As the impact of the Coronavirus (COVID-19) continues to intensify, governments across the Middle East are advising businesses to implement ‘social distancing’ measures. As a result, companies have had to rapidly prepare to enable increasing numbers of their employees to work from home. An unfortunate side-effect of the speed at which these initiatives are being rolled out, is that the cyber risk exposure of organisations is simultaneously increasing – creating the perfect breeding ground for cyber-attacks.
Rapid changes in workforce dynamics
Technology is undoubtably the key biggest enabler of remote working. Yet, as these initiatives are being implemented at an accelerated pace across the region, Gartner, in its snap poll, cautions that 54% of HR leaders are concerned that poor technology and/or infrastructure for remote working is the biggest barrier to the success of these undertakings. Indeed, questions around VPN and remote access have been dominating security discussions as businesses have begun to implement work from home policies.
In these extraordinary times, there has been extraordinary pressure on cybersecurity teams. In line with organisations’ efforts to maintain productivity and business continuity, users are being asked to perform work-related tasks on newly implemented communications and collaboration solutions and on devices and systems that are outside of the normal controls of the IT department.
For IT teams, supporting these requirements is analogous to suddenly enabling employees to bring their personal devices to work, connect them to the network and continue working as normal. Given that we’re living in an era of unprecedented complexity and sophistication of cyber-attacks and malware, it is easy enough to imagine the challenges and threats this raises. So, with remote working proving to be an essential tool in the ongoing battle to contain and control the spread of COVID-19, let’s take a look at how remote access fundamentally changes cybersecurity strategies.
Adapting to new security challenges
There are many elements that need to be considered when selecting and provisioning secure remote access solutions – what devices will users be connecting from, their location, how much bandwidth each user session is likely to consume and how many users need to be supported.
Once this is done, organisations move to the second phase, wherein users have begun to settle into their home office set-ups and are starting to work remotely. At this point, the ease of use of the chosen remote access solution becomes key and the true scalability of the solution is proven. It is also at this stage where we are most likely to see security issues appear.
First, your users may connect from machines that are not normally part of your network, which presents a whole new set of security issues. Due to this, your VPN solution will be challenged in how well it can deliver per-application access and support security assessment of each connecting endpoint. It’s worth knowing that some cloud-based remote access solutions offer protection for clients’ internet access, which can be very desirable when the security status of the endpoints is unknown.
The second issue is that the users will not necessarily be behind corporate controls while operating from their home workstations. This means that they can browse the internet freely, receive private e-mails and use social media services – all of which may result in putting your organisation at risk, especially if these actions are performed from a machine you have no control over. Providing employees with best practice documents or lists of do’s and don’ts can help raise awareness and thereby avoid such unintentionally dangerous behaviour.
Finally, the fact remains that despite the crisis, cybercriminals are still out there. These attackers are extremely ingenious and will latch on to any change in the society. COVID-19 is no different. There are already numerous examples of e-mail attacks in which malware is being spread under the false pretence of being COVID-19 related information. There are also several websites that have popped up that replicate useful sites such as the Johns Hopkins Coronavirus map. When users unknowingly visit these malicious sites, they are tricked into installing malware on their machine. This ‘drive by download’ type of attack would probably have been prevented within enterprise networks but is seeing greater success now that users are outside the safety of corporate IT networks.
Delivering secure remote access
As a bare minimum, any remote access solution should offer two-factor authentication (2FA). Two-factor authentication combines something the user knows – like a password – with something that they have. Today 2FA can be easily delivered as a smartphone app. It is quick, easy and cost effective to deploy 2FA and there are few solutions that deliver better value for money in terms of security robustness and making sure that you can identify users and endpoints.
When evaluating your remote access solution, it is also important to remember that there’s no ‘one-size-fits-all’ solution. You may even have existing IT investments which can effectively support your remote workforce when evaluated and re-purposed correctly. In these unprecedented times, several technology vendors have provided promotional programs and extended licenses to help organisations overcome security challenges. With the support of a highly skilled implementation and support partner such as Help AG, most of these solutions can be delivered with extreme speed and with fantastic security features.
Second only to the safety and wellbeing of your workforce, ensuring business continuity during the current crisis is a top priority for organisations. Remote access solutions are a fundamental pillar of any strategy to securely empower a remote workforce. As digital technologies continue to transform the way we work, the choices and investments you make today, will have the potential to shape the success of your organisation – both now and in the future.
By Nicolai Solling, CTO at Help AG