. In addition, most businesses that deploy DLP (Data leakage Protection) have their DLP server on premises to scan the traffic. Obviously, that will not work when working from home - the DLP server will not be able to scan the content and prevent intentional or unintentional data leakage.
We verified that the ‘DLP by Email’ rule is turned on so we are now assured that our data is safe.
Cloud-based storage is exposed to what resides on the employee personal device: It does not matter what on-line storage the company uses,(e.g. SharePoint, OneDrive, Dropbox, Google drive, etc.…), when connected through the employee’s personal device, it is exposed to malware/ransomware, especially when the security posture/hygiene of the employee’s personal device is unknown.
We turned on the Coronet device access engine. It will prevent personal computers, tablets and mobile phones without the right security posture from accessing the cloud storage and files. The only other safe way to operate is much more complicated and requires purchasing licenses for MDM, connecting it to a CASB and to forcing users to MDM their personal computers.
Control locations where employees can access Corporate email or cloud storage. Like most organizations, access to the cloud services/email provider was controlled by allowing access from a specific IP address range which makes sure that only legit employees from legit locations could connect to our services. Now, when employees are working from home, this IP address range is no longer relevant. Since most of the employees will have a consumer grade internet connection, their IP address is going to change dynamically by their service provider making IP based controls impossible.All we had to do was turn the built in Geo-fencing function in Coronet.
We simply entered the physical home address of the employees and the platform automatically makes sure that access will be enabled only from those locations.
Identify and prevent unauthorized access to Corporate email, cloud storage and cloud applications from remote locations. Once we allowed employees to work from remote locations, it was very easy to lose control on where and when users access company services. This will make it harder to spot abnormal activities and log-ins from suspicious locations.
We pinned the map with locations that are allowed to connect from, and the Coronet behavior analysis automatically adjusted, and now blocks any activity from suspicious locations.
Automate all security activities for detection and prevention of threats. As we now allow remote work by our employees, the load on the IT and security items could have significantly. Since the Coronet Platform has automatic mitigation, driven by AI, The system will identify and mitigate threats automatically with virtually no IT supervision. Instead of seeing a huge workload increase, other than the initial Geofencing work (which tool a couple of hours) all systems are humming and no intervention was necessary.
The changes in the way organizations operate under the Coronavirus and the quarantine regulations, forcing people to work from home, will have significant impact on security, making organizations much more exposed to attacks that can damage business continuity and cause potential loss of businesses. Following the recommended steps above, and properly handling new threats will help any organizations to stop attacks, and eliminate the exposure..
For more advice or a free trial of the Coronet platform, contact us at: www.coro.net