By Elad Shapira, Head of Research at Panorays
In the wake of coronavirus, companies are shifting their workforce to remote locations to keep businesses underway. This is an attempt to keep workers healthy and semi-quarantined to protect against the spread of a world pandemic that is not only a threat to health, but also to the world’s economies. The list of global organizations mandating work-from-home policies includes Microsoft, Apple, Google and Amazon, and that list is growing daily.
This sudden transition from in-company to remote working is also presenting a wave of cybersecurity challenges. Security teams now need to address issues such as lack of strategic support, employees connecting via their own devices, and fending off increased phishing attacks. On top of this, the same concerns ripple through the supply chain, where vendors are facing the same security challenges.
Companies must properly address these challenges to succeed in maintaining business-as-usual.
Securing Access to Data
One essential business security task is providing secure access to corporate accounts and data without ruining productivity altogether. This includes limiting access to sensitive information to a need-to-use basis. Companies also need to deploy additional security parameters such as two-factor authentication or additional access controls. This will reduce the likelihood of password abuse or credential-related attacks.
Enterprises need to educate their employees about online threats that can occur when working from home. In particular, employees should be aware of phishing attacks and fraudulent payment requests. Beyond communication, employees should be provided with online security training that specifically focuses on unique work-from-home risks.
The Supply Chain Links
While large companies may have the necessary know-how and technologies to support a work-from-home environment, smaller companies may not. This poses a cybersecurity threat to companies that rely on suppliers not equipped to handle these new risks.
Yet supply chains are critical to business operations. To ensure that the supply chain continues to operate also in times of work-from-home practices, companies must assess their suppliers’ readiness for a secure remote workplace.
Here are just a few questions that a company should be asking suppliers that have shifted to working from home:
- Are remote work practices and policies in place?
- How many employees already have remote work capabilities?
- How much of day-to-day activity is suitable for remote working today?
- What is the company’s remote access mechanism?
- Which client devices are allowed to access the company’s digital assets remotely?
- Does the company enforce 2FA for employees with remote work capabilities?
- Does the company enforce strong passwords for all employees with remote work capabilities?
- How does the company control access to internal services for remote working?
The complete list of questions can be found at: https://www.panorays.com/blog/service-announcement-the-right-questions-to-ask-your-vendors-in-times-of-large-scale-remote-working/
This process cannot scale if done manually; it must be automated. It’s important for companies to ensure that their supplier security management process provides suppliers with relevant information about their security gaps, as well as how to close them.
About the Author
Elad Shapira, head of research at Panorays, has extensive cybersecurity knowledge across all levels, from reversing and low-level hacking to web applications and social engineering. Elad and his team are responsible for mimicking hacker behavior by researching new attack techniques and vectors to automatically test the security posture of companies en masse. Elad is a recognized speaker, having presented at various hacking conferences such as BlueHat IL, ReCon and Defcon meet-ups. Prior to Panorays, Elad was the mobile security research team leader at AVG technologies.
