With many organisations transitioning to remote work, what does a secure workforce look like?
Did you know that one of the FBI’s most wanted hackers used his cat’s name as his password? Jeremy Hammond now appreciates the use of “Chewy 123” was too weak and is possibly the reason for his downfall.
While Jeremy Hammond’s intentions online may have been very different to that of today’s remote worker, it’s amazing how a simple password left him exposed.
As we’ve moved more of our lives online, bad actors have taken the opportunity to exploit these vulnerabilities. Criminals are constantly shifting and evolving their tactics in a world that is more connected than ever before.
One of Microsoft’s partners in Africa, Liquid Telecoms, surveyed IT professionals in South Africa and Kenya on the effect COVID-19 has had on cybersecurity and found that 57 percent of respondents had seen an increase in threats. While compromised passwords were top-of-mind in Kenya, phishing or social engineering attacks remained major concern in South Africa.
The latest Microsoft Digital Defense Report has found that email phishing is becoming the most dominant means for attack in the enterprise. Business email compromise (BEC) is a type of phishing that specifically targets businesses and usually involves the impersonation of personnel like the CEO, chief financial officer or accounts receivable clerk in a company. According to the Digital Defense Report, the top ten targeted industries for BEC attacks are accounting and consulting, wholesale distribution, IT services, real estate, education, healthcare, chemicals, high-tech and electronics, legal services, and outsourced services. Phishing attacks and identity fraud are among the top three concerns for many chief information security officers surveyed during the study.
Good email hygiene is one way of combatting this form of attack. Platforms that incorporate filtering on the way in and link checking provide the most comprehensive protection. In addition, employees should be informed about these threats and the tell-tale signs to further protect themselves and the business.
With more and more people working from home, organisations need to be alert and ready for potential attacks. Poor passwords, unmanaged devices and a lack of good cyber hygiene habits are just some of the factors that can put organisations at risk. By making small but vital changes to a company’s security set up, teams will be better protected.
Securing the remote worker
“The ideal secure work environment is a place where people can be the most productive,” says Bret Arsenault, Microsoft’s chief information security officer.
By this he means that no matter where workers are in the world, their presence at the office shouldn’t be the security measure that keeps their devices and data safe. According to research commissioned by Ciena, 79 percent of workers in the United Arab Emirates expect to work remotely in the future. With the increase in remote workers, IT departments will need to shift their processes to meet the demands of a mobile workforce.
To achieve this, Arsenault recommends organisations have a strong identity, well-managed devices, and good telemetry. These all feed into Microsoft’s “zero trust policy”, which identifies a user before you can trust their device.
Strong identities need multi-factor authentication (MFA). While signing in with a password, users are prompted to provide an additional form of identification, such as a code sent to another device or a fingerprint scan. “MFA ensures a higher level of assurance that the person logging in is who they say they are,” says Arsenault. It’s a great way of stopping credential-based attacks in their tracks.
Next would be to ensure the health of a device. According to Arsenault, users are 71 percent more likely to be infected on an unmanaged device. Ensure that your organisation’s internal devices are updated regularly, MFA enabled, require regular password changes, and use a VPN.
And finally, a diverse range of signals is key to any defence in an organisation. To help protect our customers, Microsoft scans trillions of signals each month from a variety of sources including email, URLs and documents all while maintaining user privacy. These signals help our security teams formulate predictions which lead to the appropriate action to ensure an organisation and individual’s security.
Gone are the days of simply requiring a password to remain protected. Cybersecurity needs to be multifaceted without impeding the productivity of today’s modern workforce. Policies like zero trust provides users with remote flexibility and ease of use, all while maintaining an organisation’s protection in a world that’s becoming increasingly more mobile.
To find out more about Microsoft’s latest security insights, download the Digital Defense Report here.