Even the best psychics, science fiction and horror writers could not have predicted or written 2020.
It’s been quite the year. I am thankful that it’s almost over.
The COVID-19 Coronavirus started a global lockdown that sent millions of people to work from home, or wherever they could shelter in place. Personally, working at home didn’t seem like a bad option at the time. But after 8 months, sheltering in place, working from home, and sharing your Internet bandwidth with three others who also need real-time audio and video can be exhausting.
Professionally, it’s another story. It’s hard to understate the magnitude of the change. It was as if someone flipped a switch. One day, most of McAfee’s 7,000+ employees could be found working in McAfee offices. The next day, we had 7,000 “offices” of one person each. They were now voices heard on a phone, logging in from remote locations.
Whereas previously just 2% of workers were remote full time globally, by April 2020, 42% of the workforce was remote according to Stanford University economics professor Nicholas Bloom. By late August, the number of workers at home dropped to 35%. That said, once the pandemic ends, about 55% of employers surveyed by PWC said they expected staff to work from home at least one day a week. And more than 80% of employees said they supported that idea. In fact, Facebook, Microsoft and Twitter have all said remote work would be a permanent option.
Most organizations have found a way to make do with existing infrastructure. Since we’re apparently in it for the long-haul, it’s time to go back and verify that all appropriate security protections are in place. Because – let’s face it – in many organizations, security during this transition had to be prioritized behind keeping the business running. Cyber hygiene had to wait while organizations worldwide raced to the cloud in order to get their teams online and productive again.
Cybercriminals know home networks are often less secure and have leaped at the opportunity to find new and easier ways to access data and systems. In fact, McAfee’s Advanced Threat Research team observed a 630% increase in external attacks on cloud accounts with the greatest concentration on collaboration services (CARR). And, during Q2 of 2020, McAfee’s global network of more than a billion sensors registered a 605% increase in total COVID-19-themed threat detections.
For a security company like McAfee, the pandemic is an opportunity to share some lessons to help protect your people and data without getting in your teams’ way. It will not surprise you to learn we primarily run our own products and relied on them heavily for our WFH transition. I will be touting some of the benefits of our products in this article.
1. Maximize Visibility and Control
For many companies, the rapid transition resulted in less visibility and control than when everyone was in the office behind a web gateway. With WFH, visibility and control across the entire organization – cloud, web as well as both managed and unmanaged devices is imperative.
McAfee MVISION Complete, part of our new Device-to-Cloud suites, provides this visibility and control across endpoint, web and cloud. The solution unifies MVISION Insights, Endpoint, cloud access security broker (CASB), data loss prevention (DLP), cloud-based Secure Web Gateway (SWG) and (soon) remote browser isolation technologies to deliver comprehensive device-to-cloud protection. It enables us to:
- Secure corporate devices against ransomware and other advanced malware with our endpoint anti-malware and endpoint detection and response (EDR) technology;
- Manage web and cloud access from anywhere through our SWG;
- Improve our phishing and web protections with the remote browser isolation technology from McAfee’s acquisition of LightPoint last year;
- Control shadow and sanctioned cloud services via integrated CASB; and
- Protect data on endpoints, web and in cloud services with unified DLP.
2. Run an Effective Threat Management Program
Threat Intelligence programs are designed to answer questions such as:
- Who is targeting me?
- What are they after?
- Am I protected?
- If not, how can I become protected?
Questions like these are called Intelligence Requirements, and some threat management programs flounder because they focus on answering the first two questions. Others struggle because they don’t have the resources to answer the last two in a good way. It takes substantial time to walk through indicators of compromise (IOCs) and determine whether you have coverage on your endpoints, your IPS, your Web Gateway, etc. It can take longer to update coverage. Having 95% coverage can sound like a lot, but advanced actors always seem to be able to locate the unprotected 5%.
3. Plan for Increased Threats to Home Workers
WFH has put a premium on making sure employees can depend on the same level of security they received in the office. In a post-pandemic future where WFH continues to be prevalent, cyber adversaries will focus their innovation on WFH users. To get ahead of this trend, we must find ways to increase our protections for WFH users.
4. Future-Proof … with the Right Protections
Enterprise security teams should plan for the likelihood that some of their employees working from home are going to get breached. It may be a compromised computer. It may be a connected IOT device. People will do the wrong thing, so it is important here to mitigate risk.
The technical measures listed earlier are a good start. In addition, you’ll need to make sure WFH users are patched as aggressively as they were when on-site. And, that you have a process for following up with the last 5% who are out of office during patch installation, or who power down their laptop during installation. You’ll also need vulnerability scanning agents installed on user workstations.
Finally, I see a renewed move back to centralizing the data to limit the endpoint exposure.
5. Education Never Ends
There’s no getting around it. People are both a company’s biggest asset … and also a company’s biggest security liability. Many employees are still prone to making silly security mistakes by ignoring best practices. So, any WFH security approach ought to feature a big education component. Spend more time with employees to educate and inform how to improve their security practices. What’s practical guidance for employees? There’s no one-size-fits all but the best advice I can offer is to be realistic. Don’t send out a detailed, 20-page paper on wireless security and expect miracles. The message needs to be brief, clear and simple.
I’d love to hear what you’re doing to secure your distributed teams… leave comments below.