Why protecting end user data is even more important when they WFH
If your employees are working from home, it is crucial – now, more than ever – to ensure that you have a end user backup strategy that is bullet proof.
I am writing this soon after reading the news of the Maze ransomware attack on Cognizant Technology Services. CTS is now dealing with the repercussions of this attack on top of the extraordinary situation they already have on their hands with the COVID-19 Pandemic that all organizations are dealing with. Not an enviable situation to be in.
Malware authors are taking advantage of the unprecedented situation the pandemic has put businesses in. Between Feb 23 – Mar 16 2020, attempted trends in malware attacks have increased, with 145 threats per 1000 endpoints, says SentinelOne.
Although we are not yet privy to the exact way Cognizant’s security defenses were breached, it is clear that ransomware has historically been able to get around the best security defenses. The best way to recover from such an attack now is to restore data from backups. The least pleasant way is to negotiate with the attacker and pay them a bitcoin ransom.
Many organizations tend to play fast and loose with end user backups – considering it a lower priority. Their comfort comes many times from the belief that users are storing all their important data on a file server. When employees work from home (WFH), the file server is possibly off limits for many of them, unless they come in via a VPN. And most users probably don’t (or cannot). But backing up their data at such times is even more important than ever.
The reason is that when employees are working from home, the line between work computing and home computing can also start to blur. Devices may get used interchangeably and employees may become less rigorous in separating work-related data. In such conditions, the possibility of unknowingly clicking on a ransomware attachment, deleting data accidentally, or transferring work related data to a home computer (for convenience or otherwise) are more likely to occur.
Remember that backups serve more than the simple need of being able to restore a file, folder or email message for a user. Backups are important for several reasons beyond this simple use case. Let’s examine each one of them through a Work From Home (WFH) lens
Many businesses function in regulated verticals like banking, financial services or healthcare. Even companies outside these verticals if doing business internationally need to stay compliant with regulations like Sorbanes-Oxley (SOX) or the General Data Protection Regulation (GDPR). The accountability that these regulations impose, drives businesses to put together processes in place to preserve and secure their data assets – i.e. data backup. Penalties for non-compliance can be stiff – GDPR for example, fines enterprises as high as 4% of annual revenue or €20 million – whichever is higher.
So, your backup strategy needs to work no matter where your employees are. Pre COVID-19, your employees were probably not away from the office (and therefore the file server) for too long at a stretch – so things may be have seemed ok. But in the new reality where your employees have already been working from home over a month now (and who knows if this will become the new normal), you’ll definitely need to re-think this.
The topic we started our blog post with. Ransomware is a form of malware that has existed for well over a decade but has really taken on a visibly destructive form only over the last few years. It operates by encrypting ﬁles on the infected computer and then demanding a bitcoin ransom in return for the decryption key. On an average, ransomware costs companies $75 billion each year worldwide and the frequency of attacks is increasing.
Ransomware can pose an amplified threat when employees are at home. Ransomware is the sort of malware that leverages social engineering. It targets unwary individuals (usually non-technical, but not always) and entices them to click on email attachments that look like real information. For example, an employee may receive an email about their “Recent Amazon order” with an attachment. When people work from home, their mindset isn’t the same as when they’re in the office – their guard is down. One wrong click is all it takes for the ransomware payload to land on their endpoint.
As we discussed earlier in the blog, the best defense against ransomware is a backup – so you can avoid being held hostage by the attacker. But the backups need to work no matter where your employees are – and it needs to work seamlessly. Depending on employees to make safe copies of their files on a cloud drive etc. is not a sustainable or reliable method. Besides cloud drives are not safe from ransomware attacks either – when endpoints get infected, the cloud target they are synchronizing to, also gets infected in a matter of minutes.
This can be caused by trusted actors (i.e. employees) within the organization. Perhaps some of them even have elevated privileges. Not all insider threats are necessarily malicious. Some of them can be genuine errors or can be a misguided sense of duty. Like, deleting work related data accidentally, or downloading work related data to a home computer so it can be sent to someone faster over gmail. According to Global Data Disk Report, an average employee has access to 17% of an organization’s files – clearly more access than one would think is necessary.
These risks again, can be amplified when employees WFH. Coffee spills, dropped laptops, hard-drives going bad – these happen more under casual WFH conditions. Confusion between work and home devices can also lead to accidental deletion. A regular back-up is your best ally in these conditions.
How to best protect employee data under WFH conditions? That’s a topic for another blog post click here.
We’d love to hear your thoughts/perspectives on this topic. Feel free to write to us at firstname.lastname@example.org. Stay safe!