Cyber Security Advice & Implications
Covid-19 Statement
Key Links
A note from our team
On Thursday 19th March, Threatscape celebrated its 10th anniversary. It’s been an exhilarating ride seeing the company grow from a team of just half a dozen in 2010 to today with personnel in multiple countries securing business critical systems and millions of users and devices at client sites in over 100 countries. I’m immensely proud of what we’ve achieved, and of the exceptional group of people I get to work with every day. I’m grateful for the trust our clients place in us, and the business we do together.
Our team had planned one hell of a party but instead everyone was working from home. This of course was because of the Covid-19 pandemic, and I’d like to let you know what Threatscape is doing to ensure our staff and clients remain safe, our business remains operational and that we continue to service the critical cyber security needs of our clients with minimal disruption. We also wanted to let you know how we are assisting clients to securely adapt their working practices to continue operations in a time of remote working and social distancing.
First though we would like to wish everyone the best as we collectively face the unprecedented circumstances caused by Covid-19. We hope everyone is taking appropriate precautions for their safety and that of their loved ones, and we send our appreciative thanks to those in the frontlines of protecting society, particularly medical personnel.
While we are curtailing face to face interactions with clients for the foreseeable future, we will be making exceptions for clients who are involved in battling Covid-19 or ensuring continuity of critical services. Accordingly, our personnel remain fully available as a priority for our clients in health, law enforcement, armed services and critical national infrastructure.
Finally, everyone at Threatscape would like to thank our valued clients for their continued business, and to wish everyone the very best as the world battles Covid-19. Please do everything you can to protect your loved ones and the most vulnerable in our communities.
Together we will all get through this, but in the meantime please take no chances – and risk no lives.
Regards,
Dermot Williams
Managing Director
How Threatscape is operating during the Covid-19 crisis
Due to the nature of our work, many of our team routinely work from remote sites, and our IT and communications systems were designed to support full mobility. Everyone has secure access to our corporate network, email and messaging systems, telephone system, support platform, technical resources, conferencing systems, cloud resources, remote access platforms and more regardless of their location. Last year we significantly upgraded the infrastructure at our headquarters including the installation of a 10gb fiber circuit – this wasn’t done with a pandemic in mind obviously but having it has greatly eased the transition to full remote working.
Over the last two weeks we ensured that normally office-based staff were equipped and trained appropriately to work remotely. Following tests last week, all personnel have been working from home since Monday of this week apart from a skeleton crew who have now adopted appropriate precautions including hygiene and cleaning, facility lock-down, and maintaining an entry/exit log should any future contact tracing be required.
Microsoft Teams has enabled our team to maintain our spirit of collaboration regardless of location.
From a client perspective, accessing our services should be seamless as you may continue to contact our team as normal:
- Incoming phone calls to our London and Dublin office numbers will continue to be answered as normal and routed to the appropriate member of our team
- Everyone remains contactable at their normal email addresses
Service delivery continues as follows:
- Our account managers will no longer be visiting client sites but are available via phone, email and video conference.
- Our ticketing and case management system ensures all support queries are logged, prioritised and managed appropriately including case handover or escalation as required. This enables us to continue providing technical support regardless of staff location and without any impact to SLAs. Clients should continue to log their support requests in the normal way such as emailing support@threatscape.com or by phone.
- Professional services will be delivered remotely (as was already the case in many instances) unless a special exception has been agreed for on-site work. such as is the case for clients delivering life-critical services.
- Scheduled classroom-based technical training courses will not be proceeding but will instead be delivered remotely. Our team has accelerated and completed a project to build a complete virtual classroom which allows each course participant not only to see and interact with the trainer in real time, but to connect to a personal lab environment. This contains a complete virtual network with the appropriate devices, endpoints and servers for the technology they are being trained on. This will be used for the first time for our April course (Symantec Endpoint Protection / Technical Bootcamp). Participants only need a laptop and internet connection to take part.
