The rise of flexible work policies
Even after the pandemic ends, most companies are extending flexible or remote work policies, and cyberhackers are shifting their methods of operation accordingly. The beginning of the pandemic saw a huge increase in cybercrime, while companies were navigating the question of how to protect the critical information and infrastructure that is now spread out across many home Wi-Fi networks. Businesses and organizations, as well as their employees and customers, are not safe from the advances of these cyberhackers.
Endpoints: the cybersecurity vulnerability created by flexible work policies
Often, cyberhackers breach a company network through its endpoints. An “endpoint” is any device that is physically used by an end user on a network, such as laptops, cell phones, servers, and virtual environments. All these endpoints communicate back and forth on the company network. Hackers use endpoints in a variety of ways. First, hackers use endpoints as an access point to all of the information on a company network. Second, hackers access and use information on the endpoint itself to hold hostage for ransom or disruption purposes. Finally, hackers take control of the endpoint device and use it, along with other devices in the hackers’ control, to shut down a critical system such as a service used by employees or members.
To demonstrate the vulnerability of a company network from a single unsecure endpoint, consider for example the Raley’s Pharmacy breach. In September 2018, an employee of Raley’s had their laptop stolen. The laptop contained a vast amount of pharmacy patient data and likely contained a file with 10,000 patients’ medical records. And, to make matters worse, the company could not tell if encryption was setup on the laptop. The breach was a public relations nightmare for the company, as it had to warn its patients, notify , and wither a barrage of news reports covering the breach.
Additionally, endpoints create a vulnerability for ransomware attacks. Ransomware is malware that is mistakenly installed on a device or company network, and “attacks” the company in two steps. First, it inconspicuously works in the background to encrypt the company’s data. Then, once enough data is encrypted, hackers block access to a computer system and demand a ransom payment. The ransom payment attempt often shows on the infected device’s screen as a popup demanding cryptocurrency. The recent attack on the Asia operations of the French insurer, AXA, demonstrates the potency of ransomware attacks. Avvadon, a cyberhacker group, used ransomware to pull the data from AXA systems. The data included patients’ personal information, such as medical records and IDs. Ultimately, the ransomware attack resulted in 3 Terabytes of data being stolen, put numerous patients’ privacy and information at risk, and prevented healthcare providers from accessing patient information until the system could be restored.
In sum, endpoint vulnerabilities within companies are being exploited more and more frequently. Therefore, companies should take preemptive steps to secure this key vulnerability.
Achieving flexible work and endpoint security
With recent surges in remote and flexible work employees, the landscape of cybersecurity is changing quickly. In a physical office, most Information Technology teams manage and protect company networks by using firewalls, network traffic analysis, and web filtering. But, this arrangement tends to be difficult to extend to remote employees. Though some organizations use VPN access to allow remote workers to securely access company data, the traffic on the VPN server leads to latency issues and high costs.
To boot, more and more at-home employees are working on their personal devices. At-home devices are less secure as they are often accessed by other members of the household and used on home Wi-Fi networks, which lack the robust security of enterprise networks found in office spaces. Fundamentally, the huge influx of these bring-your-own-devices into company networks hamper companies’ ability to properly lock down and monitor security threats.
This new landscape puts CISOs, IT Managers and Systems Administrators in a tough position. They must balance protecting the company network from cyberhackers with the privacy of employees’ personal lives. One of the first and simplest policies every IT team should implement is to require an antivirus tool on any device that accesses the organization’s information. This helps to tackle endpoint vulnerabilities by ensuring employees have the most up-to-date malware protection at the device level.
While antivirus is a good first step, it does not solve the issue of endpoint security. Indeed, many top IT teams are looking to improve their endpoint security—primarily through endpoint detection response (EDR). EDR is a security system that uses automation to detect suspicious activities on hosts and endpoints, and alerts a security team to respond to the threat. EDR applications can run as part of a managed security operation or managed vulnerability service plan with an external security provider. To effectively protect a company from cyberattacks, these managed services should: recommend an endpoint detection and response software; take the initiative to index the data from people and systems to look for malicious or suspicious activity; and perform 24/7 monitoring of endpoints for better peace of mind.
We are here for you
As you build out your IT strategy, keep in mind software, hardware, and managed service providers that have already “built the wheel” of endpoint detection and response. This strategy gains faster and more efficient IT security than piecing together a strategy on your own.
If you are thinking about implementing a long-term EDR strategy and need help crafting a plan for your company, contact your local MRC/Xerox rep. They will help you discover the right mix of network operations center plans, managed security services plans, IT engineering security projects, penetration testing, and/or endpoint detection and response software that can give your team a secure peace of mind.
To submit your request for a complimentary network vulnerability or risk assessment, contact us here: https://mrc360.com/connect-with-us/contact-us/ and remember to ask for a complimentary network vulnerability or risk assessment in the Additional Comments field!
Check in with us soon to read our next installment in the Work From Home series!