March 26, 2020

Don’t Let Urgency Lead to Insecurity – WST

Across the country, institutions are finding themselves dusting off almost forgotten pandemic plans and quickly trying to adjust to new realities.  Many of our clients are scrambling to deploy remote work solutions for large numbers of employees.  At the same time, they find themselves in that same old quandary of balancing functionality with security.

Stressed and very busy IT folks are quickly standing up new infrastructure, which is a perfect situation for inadvertent misconfigurations.  Don’t become that low hanging fruit the bad guys are just circling and waiting for:

  • Make sure new solutions are vetted as much as time allows.  Choose vendors carefully and integrate them into your third-party vendor oversight process.
  • Any remote access solution *needs* to be protected with the strongest authentication possible.  Don’t use remote access that does not require some type of One-Time-Passcode (OTP).  Even SMS text message based, while less than ideal, is still better than a simple username/password combination.
  • As you deploy solutions and train new users, be careful how and when you communicate the new remote connection process.  If you send links via email, let them know via another channel what to look for, and remind them you will never send links without telling them first.
  • Firewalls rules are easy to mess up on a good day, and tired engineers on their third Red Bull at 11:45PM are even more susceptible to mistakes.  Keep the change control processes in place and maintain good records of who does what and when.  After everything is setup and working, double-check rules and configurations, making sure you are in a secure state after the dust settles.
  • External connections should be re-tested for vulnerabilities after significant changes.  Port scans and vulnerability testing can also be done by in-house resources if the skillsets are available, and if not, there are a variety of vendors that can provide this service.  The bottom line is that you don’t want to wait for your next annual third-party assessment to find out that Remote Desktop was accidently opened up to the world during your firewall changes.

10-D Security can obviously assist with that last item if needed.  To help, we are offering a quick, deeply discounted external vulnerability scan to any current client that may need one.  We can schedule these ASAP to allow institutions to quickly test new infrastructure, be assured that no new vulnerabilities have been introduced, and then move on to more pressing needs.

Past Weekly Security Tips – WST

2020-04-09T14:43:17+00:00