If you are implementing a work from home strategy to protect your team members and contain the coronavirus, you are now a prime target for cybercriminals looking to break into your network and steal your email. We have already seen some very clever phishing attacks directed at asset managers in which criminals are taking advantage of the coronavirus pandemic. And these criminals will use every trick in the book to get you and your team to expose your company and allow them access to your critical data.
The best way to prevent a system breach is to enable Network Security Protections and enforce multi-factor authentication (MFA) for any type of remote access utilized by your employees. Unfortunately, most asset managers do not have MFA enabled, or if it is enabled, it may not be properly implemented. In response, we strongly recommend that if you are allowing your employees to use any type of remote or cloud-based access for your files or email, that you make absolutely certain that you have MFA enabled and enforced.
Examples of remote access capabilities common in the asset management industry include:
- Citrix
- MS Remote Desktop
- LogMeIn
- TeamViewer
- Office365/OneDrive
- Outlook Web Access (OWA)
Implementing MFA is more complex than simply flipping a switch. We recommend you test any MFA configuration changes individually – before implementing those changes for the entire organization. Moreover, if your IT managed service provider (MSP) hasn’t already provided you with this basic security control, it may be indicative of other security weaknesses that you’re not aware of.
Looking ahead:
As the coronavirus outbreak spreads, companies are taking a long view, and preparing for the situation to last for an extended period of time. For companies that are required to undergo annual Regulatory Risk Assessments and Penetration and Vulnerability Testing, we highly recommend scheduling these processes as soon as possible, as they can pinpoint any weaknesses in your remote strategy. We also recommend Phishing Training – mock phishing attacks will help your team identify and avoid real attacks of this nature. We are already seeing a significant increase in the amount of phishing attacks.
If you want to discuss any issues related to the security of your remote workforce or schedule a mock phishing attack to proactively educate and prepare your employees, call (646) 779-8977.