Our News & Videos

Remote working, what you haven't considered and the associated risks

The COVID-19 crisis was not only unexpected, but also posed a huge change on our daily lives; for instance, remote working became a major necessity to curb the spread of the virus.

 This change provided insights to management and board members of various organisations on their ability to continue supporting and managing their IT landscape, especially from a cybersecurity perspective. IT expenditure is unavoidable during this time for any organization that wishes to continue with operations; regardless of your industry or size. Regulatory and Compliance measures have also created an increased need for organisations to invest in cybersecurity.

Most companies were caught completely off-guard by the pandemic and the lockdown, many organisations did not have the computing and/or resources to support remote working, at the same time employees in general were not subscribed to adequate firewall or antivirus protection packages to work remotely on their personal computers.

“…manage thousands of employees connecting to corporate resources and accessing company networks remotely”.

Remote working has however become the new norm for companies worldwide, amid the COVID-19 crisis, making cybersecurity even more crucial, in order to support and manage the thousands of employees connecting to corporate resources and accessing company networks remotely.

Remote working has created a significant increase in cybersecurity risks. While global efforts are driven to address health and economic challenges and threats caused by the outbreak, cyber criminals are exploiting the current global situation with a flood of COVID-19 related scams, in the form of phishing campaigns, malware, ransomware and password hacking. It is therefore, imperative for organisations to realise the cybersecurity challenges we face in this trying time and ensure that they take the required corresponding and corrective actions to alleviate the emerging risk.

The Challenges

Getting connected remotely

For many years, users became accustomed to working in a physical office, with local networked machines and on-site IT support. Many (if not most) of us preferred face-to-face meetings and interactions.

The current social distancing regulations created a major disruption to the norm of many businesses and the way they conduct their operations.

There are many hurdles that organisations need to overcome in order to equip and enable staff to work from home, the basics including the implementation of a VPN solution to connect to the corporate network, and a video conferencing application for meetings.

This transition was naturally easier and a lot more seamless for those organisations that adopted a remote-enabled culture prior to the pandemic, as they already made the investments that other organisations now had to make. For many businesses this meant a lot of unplanned expenses and possible budget reallocations to now invest in IT equipment, such as laptops, video conferencing licenses, network reconfiguration, etc.

Although business productivity is imperative, the security and resilience of the new operating model should  not be treated as a second priority.

Secure remote working

Even with the COVID-19 pandemic stabilising and many more industries being allowed to operate, a number of organisations are still encouraging their staff to work remotely. A number of larger organisations opted to use this time to explore remote working as a crisis management plan, and continue to keep staff at home or on a rotation basis.

The unfortunate and untimely disruption of the pandemic forced many companies to rethink their stance on the priority of ensuring that their business can continue operating securely and resiliently. From a cybersecurity perspective this is a completely different environment to the existing and more traditional security practices, as measures such as network penetration tests, Internet Gateways, Firewalls, Policy Frameworks and DLP (Data Loss Prevention) needed to be enhanced.

In recent years, the adoption to digital transformation programs, such as the adoption of cloud computing and moving towards remote working with the use of video and document sharing technologies, gathered pace steadily, the current market events have created an even greater acceleration of these digital transformation initiatives. Organisations are starting to realise that these initiatives allow staff to be more productive and opens the possibility to decrease expenses, including on-site approaches to technology.

Many companies believe that these changes will stay effective within their organisation beyond the current events, as the investment has now been made.

Many of these changes are positive and progressive, but they also come with a new set of risks, such as:

Unsecure home networks

Organisations invest a lot to secure their IT infrastructure to limit cyber risks, this includes solutions from enterprise-grade firewalls to the extend of the implementation of Security Operation Centers to monitor the entire network environment to limit attack vectors. In contrast, home computers are more vulnerable to cyber attacks as they are possibly running on consumer-grade firewalls and anti-virus software, which is unreliable and potentially not up to date.

Isolated IT Assets

With many employees using their personal devices to connect to the company’s network, it is very unlikely that IT support resources have the ability to access these devices to harden cybersecurity or standardize settings. Without specific calibration with the company’s security policies and parameters, IT support resources are not able to effectively address and manage vulnerabilities on these personal devices.

Accidental data exposure

Thousands of new, remote workers access data outside of the secure office network, this comes with the risk of company data ending up in the open, especially with employees making use of open cloud storage and other third- party services. This data could include customer information, credentials and/or other sensitive, confidential and business critical data.

Expanded Attack vectors

The increased reliance on internet connectivity to enable remote working means that employees are more likely to be exposed to threats that target web services and applications. There has been an exponential increase in phishing and adware attacks during the pandemic, with attackers exploiting the COVID-19 hysteria through malicious domains, social profiles and campaigns. Attackers have also devised ways to “hijack” the administrative privileges granted to conferences to remotely execute malicious code, this is due to the increased number of people attending video calls, not to mention the “unwanted” or “uninvited” attendees.

Limited Remediation opportunities

 

Infected machines normally require the direct attention of IT support resources or security specialists to remediate and restore. This would traditionally be easy to accomplish by having the IT department readily available in the office, with the situation around the pandemic this has become more challenging. If a remote working computer is infected, it is challenging for IT support resources to respond and resolve the issue. As a direct result, the attack will possibly last longer – causing more damage.

What is our advice? 

 

After examining the potential risks associated with working remotely and in our position as a certified cybersecurity solutions provider, we want to raise the following recommendations with regards to security measures that decision makers should consider and implement to decrease the organisations’s overall cybersecurity risk level.

1. Advanced Endpoint Protection

Having a large amount of externally connected devices connecting to your corporate network opens up more paths for hackers to access your corporate and customer information. Remote working is the new norm, this means endpoint protection should be more important than ever.

Next-Gen Anti-Virus (EDR) protection incorporates real-time response and continuous monitoring of your environment. This capability significantly aids organisations with the detection and response of any threat.

2. Encrypted Connections

The implementation of a VPN solution has been discussed on numerous occasions since the beginning of the current crisis, as a VPN connection is one of the best tools for organisations to maintain the productivity of workers working remotely. As a result, it is important to ensure the protection of your VPN. To mitigate man-in-the-middle (MITM) attacks, it is highly recommended to use a VPN solution that offers an always-on model, with an employee’s devices needing to be connected to the designated VPN to access any resources that require an internet connection.

3. Increased Identity and Access Management

It is necessary to enhance access control to eliminate the risk of losing credentials and unauthorised access to systems. Multi-factor authentication should be used to add an additional layer of security when accessing corporate resources. At the same time, the continuous monitoring & visibility of access is also very useful in detecting abnormal behaviour. Management should only grant employees’ rights to access information and systems required to perform their designated duties, to avoid attackers gaining access to sensitive information.

4. Email, instant messaging and browsing protection

Malicious emails and URLs are amongst the most common and biggest threat vectors. Organisations should deploy advanced and specific solutions to protect employees and other users. These services are expected to be used widely, given the nature of remote working as they are heavily targeted by attackers.

5. User Security Awareness

New tools and solutions are being implemented to provide an effective remote working environment to employees. Many users may not be familiar with these newly adopted tools and/or solutions. To mitigate the increased risk associated to remote connections, organisations should provide extensive user education and training on the risks and the different types of threats users may encounter.

Despite the surge caused by the COVID-19 outbreak, we have seen an increasing number of organisations, locally and globally that still continue to work remotely. As such, organisations should be planning ahead and looking to implement and appl security controls for its particular environment – Now, and for when things return to normal.