By: Peerapong Jongvibool, Regional Senior Director of Fortinet South East Asia and Hong Kong
Organizations around the world are engaged in one of the most rapid network transformation exercises in history. In Singapore and across the region, thousands of workers are now working from home, small branch offices, or in modified shifts to ensure their health and safety while ensuring business continuity.
A teleworker program requires careful handling to safeguard infrastructure and accommodate new network demands, whilst coping with the sudden surge of endpoints across multiple environments. Once your organisation’s basic teleworker solution is in place, consider enhancing it with additional tools to provide extra security and simplification.
Security is critical now more than ever because cybercriminals are likely to target organizations that have made a sudden transition to a mobile worker framework. Fortinet’s threat intelligence unit has tracked an increase in malicious activity related to the novel coronavirus. Unfortunately, FortiGuard Labs researchers found that cybercriminals are using the COVID-19 pandemic as an opportunity to try and steal money and personal information by generating social engineering scams via email, text, and phone calls.
Over the past few weeks, there has been an increase in attempts to lure unsuspecting victims into going to malicious sites, clicking on malicious links, or providing personal information over the phone under the auspices of COVID-19. Many of these scams attempt to impersonate legitimate organizations, such as the Ministry of Health (MOH) or the World Health Organization, by offering fake information updates and even promises of access to vaccines – all for a price, of course!
One way to strengthen security is educate employees to heighten security awareness as the workforce moves to a more autonomous and exposed remote environment. While businesses can compensate for many of the new risks that new technologies pose to the organization (such as updating or upgrading your secure email gateway and web filtering solutions), it is also essential that leaders understand that these workers have become, in many ways, both your most vulnerable targets as well as your front line for defending the network.
Fortinet’s threat intelligence shows that anyone can be a target to obtain access to business networks and sensitive information. For employees now connecting to the office through home networks, even children are potential targets. Beware. Cybercriminals are experts in the art of masquerading, manipulating, influencing, and devising lures to trick targets into divulging sensitive data, and/or giving them access to home and business networks and/or facilities.
There is already a global shortage of 4 million cybersecurity professionals according to a study conducted by (ISC)2. This problem is exacerbated with the recent mass migration to ‘work-from-home’ environments that put even more pressure on infrastructure teams to balance performance and security. Another way to strengthen security is to use artificial intelligence (AI) and automation as part of your threat protection strategy.
Over 440,000 organizations that deploy Fortinet solutions already enjoy advanced threat protection using AI. Fortinet devices are linked by the Fortinet Security Fabric platform that takes advantage of a common Fortinet operating system and an open application programming interface (API) environment to create a broad, integrated, and automated security architecture.
When managing a remote and distributed workforce, centralized security visibility and management are essential. It is important that support for telecommuting does not jeopardize an organization’s cybersecurity. This is where automated security comes in to alleviate the manpower crunch. With the Fortinet Security Fabric, all of an organization’s devices, including those deployed remotely to support telework, can be monitored and managed from a single pane of glass.
Fortinet solutions offer an integrated solution to support telework. For organisations using Fortinet, their existing technology deployment already contains this functionality. FortiGate next-generation firewalls (NGFWs) have integrated support for IPsec VPNs, enabling remote workers to connect securely to the company network.
Additional measures you should take as more work is done remotely:
- Confirm your VPN capabilities/utilization and determine if they are adequate
- Require the use of multi-factor authentication
- Log and monitor everything and pay attention to anomalous behaviour
- Monitor the final disposition of data accessed by privileged access users
- Monitor your key applications and dependencies for anomalous behaviour
Deploying large-scale VPN solutions for remote users is a thoughtful process. Beyond enabling simple access, things such as segmenting users based on role, security profile, and the content and resources they require are first-order tasks. Teams also need to identify users that require special access to resources.
Risk management and resiliency require careful planning, combined with an experienced team trained to deal with critical situations in flux. It is essential that teams keep their heads, understand their objectives, and execute strategies with a common goal in mind – maintaining operational consistency, including ensuring that your organization does not compromise on security for the sake of expediency.
We have all been practicing social distancing over the last few weeks to protect against viruses and illness. Likewise, we should consider cyber distancing ourselves from our attackers. Keep your cyber distance by staying wary of suspicious requests, unknown attempts at contact, and unsolicited information and be the protector of your information, your networks, and your health.