CISO best practice for remote working
News this month that the UK’s largest listed asset management firm has told its 5,000 workers they are permitted to work permanently from home has sent shock waves through the City. This move is all the more surprising when, only a month earlier, the firm’s view was: “We think it is premature to assume that the office is dead,” citing some “companies that adopted remote working earlier, like IBM, have subsequently reined in the practice.”
Premature or not, today’s CISO must consider the prospect of a prolonged period of home-working for company staff as a distinct trend and, therefore, they must address the challenges raised by increased vulnerabilities that could provide opportunities for attackers to gain access to company systems.
It follows that your critical objective should be to bring your home-workers’ remotely-used devices under your control, so that appropriate security measures can be applied. A checklist of priorities to prompt your security planning should include several actions, including, but not limited to, those listed below.
Safeguarding end-point connectivity
- Review anti-virus protection of devices
- Reassess resilience, configuration and deployment of your company’s VPN (Virtual Private Networks), including legacy intranet interactions.
- Apply regular software updates to patch security flaws and deny hackers access
- Filter out unauthorised access to your network
- Limit user privileges and restrict administrative entry to supervisory levels
- Advise staff to change any easily-guessed passwords to three random words and implement 2-factor (or multi-factor) authentication to reduce access points for penetration of home-based networks
- Discourage use of public Wi-Fi networks, which could provide easily accessible entry points for hackers
- Monitor and test security controls, including system integrity possibly compromised by IoT devices and their peripherals
- From the start explain clearly your Remote Management Regime, its applied technology and rules for home-working employees, with regular training to maintain network vigilance.
Resisting malicious COVID-19 cyber activity
The NCSC also warns that cybercriminals and APT (Advanced Persistent Threat) groups are likely to continue to exploit the COVID-19 pandemic over the coming weeks and months. Due to the pressures of COVID-19, attacks thrive against newly (and often rapidly) deployed remote access or remote working infrastructure.
Unparalleled opportunities exist for criminals to compromise a company’s network security in scams that lock down systems once access is gained. Such enticements as Phishing or Spear phishing succeed by using the subject of ‘Coronavirus’ or ‘COVID-19’ as a lure in personalised targeted emails which appear harmless at first.
Similarly, distribution of Malware can use ‘Coronavirus’ or ‘Covid-19’ themed lures (e.g. an invitation to open an attachment or download a malicious file from a linked web page). Therefore, use monitoring tools to detect network-users’ poor judgement such as clicking on suspect sites or downloading attachments from unverified senders masquerading as a trustworthy source with ‘COVID-19’ as a pretext. Essentially, use a secure search engine and communication platform that shields users from malicious sites and malware.
Endpoint management roadmap
The NCSC continues to offer CISOs essential guidance to Indicators of Compromise (IOCs) for detection of cyber threats, as well as mitigation advice on hazards arising from the “fast-moving situation” shaped by the global pandemic. Examples include the NCSC Advisory note, or the infographic pictured below.

The great emphasis the NCSC places on the vulnerability of exposed Remote Desk Protocols must not go unheeded, because the ramifications of this neglect can be critical. Cyber security specialists, Reposify, have Identified “the fact that IT teams have much less visibility” when it comes to security of their Cloud assets. This observation should be considered in the context of RDPs exposed to the internet and hosted in the Cloud “without IT teams’ awareness, something which is unlikely to happen in cases of RDPs in internal networks, where there are firewalls and stricter procedures.”
Such a case for cybercriminal exploitation is bound to arise from increasing separation of workforces due to the COVID-19 fallout.
Wish-List: white corpuscles to defeat virus
This precautionary guidance to overcome this undesirable aspect of Cloud hosting is echoed by the Editor of CyberSecurity magazine in his recent online interview, How the Covid-19 Crisis Changes Cybersecurity. What emerges from this in-depth debate on the implications for CISOs of post-COVID impacts is that they must “rethink how they will collaborate to use the Cloud and not rely on it.” In essence: “Rethink your architecture, rethink the configuration of your remote access, and be prepared for everyone working from home . . . be prepared to embrace remote working as a reality.”
Somewhat more arcane thinking emerges in the debate’s summing-up: “Endpoint security is not the final solution. Period.” A shift more towards Security-by-Design is predicted “with the nice analogy of Self-Protecting Data like white blood cells” to counteract invasive viruses.
Evidently such a solution will be on every CISO’s wish-list but, meanwhile, with Cloud and rogue devices in mind, the bottom-line message from the NCSC is this:
Be vigilant. Embed your baseline Risk Management Regime across all devices to protect endpoint data when both inputted and in transit as well as when inactive.
Most of us probably didn’t even think about the cyber security risks that come with the quick shift to remote working and home office. But the risk is indeed there. We chose to implement an EMM Solution from the provider AppTec and are hopefully secured now to prevent any of these risks We can also save money by allowing our employees to use their private devices as long as they are enrolled in this EMM Solution.