Pratum Blog

What to do about cybersecurity when employees return to the office after COVID-19.

After months of working from home, businesses are starting to consider the return of employees to the office. While there are health concerns being considered during this decision-making process, there are also security considerations that need to be addressed. We’ve put together a list of cybersecurity preparations organizations should start to make now, before they head back to the office.

Why Does Preparation Matter?

You may think heading back to the office would be as simple as grabbing your favorite coffee mug and preparing for morning commutes again. However, the sudden migration of employees from a secured office environment to a home office was no small feat. The transition from home to the office won’t be simple either.

Knowing where to start and how to prepare is key in ensuring the security of the business once people start returning. Being able to prepare now will allow for a smoother switch when the time comes. Your business is only as secure as the employees working for you, so their participation in these steps will be critical to a safe return.

Social Distancing Desks

While this may be due to health concerns, it will have an impact on your office space and devices. If you need to reorganize your work spaces to allow for more distance between employees, you also need to map out where computers and other devices will need to be set up.

Consider creating a floor plan and marking where each employee will go. Talk to your IT department about what adjustments need to be made to the current infrastructure to allow for more space between employees. Let employees know about any relocation coming. Planning ahead and knowing where everyone will be located once they return to the office will help the process be less stressful for the employees and management.

System Scans

Another process you should be preparing for now is scanning any devices that were used for work purposes and are being brought back into the office environment. A full system scan will help detect any threats or security risks that may have been introduced while away from the office. You want to make sure these devices are clear and secured before reintroducing them to the actual network.

Make a list of any and all devices that will be coming back to the office. Make a schedule of when each device will be returning. Then decide how you want to handle the reintroduction phase.

Bring Materials Back

In addition to computers, employees also need to consider what else they brought home that needs to come back to the office. That includes portable media devices, like USB sticks or external hard drives with company data. Remind your staff that anything used for business purposes needs to be returned to the office.

Not only do they need to bring back what they took, they also need to bring whatever they’ve created at home. If documents were taken home or printed, they need to be returned to the office for either filing or shredding.

Also be sure employees are removing any documents or data from devices that will not be returning to the office. It’s important that no business information is left floating around on someone’s home hard drive.

Update Remote Working Standard

If you haven’t already done so, now is a great time to review your Remote Working Standards. This is a list of acceptable use and other rules the organization deems as valid and approved for remote working. That can include who employees need to talk to about working remotely, and more technical controls.

Technical Controls:

  • VPN Connection
  • Multi-Factor Authentication (MFA)
  • Virtual Machines (VMs) or Virtual Desktop Infrastructure (VDI)
  • Patching software, systems, and infrastructure level as well as workstations

You should also examine any other controls that were loosened or changed during this time of transition. Make sure those are reevaluated before returning to the office.

Communicate Every Step

While this time of uncertainty has been difficult on everyone, it is important to instill confidence in your employees by clearly communicating how the process back to the office will work. Clear direction and open lines of communication will help create a more secure environment, and more comfort for employees.

If you have any questions about the steps listed here, feel free to reach out to a Pratum representative today!

Microsoft Exchange Server Vulnerability

A vulnerability discovered in Microsoft Exchange could impact your business’s email accounts, and potentially entire networks. In February of 2020, Microsoft released several security updates to address a vulnerability discovered in the Microsoft Exchange Server (CVE-2020-0688). While a patch has been issued, several Exchange accounts have not been updated and are still at risk.

How it Works

With this vulnerability, CVE-2020-0688, the Exchange server fails to create unique keys during installation. With this, attackers can then utilize this key to deserialize certain information or pass commands.

Definitions-

Serialization: the process of converting an object into a stream of bytes to store the object or transmit it to memory, a database, or a file. Its main purpose is to save the state of an object in order to be able to recreate it when needed.

Deserialization: the reverse process of Serialization; taking the raw data and reconstructing the object model.

In short, this vulnerability would allow a hacker to compromise an entire Exchange environment. This could affect all email and potentially all Active Directory, depending on how the server was implemented. This could also leave businesses the target for APT (Advanced Persistent Threats) attackers who can use the vulnerability to read a company's email store.

Known Impact

The vulnerability that was discovered, and is now being addressed by Microsoft, is more than just a threat. There have been exploitations of this vulnerability discovered. In fact, a Rapid7 scan of the internet in early April found that more than 350,000 Exchange servers were still vulnerable after the patch was released.

Researchers with Kenna Security ran analyses of their own and discovered that of 22,000 internet-facing Outlook Web Access servers, 74% were vulnerable and 26% were potentially vulnerable two months after Microsoft released a patch to address these concerns.

