ReadWrite
Published in

ReadWrite

Cybersecurity Focus: How to Make Remote Work Safer

Telework is a long-running trend in the business world, and it has reached unprecedented heights because of the Coronavirus emergency. As a result, numerous companies have been forced to plunge headlong into implementing the remote work model, and predictably enough, this process is not always smooth.

VPN security needs an overhaul

While working out of the office, employees should maintain a stable and secure connection with the company’s computer networks. VPN is a vital tool that bridges the gap between workers and hacker-proof online communication.

  • Businesses use VPNs 24/7, so it can be problematic for them to keep up with all the updates that deliver the latest security patches and bug fixes.
  • Threat actors may increasingly execute spear phishing attacks (malwarefox dotcom spear phishing) that dupe teleworkers into giving away their authentication details.
  • Organizations that do not require their personnel to use multi-factor authentication for remote connections are more susceptible to phishing raids.
  • Trying to save money, some admins configure their systems to support a limited number of simultaneous VPN connections. As a result, information security teams may fail to perform their tasks when VPN services are unavailable due to network-wide congestion.

Here are a few tips to help a company from being a moving target:

  • First, keep VPN tools and network infrastructure devices up to date. This recommendation also holds true for devices (company-issued or personal) that the employees use to connect to corporate resources remotely. Correct updates and patch management ensure the most current security configuration is in place.
  • Let your teams know about the expected rise in phishing attacks so that they exercise more caution with suspicious emails.
  • Ensure the cyber security team is prepared to tackle remote access exploitation scenarios through breach detection, log analysis, and incident response.
  • Use multi-factor authentication for all VPN connections. If, for some reason, this rule cannot be put into practice, ascertain that your staff members are using strong passwords to log in.
  • Inspect the corporate VPN services for capacity restrictions. Then, choose a reliable hosting service that can help leverage bandwidth limiting and ensure secure connections continuity when needed the most.
  • An additional precaution is to test the functionality of the VPN kill switch. This feature automatically terminates all web traffic if the secure connection is interrupted. This way, you can rest assured that the data doesn’t travel via the public Internet in an unencrypted form.

Conferencing software is low-hanging fruit.

Similarly to virtual private networks, tools that enable virtual meetings have recently extended their reach significantly. It comes as no surprise that cyber crooks have stepped up their repertoire in terms of discovering and exploiting weaknesses in popular conferencing products.

  • Avoid reusing access codes for web meetings. If you share them with plenty of people, chances are that confidential data is leaked beyond the intended number of individuals.
  • If you plan to discuss a highly confidential subject, consider using one-time PINs or unique meeting identifier codes.
  • Make the most of the “waiting room” function that prevents a virtual meeting from starting until the conference host joins.
  • Tweak the settings, so the app triggers notifications when new people join the web meeting. If this option is missing, the host must request that all participants name themselves.
  • Leverage dashboard controls to keep abreast of the attendees during the conference.
  • Refrain from recording the virtual meeting. If you really need to do it for future reference, be sure to encrypt the file and specify a passphrase to decrypt it.
  • Minimize or ban the use of employee-owned devices for video conferencing.

The bottom line

The global increase in remote work is a natural part of the business evolution. It is also an emergency response to new factors like COVID-19. But sadly, the “rough” implementation of telework in many organizations has become the weakest link in their security.

--

--

ReadWrite is the leading media platform dedicated to IoT and the Connected World. We work with the industry's top technologies, thinkers, and companies to tell the stories that drive this world forward.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ReadWrite

The latest #news, analysis, and conversation on the #InternetOfThings