and you're supposed to secure it.

With the hit of COVID, everyone is working from home, and the cybercriminals know it. It's times like these where there are vast amounts of change and uncertainty that we need to make sure we are doing the best we can to protect ourselves. For companies with a mature work from home culture, this guide is not for you. This blog is my thought process for companies that have had less working from home in the past and are unsure what their first port of call should be.

Triage what you do know

I'm sure the first thing everyone in your Security department did is start listing off all the things that are now worrying you. These are always the first things to start looking at as while the dust begins to settle. Documenting all your concerns and prioritising them based on ease of implementation and impact, if something went wrong, is the best way to start ticking off the any new security vulnerabilities you might have.

Some things you might need to worry about include...

Larger attack surface

Suddenly having your staff work from home means you are further opening up the perimeter of your company. Even if you had working from home policies before the increase in usage could still make it easier for someone to attempt something malicious and hide in the noise.

Previous vulnerabilities that have been accepted might need revisiting to see if they are no longer within risk appetite. Also, a large scale incident (such as WannaCry or the recent SMB-3 vulnerability) could be much more effective now than before. To prepare, see if your patching processes can be improved and see if your SOC needs more resources.

BYOD risk increases

With BYOD, there are several risks to think about, particularly the security of your staff's personal devices. A large number of people don't update their phones or laptops regularly, at the time of writing, most devices about six months out of date are vulnerable to known public RCE. Understanding this risk is essential, options to mitigate this risk include:

• Education about personal computer security for your staff

• Enforcement of minimum OS versions for BYOD access

• Reduction of what services/data is available to unmanaged devices

Another problem with BYOD is the risk of data leakage. Once sensitive or corporate data leaves your perimeter and is sitting on an employees device, you lose visibility of that data and where it goes. Make sure you are happy that data leakage is acceptable.

Worries about data leakage aren't just reserver for BYOD devices. While working from home staff might be tempted to use non-corporately approved (or worse poorly vetted) third party tools for communication. These systems then process and store what is in effect work communication. Anything sensitive discussed or shared could be put at risk. A great example of this is ZOOM, people have surged to use ZOOM without any consideration for the security of their communication when doing so,

Prioritising Availability

Availability is prioritised differently depending on the company and the nature of their business. However, with the majority of your staff working from home, the impact of an outage of your supporting infrastructure could stop your entire company working for days. Make sure you prioritise any risks that could prevent people from working, based on the cost of lost productivity.

Some key things to think about:

• Are your backups are trustworthy

• Can your support teams still work without physical access

• Can staff continue to work without direct connections back to the mother ship
  

Identify new gaps in your visibility

While you definitely should be preempting fixing the changes you can see happening, what about those you can't. You should try and see what you have lost sight of during the upheaval. It might be there are other issues you should be worried about, the last thing you want to do is to focus on what is, in reality, a low priority issue.

Keep communicating

It can be harder to continue to engage with teams you don't typically work with when working remotely. Building and maintaining a rapport remotely means you can keep open your previous lines of communication and make sure you stay updated. Particularly around what teams are doing, what security issues they are facing, and what vulnerabilities they might have found (or not even be aware of). If you don't do this, you could end up sitting at home thinking the companies safe while another team has managed to create gaps in security without their traditional security support network to help them. Keep engaging and communicating with people across the company and triaging any problems you come across.

Update your threat intelligence

In times of significant change, the behaviour of external malicious actors is going to change too. Already right now, we see phishing campaigns focused around COVID and an increase of organised criminal groups trying to take advantage of the surge in working from home. Obtaining the latest threat intelligence is incredibly important to make sure you can see new or different attacks coming and can prepare adequately.

Preparing for the worst-case scenarios

Working from home right now is, for a lot of people, the backup/emergency option already. But, what if you are hit by a cyberattack now? Do you have other back up options?

Now is the time to wargame what could happen next. Are you too dependent on specific software? If so, what if a vulnerability is released and you need to swap to an alternative or mitigate? What if your primary servers are taking offline, have you tested your backups? Can you support your staff to continue working without connecting back to the mother ship?

There's always going to be scenarios that we can't prevent happening, COVID being one of them. A lot of contingency plans never prepared for something like this or even assumed that their entire workforce could be working from home and at heightened risk of sick leave. Do your contingency plans now need updating in light of this new environment? Having a brief review of what yours looks like now might help make sure you are not caught off guard.