Guest User Guest User

Securing Your Company in The New Work Landscape

It's no mystery (nor a surprise) that threat actors are actively taking advantage of employees working from home. Protections that were built to protect organizations on-premise no longer secure remote workers. Many are using residential grade networks, personal computers and sharing the Internet connection with their children on a flat network.

This article sheds light on how Russian cybercriminal groups are targeting American remote workers.

A Russian ransomware group whose leaders were indicted by the Justice Department in December is retaliating against the U.S. government, many of America’s largest companies and a major news organization, identifying employees working from home during the pandemic and attempting to get inside their networks with malware intended to cripple their operations, reports The New York Times

Sophisticated new attacks by the hacking group — which the Treasury Department claims has at times worked for Russian intelligence — were identified in recent days by Symantec Corporation, a division of Broadcom, one of the many firms that monitors corporate and government networks, says the report.  In an urgent warning issued Thursday night, the company reported that Russian hackers had exploited the sudden change in American work habits to inject code into corporate networks with a speed and breadth not previously witnessed, adds The New York Times.

To protect your organization, employees and yourself, we’re sharing a list of ways these risks can be mitigated.

  • HARDWARE - Identify the hardware used for company work. Until you have a clear inventory of devices, you can’t begin to protect them.

  • SOFTWARE - Identify the software employees are using to access company data and resources. Ensure it is on the company approved software list, properly secured and updated.

  • CREDENTIALS - Ensure employees have a secure level of access to company resources. Are passwords secure? Are they on devices that are being shared? Have you implement MFA everywhere you can?

  • DATA - Identify company data, where it’s stored and how it’s being secured. Employees are now accessing it on-prem, remotely and/or a hybrid of both. What changes have you made to ensure it’s being properly protected from all locations?

  • STAFF - Clearly understand which employees have access to what data. Staffing levels may have changed since the stay-at-home mandate was implemented. What has been done to review staffing levels, their credentials and access to company resources?

While this list summarizes where to focus, there is a lot to implementing and managing this over time. Contact us if you or your organization need assistance securing these resources. We are here to help and look forward to speaking with you. reach@ssowow.com / 858-848-5776

Read More