Technology changes, life habits change and the way we work changes too. And however we work, one thing that does not change is the inescapable duty we have to protect our assets in order to ensure perfect business continuity, to protect the information we manage, and to maintain business secrecy.
Unsurprisingly, technical complexity and an increasingly scattered perimeter have increased the attack surface over the last few years. It is no longer enough to protect the perimeter; it is now vital to ensure that countless endpoints, such as laptops, mobiles, tablets, and many Internet of Things (IoT) are also secure.
That perimeter has been scattered further by practices like telecommuting. This way of working is increasingly common among modern businesses. In fact, over the last 15 years, the amount of people working from home has increased by 140%.
The last few weeks, however, have seen a sudden increase in the number of people working from home. The reason for this sudden surge in teleworking is the global coronavirus COVID-19 crisis. To try to contain the contagion, many companies have begun to promote teleworking. However, many of the companies that have promoted this increase in telecommuting have done so with haste, perhaps without having considered all the corporate cybersecurity concerns it could entail.
5 tips to secure remote access to the corporate network
In order to access the corporate network, most companies provide computers and a remote connection so that the employee can access corporate services via their own Internet connection. But, how can we ensure that the entire connection process is secure?
- The computer trying to connect obviously needs to be protected with an advanced protection solution. However, to reinforce security, it is of vital importance to have an EDR system that can certify that all processes run by that computer are trustworthy. This way, we can stop cyberattacks that don’t use malware, as well as advanced attacks that could get onto the corporate network through our computer.
In many cases, workers also use their own computers to access corporate resources. In these cases, the company must require that they install the same security solutions on these computers, or ask them to not use their own computers for corporate tasks. Otherwise, they could be jeopardizing the company’s assets without even realizing.
- The connection between the computer and the corporate network must be secured by a VPN (Virtual Private Network) at all times. This is a private network that allows you to create a secure local network without the need for its integrants to be physically connected to each other. This also allows them to remotely use their office’s servers’ data tunnels.
- Passwords used to access corporate services, and those we use in general, must be complex and difficult to decipher in order to avoid being found out. Unsurprisingly, to certify that the connection is being requested by the right user, and it is not an attempt at identity fraud, it is important to make use of multi-factor authentication (MFA). Thanks to this double certification system for user access to company services, we can more effectively protect access to the VPN, to employee logins for corporate portals and resources to, to cloud applications. It will even help us to comply with data protection requirements.
- Firewall systems, whether virtual or physical, have proven to be the first line of defense in corporate network security. These systems monitor incoming and outgoing traffic, and decide whether to block or allow specific traffic based on a set of previously defined security logics. These systems are therefore basic elements in protecting the corporate network, more so if we consider the extra traffic that telecommuting generates to establish a barrier between secure, controled and trusted internal networks and less trustworthy external networks.
- Monitoring services for systems, networks, applications and users, and services to respond to and remedy the setbacks that may arise, are totally necessary to monitor and ensure business continuity when working remotely. It is important to prepare them for the volume that these will have to support over the coming days. Because this increase in remote work can also put an extra burden on network monitoring tools, or detection and response services, since they will now find a greater number of devices and processes to be monitored.One of the resources that must be monitored with special attention are documents that contain sensitive or confidential information. For this, we need to have a tool capable of auditing and monitoring unstructured personal data on computers: from data at rest to data in use, and data in motion. This way your company’s data will be protected, wherever it is.
The latest threats to RDP
In recent weeks, the number of brute force attacks on RDP connections has shot up. These are automated attacks whose aim is to take over corporate desktops and infiltrate networks. If a cybercriminal managed to get a foothold this way, they could do all the things that a legitimate employee can including accessing confidential data and using corporate email. The illegitimate use of corporate email addresses could facilitate spear phishing attacks. This sudden increase in attacks in doubtless related to the unprecedented number of people working from home.
Good teleworking habits
In addition to the dangers to the company network, having employees work outside of the office can also be challenging in terms of security hygiene tasks.
For starters, many employees will use USB drives to take data out of the office, increasing the possibility of loss of sensitive information due to the distribution of information, and even the loss of these devices. What’s more, the situation may make it more likely for employees to take steps such as sending documents containing company data to their personal emails to make working at home easier. In these cases, the protections on these email addresses may be weaker than for corporate email addresses.
With this expanded attack surface, and with employees outside the corporate network, the most important thing is to exercise caution. The first thing is to educate employees about the risks of teleworking, as well as the restrictions on the use of the devices they use while working remotely. They mustn’t visit suspicious websites or open emails – and especially attachments from unknown senders to avoid falling for phishing techniques.
Because, apart from the risks that the rise of teleworking can pose, cybercriminals have also taken advantage of the health crisis to carry out phishing campaigns. Since January, bad actors have been sending coronavirus-themed emails to try to trick users into downloading malware. Some of these emails impersonate public institutions sending information about the virus; others are designed to look like purchase orders for face masks to get employees to send money to the cybercriminal. There have also been cases that promise information about company policy regarding teleworking to try to steal credentials.
This increase in teleworking due to exceptional circumstances is, for many reasons, going to be a litmus test for many companies. In no area is this more true than cybersecurity. Take advantage of all the resources that technology can provide your company to ensure reliable, stable and calm telework.