- Our 24x7 Managed Security Services continue to operate from the SOCs in London, India and the Gulf. Procedures are being followed to ensure staff safety, and we continue to have contingency plans for service failover between sites in the event of a more serious issue arising.
- All of our in-person client briefing events have been cancelled. We will be transitioning these instead to digital channels for the duration of the social distancing measures.
- Our key vendors are also continuing their operations and while hardware deliveries may be impacted due to travel restrictions, access to software and services has not been impacted.
Important cyber-security tips from Threatscape for those adjusting their working practices during the Covid-19 crisis
Rapid changes to IT configurations and working practices can introduce security risks through error or unfamiliarity. Security is a significant element of any remote working structure, and some points to remember in particular are as follows:
Business Processes
- We urge customers to pay particular care to a likely increase in “business email compromise” during the period of increased teleworking. Colleagues who normally work in the same office but are now remote from each other may be more easily be fooled by fake emails seeking actions such as money transfers. Review your processes for authenticating such requests by secure means and ensure staff are briefed on the importance of doing so.
Remote Users
With many users now working at remote locations, many of whom have not previously done so, organisations should ensure that basic device maintenance and data protection measures are adapted to support remote users:
- There are no depths to which cyber criminals will not stoop, not even the exploitation of a global pandemic. We are seeing efforts to spread malware using phishing emails disguised as Covid-19 news, links to purchase test kits, or similar. Staff should be reminded of the importance of taking care regarding email from unknown sources, and not clicking on links.
- Remote access to corporate resources should be secured by multi-factor authentication; rather than relying on passwords alone, look to also use security tokens or apps.
- Pay careful attention to the remote access and collaboration tools being deployed, particularly where they enable file transfers or access to corporate assets from non-corporate devices. Consider restricting their functionality appropriately where possible.
- Protect corporate data regardless where it resides using encryption and prevent download of sensitive data to non-corporate devices
- Ensure you continue to deploy security updates and patches to endpoint devices, regardless of their location. [Those using the Altiris client-management suite can enable its cloud-enabled management functionality to achieve this; contact our support team if you need assistance configuring this].
- If the current extreme situation makes it necessary to permit staff to access corporate systems from or to process business data on personal devices such as home computers, all possible precautions should be taken to ensure the devices have been secured before being pressed into service. VPN access from unmanaged, less secure devices is entirely discouraged and remote sessions are preferred.
- Insecure means of data transfer such as unencrypted portable storage or email transfer should be avoided.
- Is the internet connection being used by a remote user secure? Secure VPN connections should be adopted for remote users connecting to corporate LANs since public WiFi can expose users to increased risks.
- The working environment should also be considered. Working in public spaces or from multi-tenant locations where papers or computers may be accessed by others is a risk. Enforce screensaver passwords by group policies if possible and consider lock-down of removable media to reduce the risk of data exfiltration.
- While there may be a temptation for staff to allow family members to use their work laptop for social purposes out of hours, this can lead to risks since even the most innocent web surfing can stumble across drive-by downloads and malware laden sites.
- Those working from home should avoid discussing sensitive business matters by phone or video conference within reach of smart speaker devices (Amazon Echo, Google Home, or similar) due to the risk they might record audio and transmit it to the cloud for storage or analysis.
Central site and core infrastructure considerations
- IT personnel should be aware of the increased risk of attacks on their central infrastructure during the current crisis as opportunistic threat actors look for targets with reduced security oversight, or weakened security caused by hastily implemented changes made to support remote working.
- Ensure that the physical security of business premises, and especially of IT facilities, is not reduced
- Patches relevant to central site IT assets should continue to be deployed promptly internally given the likelihood of increased malware and email phishing campaigns. Likewise data backup, and any other elements of your business continuity, should continue to operate in full.
