Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Beware of security threats before deploying remote working

Written by  (Guest Contrbutor) Mark Hughes - IT Security Specialist May 25, 2020

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote working is being utilised more than ever and so is its need to be secure.

Early on network capacity was considered at risk due to the volume of people working and using services like Netflix or online gaming all at once.

Managing the load on the network is causing CTOs to scratch their heads too. As they rapidly roll out enterprise VPNs and remote desktop solutions to give employees access to sensitive resources and internal applications, they must find ways to balance the volume on the network. Plus, they need to keep it secure.

So, how do you start to find solutions?

Protecting against DDoS attacks

Taking measures to prevent disruption to critical servers is paramount. Distributed Denial of Service attacks are high up on the list of threats. We know that such attacks create large volumes of ‘erroneous’ traffic to saturate the pipe, but they can also be used for more insidious reasons such as attacking the intricacies of the VPN protocol. A flow as little as 1Mbps can knock a VPN service offline. DDoS attacks explained.

Also see: How VPN Services Protect Your Data

Load balancing

Balancing the volume on the network is also more complex now as more people remotely access the desktop, files, emails and services like Office365 and cloud apps like Salesforce. This can be managed with load balancing, software defined wide area networks, and web performance optimisation – like FastView.

Putting on-demand applications into the cloud so they can be accessed remotely is also a smart move. Load balancing can then scale up applications regardless of where they are located.

But this strategy is greatly undermined if the network and the applications are not secure. It’s therefore imperative there is authentication to validate a user before anything is accessed. People on the network have to be trusted. GDPR fines for data breaches can be very costly and must be avoided.

VPN security

At the start of 2020, VPN security was in the spotlight as multiple vulnerabilities in enterprise VPN products from Pulse Secure, Fortinet, Palo Alto Networks, and Citrix were exploited by malicious actors and nation states alike. Companies responded by patching or withdrawing the remote access and the problem of attacks died back.

However, introducing home working because of the increased demand and on a much larger scale, is likely to bring entice unscrupulous actors into action. It is more important than ever for companies to ensure that patches are applied before switching any new or extended service on. But more than this, they must commit to maintaining updates and patches during this period of flux. That’s because remote desktop protocol (RDP) has been for the most part of 2019, and continues to be by a fair margin, the most important attack vector for ransomware.

CIOs need to acknowledge that in introducing / extending RDP they are broadening the attack surface. And that the temporary solutions they are putting in place (that could become permanent) have to be secure.

It’s therefore very important to adapt risk models. It’s possible that some companies have different business priorities. But they must return to it. It would be foolish to roll out new services with emphasis on access and usability and neglect security.

Passwords

After numerous breaches we have seen in the past, it’s evident that strong passwords or some form of multi-factor authentication (MFA) is an absolute requirement when providing remote desktop access to home workers. Best practice would be to get all employees to reset their passwords as they connect remotely and prompt them to choose a new password that complies within a strong password complexity guideline.

As we know, people have a habit of reusing weak passwords for one or more online services – services that might have fallen victim to a breach. Hackers are fully aware of this and offer a genuine cyber threat, if this practice is allowed to continue.

Also see: What Features Should You Expect in a Password Manager?

Social engineering

Fear of the virus and a continuous need for up-to-date information provide threats of their own. CIOs need to remind their teams of the risks posed by weblinks and the infodemic / fake news that’s constantly present on social media sites.

A prime example today is the abundant phishing campaigns that are luring people in with the promise of important or breaking information on Covid-19. They are designed to entice them to click malicious links or open infected attachments. In the UK alone, coronavirus scams cost victims over £800,000 in February 2020.

It’s a sad reflection of the cybersecurity world - some people have no ethics and will exploit the horrendous humanitarian disaster we face. We are seeing headline news about attacks on institutions who are trying to help everyone during this very difficult time. Scammers don't stop and just see pound signs not people.

Summary

All these factors need to be dealt with by CIOs. They may seem daunting but they are but not impossible. It will require a structured approach when it comes to rolling out, scaling up and integrating technologies. No matter how much pressure there is to put everything in place for business needs as quickly as possible, it is imperative to ensure the actions taken now don’t encourage security failures in the future.


Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Advertisement

Popular Cyber News

Jun 12, 2020 Cyber Security

NHS email service fooled users in phishing attack

NHS Digital is contacting users of its NHSmail email system after a small number of mailboxes were compromised in a gene...

May 25, 2020 Cyber Security

Beware of security threats before deploying remote working

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote wor...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

Jun 09, 2020 Cyber Threats

Common types of cyber-attacks and how to avoid them

With cyber-attacks on the rise, businesses are constantly worried about losing vital data and the threat is very real. ...

Mar 27, 2020 Cyber Security

Hospitals worldwide offered free security software

As cyberattacks against hospitals surge during the coronavirus crisis, technology companies are stepping up to alleviate...

Mar 23, 2020 Cyber Security

Thousands of Netflix and Other Streamers Accounts are Being Stolen

With a massive surge in home use of video and music streaming services such as Amazon Prime Video, Apple Music, Netflix ...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

Apr 16, 2020 Cyber Security

Cybersecurity lessons to be learnt from the Pandemic

It may not be obvious, but the spread of information on computer networks is like disease processes. ...

May 27, 2020 Cyber Security

UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep t...

Jun 08, 2020 Cyber Security

Ransomware attack compensation: What the UK public think

UK consumers believes businesses should stand their ground having suffered a ransomware attack and refuse to negotiate w...

Mar 20, 2020 Cyber Threats

UK Fintech Company Finastra Targeted by Hackers

UK-based financial technology company Finastra is investigating a cybersecurity incident that may involve a piece of ran...

Jun 06, 2020 Cyber Security

Phishing attacks on companies using PBX systems increases dramatically

While video conferencing solutions have become the prime targets for hackers recently following the shift to remote work...

Jun 12, 2020 Cyber Security

Cybersecurity in the shortsighted gig economy

The ‘gig’ economy encompasses the increasing economic trend for professionals to take on a series of temporary work ...

Apr 13, 2020 Cyber Security

Under half of UK businesses provide cybersecurity training: Kapersky

If businesses want to seriously wan to reduce he risk of data breaches and remains secure, they must commit to employee ...

Apr 17, 2020 Cyber Security

SonicWall launches boundless cyber security platform

SonicWall has released a new boundless cyber security platform to protect companies and government agencies remote workf...

Advertisement
Symantec Home 120x60

Advertisement