HG Coronavirus Threat Advisory and Secure Remote Access Recommendations

February 28, 2020

With increasing global concerns around the spread of Coronavirus (aka COVID-19), companies around the world are activating their Business Continuity Plans to proactively prepare for a widespread remote work scenario.

The spread of Coronavirus is serious enough to prompt the US Center for Disease and Control to advise companies to "replace in-person meetings with video or telephone conferences” and to consider “increase[d] teleworking options.” Furthermore, “[t]elework and remote-meeting options in workplaces” may become requirements according to the CDC.

Ensuring your Business Continuity Plan is effective in the event of a pandemic is critical to minimizing the impact to your employees and your business; “studies have shown that early layered implementation of these interventions can reduce the community spread and impact of infectious pathogens such as pandemic influenza…These measures might be critical to avert widespread COVID-19 transmission in U.S. communities.”

How widespread is the move to Remote Work? The financial data platform Sentieo analyzed the earnings calls of public companies in the month of February, and so far, 77 have mentioned “work from home” in their transcripts, up from 4 mentions a year ago, with most referencing Coronavirus as the driver.

At Herjavec Group, we are supporting enterprise customers who have elected to transition to remote engagements. For our global SOC operations, Business Continuity Planning provisions are in place for secure remote access when needed to maintain 24/7/365 availability.

To enable a successful remote workforce we recommend developing three foundational pillars:

1. Implement technologies that effectively, efficiently and securely allow remote access:

a. Ensure you have the appropriate technologies to allow for successful remote access either through a traditional on-prem solution or Secure Access Service Edge (SASE). Technologies for consideration may include but should not be limited to:

• Palo Alto Networks
  • GlobalProtect
  • Prisma Access 
• Zscaler - ZPA – Zscaler Private Access solution (SASE)
• F5- APM – Access Policy Manager
• Akamai – Enterprise Application Access (SASE)
• Netskope – Private Access
• Cisco – AnyConnect
• Checkpoint – Remote Secure Access
• Pulse – Remote Access VPN
• Tehama – Virtual Office-as-a-Service (OaaS)

b. Ensure the technologies support your Multi-Factor Authentication requirements and consider conditional sign-on. Evaluate and understand what BYOD users or those that don’t have a corporate device, will be able to do, as well as ways to protect them. Consider your current use of, or assess leveraging:

• Azure MFA
• Okta
• OneLogin
• Ping Identity
• Duo
• Centrify
• SecureAuth

2. Develop realistic policies to guide employees. Two core policies to consider include:

a. Acceptable Use Policy outlining regulations around:

• Devices that people can use to connect to the work environment
• Corporate devices vs. BYOD 
• File copy from the corporate network to local devices
• Share of corporate devices with other people 
• Use of Public or Private Wi-Fi
• Use of USB and Lightning ports on corporate devices 
• Procedures on password reset and remote support 

b. Technology policy outlining regulations around:

• Configuration of remote access systems, traffic routing and tunnelling
• Configuration of SSO/MFA providers 
• Configuration of new corporate devices as well as supporting EDR/EPP and MDM solutions

3. Monitor remote access

a. Monitor access to ensure fair use and avoid unauthorized access

• Configure all Remote access and MFA solutions to log to corporate SIEM
• Create use cases and profiles for escalation
• Consider the use of a UBA solution to find sophisticated authentication cases of compromised credentials
• Develop escalation procedures and playbooks to block compromised credentials
• Monitor advanced insider threats based on Data Classification, document watermarking or other DLP capabilities

We also want to encourage you and your teams to be aware of heightened risks around phishing and ransomware campaigns. In times of natural disaster, pandemic or global relief efforts of any kind, we often see an uptick in social engineering attacks that spoof charitable causes, healthcare intel or relevant news sources. Be diligent and encourage your teams to be security-aware.

What to look out for to mitigate phishing attacks:

• Sender’s email address - Watch out for email addresses that you don’t recognize, even if you recognize the sender’s name.
• “Reply to:” email address - Beware when this email is different from the sender’s email.
• Links - Always hover over a link to see if the destination is the same as how it’s displayed when typed out. If you don’t recognize the link destination, don’t click.
• Attachments - Be wary when there are attachments in an email that you must download to view very important information. As a general rule, never open any attachment from email addresses you don’t recognize or companies you’re unfamiliar with.
• Proceed with caution when you click through to a website that asks for your account information or user credentials. A fake website designed to mimic the real website can seem nearly identical at first glance. Before you enter any account details, load the login page independently on a separate browser tab to ensure you are on the legitimate website.

If you would like to connect with an HG Security Specialist to learn more about how you can prepare your workforce for telework or discuss emergency preparedness planning, please contact us.

To download the HG Coronavirus Threat Advisory and Secure Remote Access Recommendations brief, fill out the form below.