By Mary Jo Schrade, Assistant General Counsel, Regional Lead, Microsoft Digital Crimes Unit Asia
With the widespread threat of COVID-19 around the world, many employees are now working from home and organizations are rushing to embrace technology to allow remote collaboration. While these tools have provided many workplaces with great flexibility, these dramatic changes in how we work, share and collaborate can also greatly affect each organization’s security profile.
Employees in this new remote working situation may be less focused on security as they navigate this new way of managing their tasks and responsibilities. As they figure out how best to stay in touch with colleagues and coworkers, and become more adept at using chat applications and shared documents while replacing planned meetings with conference calls, there is an increased need for reminders on best practices for cybersecurity.
CISOs and admins urgently need to look at new scenarios and models to address new threat vectors as their places of work transform into distributed organizations overnight.
Everyone’s gone phishing
It’s estimated that 91 percent of cyberattacks start with an email, which either leads to malicious links directly or which contains dangerous attachments. Since the COVID-19 pandemic began, hackers have ramped up phishing and ransomware attacks by fivefold, according to some estimates. People are stressed and distracted by the constant drumbeat of news and social media posts. In this environment of heightened pressure, employees are more likely to drop their guard and click on a link or headline designed to grab their attention.
To combat this, organizations need strong tools. That’s why Microsoft employs a multi-layered defense system that includes machine learning, detonation and signal-sharing to quickly find and shut down email attacks. If any of these mechanisms detects a malicious email, URL or attachment, the message is blocked even before reaching the inbox. Attachments and links are opened in isolation through virtual machines – in essence, like detonating a bomb in an unpopulated area. On top of that, analysts continuously evaluate user-submitted reports of suspicious emails, which can be used to better understand attacks and to train machine learning models.
Once a file or URL is identified as malicious, the information is shared with other services such as Microsoft Defender Advanced Threat Protection (ATP) to ensure endpoint detection benefits from email detection, and vice versa. Sharing signals across services means that PC users with Windows Defender can be protected even if they’re not using Microsoft email services.
Teaming up and managing logins
Employees are chatting and sharing more than usual during this time, even if there isn’t an official tool provided by IT. That’s why we recommend all employers take advantage of the six months of free premium Microsoft Teams which now has no limit on how many users can join or schedule video calls using the “freemium” version. That way, employees know which channels to use, and CISOs can better manage them securely. For assistance, you can follow these steps for supporting remote work with Teams. Teams can be provisioned to users with Azure Active Directory (Azure AD) to make downloading easier.
The single best thing you can do to improve security for employees working from home is to turn on multi-factor authentication (MFA): Employ MFA for all of your employees, all of the time. Remember that this works best if you also block legacy authentication protocols that allow users to bypass MFA requirements. If you are unable to distribute hardware security devices, you can also use Windows Hello biometrics and smartphone authentication apps like Microsoft Authenticator.
Lending employees a hand
As more organizations adapt to remote work options, supporting employees will require more than just providing tools and enforcing policies. There’s also the human side of all of this.
Remote workers have access to propriety data and information … and your network. Warn your employees to expect more phishing attempts, including targeted spear phishing aimed at high profile credentials. Now is a good time to be diligent, so be clear on what official communications about business continuity and health and safety should look like and from where they should originate. Have employees watch out for urgent requests that violate company policy, use emotive language and have details that are slightly wrong—and provide guidance on where to report those suspicious messages.
Establishing a clear communications policy also helps employees recognize official messages. For example, video is harder to spoof than email: using an official channel like Microsoft Stream can ensure employees are able to distinguish legitimate communications from phishing, while helping people to feel more connected; and on-demand streaming also helps employees juggling personal responsibilities, like school closures or travel schedule changes.
Read more about staying productive while working remotely on the Microsoft 365 blog.