We’re living in a strange, weird new world where biosecurity has some parallels to cyber security. But what cyber security optimisations should you be making in the post-covid19 world for your business’ cyber security policies and strategies moving forward?
Whether you are currently working with most of your workforce at home or currently running with a mixture. The attack landscape has changed. The rush to keep us all working means most businesses have not really considered their cyber security position either. So, what cyber security optimisations should you be thinking about?
A lot of our customers invest in serious firewall equipment, from vendors like WatchGuard. These protect a company network by blocking any nefarious activity by using a wide variety of techniques. Whether this is simple antivirus scanning, behavioural analysis or advanced machine learning techniques – they do serious work and offer lots of protection. Most of the UK populations home broadband does not have this kind of technology installed.
In many respects having these protecting the edge of your corporate networks, seems almost redundant. However, not so much if you consider the next point.
Most people are using these to create a secure tunnel over the internet to their company network. Depending on your configuration, your firewall is probably the point at which the traffic from all these is being monitored. Essentially making your company computers part of the network again.
However, quite often us techy types enable a technology called ‘split tunnelling’ which means that local traffic and internet traffic is dealt with by the home network. Only traffic destined for the office is routed over the VPN and hits the firewall at the office.
We do this for a few reasons – firstly, it speeds up everyone’s internet browsing – it’s not being passed to the office then back again. It also reduces the amount of traffic the office connection has to handle, so makes it faster in that respect too. However, for the most part, it enables people at home to use their Wi-Fi printers and such like. However, from a cyber security optimisation viewpoint, it’s quite headache-inducing.
Do you optimise for security or performance? Of course, that question can only really be settled by a trusted cyber security advisor who can discuss more specifically about your business.
It’s generally considered best practice to have antivirus software installed on your computer. Although in the modern world, it’s not as useful as you may think. Most antivirus solutions work on having a database of file signatures that are known to be bad. When your computer downloads, runs or reads any file, the antivirus software springs into life and compares those with its database. So quite often, these can miss new things that aren’t in its database – especially if they’re new threats.
This is really where I want to put things together for you. If you’ve got a workforce, working from home – who aren’t protected by the company firewall then the Advanced Threat Protection technologies and AI engines that those machines use won’t apply to the web-browsing traffic of your company computers. There is quite a risk to their machines, that in normal operations your business would have minimized or mitigated.
You have an option of making sure all their traffic is VPN’d back to the office – although to be honest, you still have to connect to the internet on the work laptops before they connect to the VPN. At some point, they will be vulnerable and it’s difficult to police behaviour. I’d also suspect with today’s increasing reliance on cloud services – split tunnelling as I mentioned above, is the most sensible way of setting up a VPN.
So there’s a missing piece of protection.
This area of computer security is gaining a lot of buzzwords that don’t mean much. I suppose you can consider it the next generation of antivirus. However, it’s essentially all the clever stuff that your firewall was doing has been scaled down and can run on your company machines.
So in reality, what these systems do isn’t signature-based. They look at behavioural analysis – if they suddenly see your machine start encrypting files, and the machine has never encrypted anything before then it’s likely to be a ransomware attack. It’ll block that activity and protect your machine and your company.
Endpoint Security can be confusing in that quite often Antivirus can be considered to be under the same umbrella or an antivirus supplier will also produce further software to enhance their product. Certainly, we would consider it best practice to have your signature-based antivirus engine from a different vendor to your endpoint security vendor. This is simply because you want to ensure if there’s a bad strategy implemented by a company in its protection methodologies, then you’ve not got all your eggs in one basket.
Making the Cyber Security Optimisation
My biggest worry for firms at the moment is that there will be a second peak. Although I don’t believe in the UK that there’s likely to be a lockdown to the level we’ve just experienced again, I do believe there are risks for localised versions. With some businesses having no option other than to send an entire workforce home to self-isolate. It seems to be prudent to be cautious and concentrate resources in that direction.
In terms of cyber security, the hackers/attackers, whatever you want to call them currently have an edge. What businesses need to do now is look at that area where most will be weak and start looking at the security aspects of working from home and what mitigation technologies can be used.
You need to assess what you already have and what can be leveraged to enhance cyber security for many more of your workforce working from home. At this point, I’d suggest that a competent and trusted advisor is used. Typically the best qualification to look out for in the team is a CISSP – it’s one of the most widely recognised and most sought after qualifications in cyber security.
Unleashed and myself, of course, offer those services and if you’d like a no push socially distant chat – then we’re available by just contacting us.