The Microsoft Exchange vulnerability debacle, which has been reported on to extensively by The Hacker
The Hacker News is running several interesting articles related to information security and COVID-19 as they relate to emerging threats. Specifically, the threats that a newly mobilized remote workforce faces when many of them have little on detecting threats outside of their normal work environment. While the article referenced specifically touts Cynet’s service offering, the guidance offered is applicable across the board.
Take for example, all of your new remote workers who are receiving all or some of their direction via personal communication channels whether they be phone, SMS, or email. How many of these staff are capable of discerning phishing messages on their personal devices? It is one thing when they have a corporate suite of products assisting them to make these judgement calls, but when they don’t have those can they still be trusted to determine who the bad actors are? In all likelihood the answer is going to be that remote workers are going to be less capable of protecting themselves without new training programs and time to become acclimated to their new reality. COVID-19, however, has made it so there is no time to do so in the face of mandates to have 100% of your workforce out of the office. Introducing new training for these workers about how to protect themselves in this chaotic time is going to be crucial not only for them but also for the well being of the organization as a whole. In addition to training, all information security teams should be looking at how to best to detect unauthorized data loss as well as unauthorized access into corporate networks. It also goes without saying that any remote access solutions should also be protected by two-factor authentication.
Be well, be safe, and secure your networks.