Enterprise Security Operations: 3 Areas to Focus
There has been a steady stream of work from home (WFH) guidance (including our posts and checklists) published recently advising on the do’s and don’ts. This is all in an effort to protect remote users from increasing COVID-19 threats initiated by opportunistic attackers.
Just as with a human virus threat, stopping cybersecurity threats requires following best practices and maintaining discipline. So, what else can we do? What do we really need to be aware of to keep ourselves—and enterprises—secure?
When it comes to enterprise security operations, there are three critical areas that deserve focus: email security, tool configuration and chat. These three areas affect the security posture of an entire enterprise.
However, what many users don’t realize is that they can help keep their work environments guarded. Teaching our users the skills required to maintain security not only helps protect the business, it also provides a sense of purpose and job security during these difficult times.
Where to Focus
1. Email Security
One of the largest and most exploited vulnerabilities that an enterprise has is email security. Deploying new devices to try and stop spam and phishing helps; however, technology cannot stop all attacks. We will need to help our users better understand how to recognize malicious emails. Attacks in the coming months will likely appear through a variety of phishing scams, with emails like; ‘overstock on toilet paper – buy here’, ‘low home financing rates, pre-approval’, ‘new work from home policy’, ‘tax benefit – pandemic support’, and the list will go on.
Focusing on providing users with the guidance needed to protect themselves, and how to recognize these attacks, will help reduce company exposure and protect personal assets. Start by setting up a program that offers tutorials and exercises on how to recognize a phishing or spam email. Employ fake corporate phishing emails. Test users on what they’ve learned to help them not only retain the information, but also to give them satisfaction when they correctly identify suspicious emails.
2. Tool Configuration
Many enterprises have the tools in place to monitor and help mitigate attacks. Keeping a closer eye on these rules and alerts will help stop any active attacks. While monitoring what is already in place, review the rules and alerts that are active in the environment. Adjusting them or adding to them as needed can help broaden the types of attacks you are mitigating against.
Instead of relying on an alert to come to a person, assign someone to work in the tool and actively monitor trends and activities. This can help create an early warning for something that could become more serious. Since many of us are stuck at home, and some activities may be lighter due to the lack of in-person meetings, repurposing roles to focus on what our tools are telling us can help give employees purpose and limit exposure.
IT support personnel may be aware of what is normal in your environment. Allowing them to partner with the security team to monitor the tools not only gives them an opportunity to expand their skillset, but also offers a fresh perspective. Having new eyes reviewing dashboards and investigating in these tools (in a read-only privilege group until everyone is comfortable with their skillset) can shine a light on new gaps.
Working from home can be difficult, and people can get caught up in their own personal tasks without regular collaboration. Keeping open lines of communication can bring teams together. When reviewing collaboration tools, make sure there is a secure channel and communication and file-sharing methods are over a VPN or other security tool stack. With more and more of us working from home, these chats are becoming more extensive and frequent. Ensure these communication exchanges are not occurring outside of secured networks. This is especially important given chats are often used to discuss issues or problems and may contain data that is confidential. If an individual team is continually discussing confidential information with one another, having a dedicated and secure video conference line may be a better option.
Prioritizing email security, tool configuration and chat can help you more effectively combat COVID-19 related campaigns waged by an increasing number of opportunistic attackers. The outcome of doing so will result in more secure security operations.