Almost overnight, teleworking has become mainstream in the Philippines as we endure one of the longest lockdowns to stem the COVID-19 spread. Organizations must recognize that this may signal a new normal. Restrictions might be easing up now but from all indications, restrictions may still continue to be in place for weeks or even months.
Even if we are cleared to go back to business-as-usual, organizations need to ensure that their business continuity/disaster recovery (BCDR) plans are updated so they are ready to quickly ‘flip the switch’ to teleworking in the future – whether due to the next pandemic, a major weather event, or some other unforeseen event.
To do this, organizations need to architect access to their critical applications so they can remain resilient in the face of unexpected change, while maintaining the right security posture to protect valuable data, guard against threats, and adhere to compliance obligations. The following considerations are important for every organization, large or small, across every market segment. And they are steps that organizations can immediately put into action today:
Most customers today are fairly advanced in their adoption and transition to the cloud and SaaS (Software-As-A-Service) apps. Even when an enterprise hasn’t yet directly embraced SaaS, users are self-selecting cloud-based applications – or what’s commonly called shadow IT – to get their jobs done. With the shift to teleworking, the reliance on SaaS and its universal access will only grow.
For example, it’s easy to appreciate the value of file sharing and cloud storage applications. Even if the corporate network and local folders are unavailable, cloud applications make it easy to upload and share files. And this can easily be extended beyond employees, to partners or suppliers, or even end customers.
The challenge is how to manage the security of these cloud solutions. Deep visibility and control mechanisms must be put in place to address potential SaaS challenges, such as the unauthorized downloading of files or creation of shadow IT resources. A Cloud Access Security Broker (CASB) provides critical technology designed to secure these cloud-based applications and assets, something that analysts call out as an ‘essential element of any cloud security strategy.’ CASB allows customers to understand their SaaS traffic, protect valuable data, guard against threats, and ensure that compliance objectives are met. And depending on the deployment, CASB can even provide visibility on unsanctioned application traffic, enabling policies can be put in place to shore up potential risk points.
But as with email, you need to protect who can gain access to these resources beyond just simple login-password combinations. That leads to the next point that is applicable to both email and an organization’s critical SaaS apps.
At the 2020 RSA Security Conference in San Francisco, Microsoft engineers shared that “99.9% of the compromised accounts they track every month don’t use multi-factor authentication.” To put this data in context, Microsoft monitors more than 30 billion logins per day and more than a billion users. And on average, Microsoft sees roughly 1.2 million accounts that have been compromised each month. In the Philippines, Fortinet data shows that many cyber attacks in Philippines are targeting Microsoft Office software.
Many of today’s most damaging security breaches are due to compromised user accounts and passwords. Whether bad actors collect login credentials via sophisticated phishing email scams or brute force attacks, without multifactor authentication in place they can use those credentials to easily gain unfettered access to the network and to move laterally across network and application resources to wreak havoc.
To address this, the adoption of additional authentication methods has accelerated. Two-factor or multifactor authentication (MFA) – achieved through physical hardware or mobile application tokens – increases the certainty of the identity of users as they enter the network, because even if a criminal knows a user’s name and password, they still cannot login under that stolen identity without also having that user’s unique identity token.
Fortinet’s FortiToken solution enables businesses of all sizes to manage their MFA token implementations for users connecting from anywhere, as long as there is an Internet connection. With the addition of FortiAuthenticator, customers can augment existing solutions like Active Directory and enable things like single sign-on (SSO) to improve user experience. FortiToken, with or without the addition of FortiAuthenticator, secures access to a wide range of enterprise applications, whether on-premise, hosted in private or public clouds, or for SaaS applications.
Multi-factor authentication technology is widely available, but organizations need to enable it and make it mandatory for their employees. And as with the recommendations for email and SaaS applications, MFA provides a key complementary technology that can significantly bolster the security across these critical environments with minimal investment.
Email is the primary communication tool for doing business. It connects us to our peers, our partners and suppliers, even our customers. It needs to be reliable and accessible, but also protected. Many customers have come to rely on native security functions built into their email security solutions, but they don’t always measure up.
The deluge of email-based threats has already begun to spike during this period, with the FortiGuard Labs team identifying upwards of 600 new phishing campaigns a day. Clearly, the bad actors are trying to take advantage of the confusion of such a rapid transition and novice remote users through their social engineering tricks and other exploits. Whether defending against phishing attacks, business email compromise, or the latest ransomware, Information Technology and Security leaders need to protect their users’ inboxes now more than ever.
Special consideration is also needed as users are more likely to connect to corporate resources not only from company-managed devices, but also from personal or unmanaged devices, including laptops, smartphones, and tablets. As a result, stopping email threats on the mail server or in the cloud, before it gets delivered to the user, is imperative. To do this, taking smart steps to avoid credential theft will be key. The same goes for protecting valuable data before it potentially leaves the organization.
With the industry quickly pivoting to teleworking, now is the time for organizations to move quickly and take these important steps – securing their critical email traffic, putting the right protections in place, and enabling the critical linchpin technology of multi-factor authentication. By implementing the right IT and Security strategy, customers will not only have a more secure environment today, but it also sets them up well for the future, enabling productivity and business agility gains even during extreme circumstances, without dangerous concessions to the overall security posture of the business.
The author is the country manager of Fortinet Philippines