By Steve Cobb, CISO, One Source

With COVID19, the shift to a largely remote workforce has presented an even greater opportunity for hackers to expose vulnerabilities and attack businesses. The truth of the matter is that many data breach scenarios are easy to avoid just by going through a simple checklist of potential cybersecurity misconfigurations.  These misconfigurations are mostly due to human error and overuse of manual processes. IT departments are often short-staffed and under-skilled in cybersecurity resulting in common errors.

For organizations large and small, here is list of actionable cybersecurity advice to avoid risky misconfigurations. With extra attention, they can reduce your cyber risk by as much as 75%. 

1. Restrict Remote Desktop Accessibility
   
   Remote Desktop allows users to have access to a remote or “host” computer over the Internet. Users can then control and use the resources hosted on that computer. A Remote Desktop server allows users to work from any location – at home, on the road, or in the office. In our current quarantine as result of COVID19, there has been an abrupt and artificial number of remote workers which has only put corporate networks at much greater risk. In fact, an organization’s security team was most likely caught off guard when there was a sudden migration of workers from on-premise to remote working. In the rush to have people out of the office, there may not have been enough time to perform the usual basic endpoint hygiene and connectivity performance checks on corporately owned devices before they were off the corporate network for an extended period.Some critical advice during this time, make sure to evaluate the accessibility of your Remote Desktop services and make sure that Remote Desktop is not open to the public Internet. If you are using Remote Desktop for your administrators, make sure you limit those as well to only those who truly need it. This will also ensure that you are not giving potential attackers unauthorized access.  Since the COVID-19 pandemic began, the number of Remote Desktop endpoints accessible via the Internet has increased across the globe more than 40%. This is currently the most leveraged entry point for ransomware operators. If you can, apply the next two points to your Remote Desktop infrastructure.
2. Use Stronger Passwords
   
   More unique, stronger passwords should be a requirement for any account. The days of using the names of your pets, maiden names, and family members should be over. With the rise of social media, it is very simple for any threat actor that chooses to figure out and trace the names of those connected to you and that you write about as a means of figuring out your passwords. Instead enforce password complexity guidelines and/or encourage users to paraphrase encrypted personal messages, ideally that do not contain their username or words in the dictionary frontwards or backwards.
3. Implement Two-Factor or Multi-Factor Authentication
   
   Two-factor and multi-factor authentication has evolved as the single most effective control to shield an organization against remote attacks. It is as simple as having multiple locks on your front door. When implemented correctly, it can prevent most threat actors from easily gaining an initial foothold into your organization, even if credentials become compromised. The biggest mistake is not making the time to implement!
4. Review your Firewalls
   
   Firewall misconfigurations greatly raise the risk of data breach and are primarily due to human error and lack of automation highlighted in Firemon’s 2019 State of the Firewall Report. Security teams are flooded by manual processes and in this research it reports that 65% respondents said they didn’t use any kind of automation and 35% said inaccuracies, misconfigurations or issues on the network accounted for 10 to 24 percent of the changes that required rework.Firewalls are an essential part of your network security, and a misconfigured firewall can completely damage your organization and give easy access to an attacker. Most often, errors occur because of broad policy configurations. IT teams don’t know exactly what they need at the outset of configuring a firewall so they set up an open policy of allowing traffic from any source to any destination.  In addition, many companies do not extend their authentication policies, like complex passwords, account lockout, etc., to their network infrastructure. By not enforcing corporate authentication standards on network devices, like firewalls, attackers may access those devices using local accounts with weak passwords and a different limit on login failures before account lockout. Lastly, failing to capture and analyze log outputs from security devices, like firewalls, reduces the effectiveness of a company’s security controls. This is one of the biggest mistakes that can be made in terms of network security; not only will you not be alerted when you’re under attack, but you’ll have little or no traceability when you’re investigating post-breach. Many are not logging properly because they believe that logging infrastructure is expensive, and hard to deploy, analyze, and maintain. However, the costs of being breached without being alerted or being able to trace the attack are surely far higher.Organizations large and small need to look at the state of their firewall security and identify where holes might exist. By addressing these misconfiguration issues, organizations can quickly improve their overall security posture and dramatically reduce their risk of a breach.
5. Update and Patch Applications
   
   Software updates and patches do a lot of things. These might include fixing or removing computer bugs, creating greater stability and performance, adding new features, removing outdated ones and repairing security holes that may have already been discovered.Updates are critical in that they help patch these security flaws. Hackers love security flaws, also known as software vulnerabilities. A software vulnerability is a security hole or weakness found in a software program or operating system. They can take advantage of the weakness by writing code to target the vulnerability and package this code into malware. An exploit can infect an end-user’s computer with no action taken besides viewing a rogue website, opening a compromised message, or playing infected media. There is a lot of personal information and documents on every individual endpoint that are interesting to cybercriminals. Updating software is an easy way to keep the hackers out.

   When it comes to cyber compromise, however, all it takes is one endpoint. If one device’s applications aren’t updated and fall victim to malware, they could pass it on to anyone in the company or beyond. And more often than not, using an anti-virus program isn’t enough to keep your devices secure against all cyberthreats.

Putting Cybersecurity Measures in Action

For many organizations having the bandwidth and resources to instate, monitor and automate security measures is not always possible and the biggest cause of breach. Executives have become overwhelmed with the threat of a breach, compliance, and cost. They often share a misunderstanding of what information security means and how it is best managed. A solution that organizations are increasingly adopting, however, is partnering with a managed security service provider (MSSP) to empower their security organizations with the people, processes, skills and technology to secure their critical assets and data.

Partnering with an MSSP offers the following benefits:

Superior Protection– 24/7/365

Cost Effective– pay for business outcomes vs software and headcount

Strategic Funding– eliminate CapEx and instead, fund with OpEx

Security Experts– without recruiting, training and retention challenges

Advanced Technology– without the need to procure software

One Source is a trusted MSSP specializing in small to mid-size companies.  We have a unique partnership with FireEye to provide quick deployment of Fortune 100 strength security tools at a mid-market investment. We care about your business and want to help you as your trusted partner to navigate the abrupt and violent storm that COVID19 has generated with new vulnerabilities that come from a remote workforce.

For more information please schedule a free threat assessment or contact us to schedule a call so we can learn more about your specific business needs.