Take Action Now

With Exchange environments being so high in value, security experts are afraid this vulnerability will become a favorite for ransomware attacks. That is why it is important to address the potential risk now. Here are the steps you can take to help reduce risk from CVE-2020-0688.

1. Check your systems to make sure everything has been updated. The patch from Microsoft needs to be installed on any server with the Exchange Control Panel (ECP) enabled.

2. Exchange servers must be running one of the Cumulative Updates listed in the Microsoft Advisory in order for the update to be installed.

CVE-2020-0688 | Microsoft Exchange Validation Key Remote Code Execution Vulnerability

3. Determine whether anyone has attempted exploiting CVE-2020-0688 in your environment. Any account tied to an attempt should be treated as compromised.

If you have not already, it is advised that everyone install the Microsoft patch immediately. If you cannot install the patch, be sure to at least block access to ECP. If you are unsure if your company has been compromised, please reach out to a Pratum cybersecurity expert today.

Information Security Risk Matrix

Every organization is unique, so the risks they each face are not the same. In order to make a plan of action to protect your business, you need to first understand where the threats against you are. Once you know where those risks and gaps are you can start to identify the likelihood of them occurring and the impact they could have on your organization.

This sort of knowledge is crucial when making risk-based decisions for your company. Without full knowledge of where, how, and why a threat could occur, you’re not going to be able to stop it. That’s why understanding likelihood and impact are both important factors in the Risk Assessment process.

Keep it Simple

You don’t have to have a complex formula in order to improve or support the security environment of your organization. However, it is important for leadership to understand where time and resources need to be spent in order to reduce potential risks to the company. That’s how Risk Assessments can shed light on the key factors in this decision-making process.

Having a better understanding of the system also helps out other members of your staff. Members of the IT department need to know what products and processes to put into place in order to limit potential risks. The more knowledge they have, the better they can work with leadership to determine and address security concerns. Sharing the Risk Assessment results with members of the IT team will help them understand where to reduce risks.

Risk Formula

Risk = Threats x Vulnerabilities

This is a common formula that is used to determine the likelihood of risk. It’s a good way to approach finding risk because it addresses the key factors in a cybersecurity threat.

The standard set in NIST 800-53 implies that a realistic assessment of risk requires an understanding of these areas: threats to an organization, potential vulnerabilities within the organization, and the likelihood and impacts of successfully exploiting the vulnerabilities with those threats. That likelihood is then best described and categorized in values of High, Medium, and Low.

Getting Started

Now that you know the importance and formula for determining likelihood and impact during a Risk Assessment, here’s how you get started!

First, determine the inherent risk. That is, the risk level and exposure your system faces without taking into account any mitigating measures or controls that are actively in place. Where is your system at its weakest when no other security measures are in place to protect them?

An area with a higher likelihood and impact of a threat on the organization, from an inherent risk level, may need additional controls to reduce the level of risk to an acceptable level. This process then leaves you with what we call “residual risk”. That’s the level of risk that will remain following the implementation of a mitigating control. If the threshold is still higher than you prefer, then additional risk management measures and techniques should be introduced.

 Mitigating Measures:

  • Avoidance – Elimination of the cause of the risk.
  • Mitigation – Reduction of the probability of a risk’s occurrence or of its impact.
  • Transfer – Sharing of risk with partners, such as through insurance or other ventures.
  • Acceptance – Formal acknowledgement of the presence of risk with a commitment to monitor it.

Finding Help

If you’ve now read through how determining likelihood and impact can help your Risk Assessment process, but still aren’t sure where to go next, there is help available through cybersecurity consultants. These experts in the field can help by looking over a number of key factors you may not have considered.

Cybersecurity Consultants are able to analyze your organization’s structure, policies, standards, technology, architecture, controls, and more to determine the likelihood and impact of potential risks. They will also review your current controls and evaluate their effectiveness.

While determining how secure your network is, Consultants will also assess any gaps between your current security posture and where you want your organization to be. This can be accomplished by determining accountability. That means ensuring risk ownership is assigned at the appropriate level and to the appropriate team. It’s important to have the right security measures in the right hands.

End Goal

The end goal is to get to an acceptable level of risk or the level of risk that is satisfactory to your management team. It’s important to evaluate and be aware of the risk in your environment so you can implement appropriate controls to mitigate this risk and secure sensitive information. Evaluating risk means understanding the biggest factors of any security threat, likelihood and impact.

If you’re looking for a security partner to address your Risk Assessment needs, feel free to reach out to a Pratum Consultant at any time for more details on ways you can secure your business!

Get our blog posts delivered to your inbox:

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.