We are in unprecedented times. If you’re like us, you may have suddenly found yourself and your company operating entirely remote. Such an abrupt change can be a challenge for any organization, and especially for those that have never worked remotely before. But as with any crisis, there are always opportunities to emerge even stronger — and, in this case, to make your organization even more productive, resilient, and secure.
Seeing as we are a dedicated risk management partner to over 10 thousand organizations across the country, Part I of this series focuses on how to keep you secure. After all, exploitation of remote access points and services is the root cause for over 40% of all ransomware claims reported to us. And while we’ve helped 100% of our clients recover, it’s far better to avoid a claim (and the headache) in the first place.
“Exploitation of remote access services is the root cause for over 40% of all ransomware claims that we see”
Additionally, cyber criminals are already exploiting the changes organizations are implementing to facilitate remote work, and launching phishing campaigns to exploit mass uncertainty and fear. Our shared mission to Solve Cyber Risk is more important than ever and, at times like this, the entire Coalition team is here to support you (at absolutely no cost). You can reach our team 24/7/365 by contacting firstname.lastname@example.org or calling toll free at (833) 866-1337.
Nearly all cyber attacks against organizations are opportunistic — you aren’t being attacked because of who you are, but because your organization has made a (risky) technological decision that is visible on the Internet to hackers. One of the riskiest decisions we see organizations make time and time again is improperly implementing remote access services, such as Microsoft Remote Desktop. If you’ve already implemented a remote access service, please please please make sure you follow these safe practices for remote access.
If you are looking for safe ways to set up remote access to servers or computers in your office, we encourage you to consider using one of the following tools.
Teamviewer – TeamViewer specializes in enabling companies to deploy and scale remote access capabilities for their employees.
LogMeIn – LogMeIn, parent company to familiar products like GoToMeeting, offers a wide array of enterprise solutions for identity access management, remote desktop protocol, and collaboration enablement. Just remember that remote desktop software is not entirely secure on its own, and should always be paired with other protective measures (such as a VPN and multi-factor authentication). Here are some options to consider:
Cloudflare Access (free) – Setting up Cloudflare Access to sit in front of a remote desktop configuration provides robust identity and access management capabilities without needing to purchase or configure a VPN. (This is what we use at Coalition).
Virtual Private Networks (VPN) – Using a VPN reduces the “attack surface” of your company by “shielding” remote desktop services from being visible on the Internet. If they can’t find the service on the Internet, you are unlikely to be targeted in the first place!
Beyond securely configuring remote access services, our data shows that the next most important thing you can do is implement 2FA (and referred to as MFA). This can not only be used to protect login points for remote access users, but also to protect your email and other business systems. We’ve seen an explosion in Coronavirus -related email phishing, and implementing 2FA in front of your email login can prevent an email compromise even if a user were to be tricked into revealing their credentials. Here are a few services we recommend.
Duo (free for the first 10 users, or first 30 days if >10 users) – Duo Security, now owned by Cisco, is a provider of two-factor authentication software, allowing companies to require their employees to use an additional method of authentication beyond just a password, such as a code from their mobile device. It can be easily integrated with nearly all VPN solutions, as well as services such as Microsoft Remote Desktop. Better yet, it’s free for up to 10 users, and there is a 30-day free trial if you have more.
Included 2FA / MFA Features (free) – Many sensitive business systems, such as Google GMail, Microsoft O365, and nearly all other cloud email services, natively offer a two-factor authentication setting as a feature that an administrator can enable. Turning this feature on is entirely free of charge, and can preemptively spare both losses and headaches. Our claims data suggests this is the most valuable control any company can implement.
Beyond the above, we also wanted to share other very important things you should be doing in the current threat environment.
Perform Regular Backups – All organizations should back up their data in a manner that best suits the company’s data governance practices (offline, on an external drive, or to the cloud). It is important that at least one set of backups is maintained outside of your network. That way, if you are hit with ransomware, your backups aren’t encrypted too! It is also important that you routinely test your ability to restore systems from backups. We have seen this simple measure save companies $$$$ in lost income, labor, and headaches.
Thumb drives – While thumb drives have somewhat fallen out of favor given the advent of cloud storage, they’re not a bad backup fallback to have in the event of a cyber breach. They’re secure from a cyber standpoint given that they’re not accessible to the internet, and may be a good option to have for storing small amounts of important files if no other options are available to you.
Strong Passwords – The passwords used to access any corporate system or device should be sufficiently strong, and never used more than once. Companies like LastPass offer a free password generator. At Coalition we also use 1Password.
Avoid Public / Unsecured WiFi Networks – Employees working remotely may want to get out of the house and work in a coffee shop or something similar. Doing so without a VPN can be potentially risky, as these venues’ WiFi networks are not secure. Any traffic from their computer to the Internet that is not encrypted can potentially be intercepted.
Endpoint Protection – there are many things you can do to prevent a breach or download of malware in the first place, but it never hurts to have endpoint or antivirus protection in the event all else fails.
From all of us at Coalition: be well! We are an email, phone call, or online chat away at all times.