- During a time of crisis, routine transactional tasks such as renewing digital certificates or software licenses may be overlooked, or disruption to supply chain may cause delays. Accordingly we recommend people consider the early renewal of DNS records, digital certificates (especially those securing VPN connections), software subscriptions/licenses, etc. to ensure no business interruption arises should normal renewal processing times become extended.
- Ensure core IT infrastructure monitoring continues to ensure any issues are identified as early as possible, particularly if the associated personnel are now working from home and will need time to travel to site to resolve issues with VMWare ESX hosts, storage subsystems, network infrastructure etc.
- Communicate clearly to IT personnel, especially cyber-security / SOC personnel, the details of all changes being made to your IT estate or user working practices so that they can more easily distinguish potential malicious activity from new and unfamiliar, but benign, patterns of activity.
Additional security tips for Microsoft customers, especially those with E5 suites:
How to leverage the Microsoft security tools at your disposal to better secure remote working
The Microsoft Security Consulting Practice at Threatscape has extensive experience in enterprise-scale deployments of Microsoft security technology for clients in Europe, the USA, the Middle East and Asia. Our consultants would like to remind clients that the following Microsoft technologies they likely already have at their disposal can be used to enhance the security of remote working environments:
- Allow access to corporate resources such as Exchange Online, SharePoint and Teams from trusted devices only; this can be controlled through Azure AD Conditional Access rules.
- Enable Advanced Threat Protection capabilities in Office 365 and Teams to limit risks from Phishing campaigns and Malware.
- Monitor suspicious activities through Alert policies in the Microsoft 365 security and compliance center.
- Protect your administrators identities through “Just in time” and “Just enough access” controls using Azure AD Privileged Identity Manager.
- Protect user identities and limit access to corporate resources through Conditional Access controls.
How Threatscape can assist clients to secure remote working
Security solutions which our vendor partners are making available FOR FREE during Covid-19 emergency
(more details available on request)
- Palo Alto Networks are offering 45 days free use of “Prisma Access”, their cloud delivered remote user service (referred to by Gartner as a “Secure Access Service Edge” product). This can be set up in a matter of minutes (requiring only a single IPSEC VPN tunnel to your HQ or datacentre), and its client software can be quickly deployed to user’s devices (PCs, Macs and tablets) to provide them with a highly scalable and secure platform for remote connectivity to your corporate network fully secured by HIP, URL Filtering, Threat Prevention and more. Those already using Palo Alto security appliances can use the Panorama management platform to seamlessly extend the security policies already in place to Prisma Access so that they apply seamlessly to remote user connections, and all policies for on-prem, datacentre and cloud security can be managed from a single console.
- Many customers are moving workloads to the cloud, so Vectra are allowing them to use their AWS (Amazon Web Services) module at no charge for 90 days to ensure corporate data flows continue to benefit from the behavioural detections identified from the Cognito platform.
Other solutions which Threatscape can deploy rapidly to assist clients secure remote working
- Deploy or upgrade firewall/VPN capacity
- Provide multi-factor authentication to secure the identity of remote users
- Deploy and manage anti-malware and encryption on desktops and laptops
- Enable automated management of desktops and laptops, even those working remotely, including inventory, configuration, software deployment and patching
- Ease the remote user support burden using SSO (single sign-on) and SSPR (self-service password reset)
- Extend security, DLP and governance policies to collaboration platforms such as Microsoft Teams
- Secure cloud platform such as Office 365
- Provide security posture management through security assessments and professional services for the new environments
Additional specialised services from our Microsoft security consulting practice
- Azure AD Identity Protection, Microsoft Advanced Threat Protection and Microsoft Cloud App Security to secure user identities accessing Office 365 and other cloud applications
- Office 365 ATP to protect again malware and phishing campaigns
- Microsoft 365 Threat Protection and Azure Sentinel for monitoring of suspicious activities and automatic response capabilities
- Azure AD Privileged Identity Management to provide Just In Time and Just Enough access to your administrators