Resources

IronNet Blog

Executive Commentary, Threat Research, and Analysis from the IronNet team.

Building cyber citizens in a remote workforce

IronNet’s business is empowering companies and organizations to detect cybersecurity threats. Sean Foster, my colleague, equates this capability to a “canary in the cyber mine.” We look to behavioral analytics, in tandem with the work of our data scientists and elite security analysts, to arm IronNet customers with advanced threat detection capabilities. Additionally, we orchestrate secure ecosystems to facilitate real-time sharing of threat intelligence. 

Cybersecurity is our company’s purpose, and we’re very good at advancing our Collective Defense mission across sectors and geographies.

An essential part of delivering world-class cybersecurity solutions is looking inward: that is, nurturing strong cyber citizens across our workforce. 

This imperative is in IronNet’s DNA, but it must not be overlooked at every responsible company committed to strengthening cybersecurity within its enterprise and across industries. We must promote and enable stringent cybersecurity practices among our employees -- every day -- to add another level of security protection. This is more than training. It is a mindset. As we have transitioned to a fully remote workforce, like many other companies enduring this odd COVID-19 world, this mindset is crucial for IronNet and all. Consider that human error was the root cause of 23% of data breaches in 2019, even before our new way of working.

4 ways to enable your workforce to become super cyber citizens

Since we live and breathe cybersecurity, I’d like to broadly share the advice of our experts as part of National Cybersecurity Awareness Month’s “Securing devices at home and work” week. Really, home and work are now the same environment for many workers. What can we do? 

1) Caution employees against Business Email Compromise 

At the top of my list is spreading the word that even the smartest, most cyber-savvy person on your team can easily be duped by a technique that’s becoming more and more common: Business Email Compromise (BEC). This is a tactic where the cyber criminal will pose as an authoritative source (e.g., often a company executive, buyer, or financial administrator) to infiltrate your network. We know that attackers have recently shifted strategies by intercepting official correspondence emails and interjecting themselves in the conversation. You can read more about this tactic in IronNet’s Supply Chain white paper

Here are ways to defend against BEC:

  1. It is important that your employees know never to reuse passwords, and that a compromise in a service that is completely unrelated to your business may have direct impacts.
  2. A best practice is to enable multi-factor authentication for any business critical system, with priority on any systems or applications that are externally facing.
  3. Ensure everyone who may be involved with a “critical and urgent” financial transfer (often CEO and CFO) has established a process that does not use email.
  4. Set up a dedicated incident response email for employees to flag or double check anything that is even the least bit suspicious.

2) Be wary of risky browser extensions

As we strive to simplify and manage the COVID-19 at-home chaos (especially if you’re like me with several children at home for virtual school), it’s tempting to download browser extensions that promise improved productivity and worthwhile shortcuts. I caution you: don’t be tempted. If you are working remotely, it is absolutely critical to take a close look at how installing unvetted browser extensions is risky. Adding an extension to your web browser could open a gateway to all your online activities and possibly open a window to your company’s computing environment. Do you know which third-parties may gain visibility in this way? 

On top of providing direct access to anything that you type into a browser or read in a browser, extensions may also have access to computer information such as the IP address of your system; physical location of the system; and information about installed operating systems, applications, and versions of each. You can read more about how to mitigate this risk in “Browser extensions: helper or hop point?”

3) Consider that you’re not just Netflixing these days

Before COVID-19, most of us probably thought about our routers only when bingeing on Netflix or managing multiple kids playing Fortnite at once. It’s typical to just plug in the router, connect it to the modem, and give it a unique or funny name. Now most definitely is a good time to rethink this approach, going well beyond out-of-the-box settings. 

IronNet CyOC expert Melody Sampson shares in-depth advice in her blog “Leveling up your home network protection.” Here is a snapshot of how to secure your router:

First, access your router settings so you can check and improve the settings, if need be. Since many people may not know how to take this first step, an easier way may be to access your home router settings through logging into your internet provider’s website. The other way is to access the router directly. Typically this is a set IP address such as 192.168.0.1 or 10.0.0.1 that you would type into your browser. Check out your provider’s FAQ pages if you are still having issues logging in to see the router settings.  Once you have accessed the router settings, take the following basic steps:

  1. Change your wifi password and the administrator password (and make them different!);
  2. Change/check your wifi name, keeping in mind that you do not want to reveal personal information (e.g., Jones Family or 289 Middle Ave.);
  3. Check “WPA2” as the encryption method, as other methods have been cracked;
  4. Disable WPS, as it is a way for people closeby to easily get inside your wifi, even if they’re just egregious curbside wifi pirates;
  5. Enable the default firewall to protect yourself from both proximity attacks and attacks from anywhere; and
  6. Disable “Shared-WiFi,” because sharing isn’t always caring!

4) To VPN or not to VPN?

The answer for remote workers is always yes. You must remind employees regularly to log in to their VPN at home. Yes, we know there is much juggling going on between attending to work and caring for at-home responsibilities. It’s tempting to ignore the VPN while your child does schoolwork at night, for example. If you have any hand in affecting your company’s cybersecurity culture, sound the alarm that remote employees should make logging in to the VPN part of their cybersecurity hygiene. To me, not VPNing is as inexcusable as forgetting to brush your teeth!

A practical question, though, for the network team behind the scenes is whether your VPN is sized for 100% of users working remotely, There may be a strain on your VPN connections. In the white paper “Lose Network Security Visibility or Crush Your VPN,” IronNet’s Vasanth Balakrishnan, with contributions from Bill Swearingen and Zoltan Kovacs, outline ways for reducing the burden on the VPN while still ensuring safe remote work conditions.

We can do this.

Change is always challenging. But we can do this. Employee by employee, assuring a culture of committed cyber citizens is what every company needs to do to make the sudden leap to a remote work environment a secure one. Now and for the long haul.