NC May-Jun 2020

More documents

Recommendations

Info

FEATUREREMOTE WORKING REMOTE WORKING: DO IT RIGHT HOW DO YOU ENSURE YOUR BUSINESS REMAINS SECURE DURING REMOTE WORKING? PHIL UNDERWOOD, CHIEF INFORMATION OFFICER, SECURENVOY, AND CHRIS CASSELL, TECHNICAL SPECIALIST, SECURENVOY, OFFER THEIR INSIGHTS Over the years, there has been an increase in remote working, as organisations look to promote flexible working. With technology constantly improving, employees are no longer restricted to working in a traditional office space. However, the current global pandemic has forced businesses worldwide to rapidly implement remote working across their workforce while travel restrictions are in place. In its current form of remote working, few businesses were ready for supporting the complete workforce remotely, in case of an emergency such as the pandemic. Even fewer conducted a readiness event to understand, prepare and provide remediation to cover the shortfalls and problem areas that would impact their day-to-day operations. In such situations, hackers are fully ready to take advantage, whether this is for financial gain, to damage a company's reputation or steal sensitive assets. Thus, the various security challenges that remote working brings need to be addressed to ensure business data is not put at risk. The following are some of the topics that need to be considered to ensure your business remains secure during remote working. USE OF BYOD With a surge in requirements to support non-typical mobile workers, it is all too easy to allow use of a home machine to fulfil a need. Yet, this approach brings its own issues, namely the integrity of the machine, whether the OS type and patching are up to date and supported, browser type and support are allowed and secure, the firewall is active or not, and if there is antivirus and malware capability. Home computers are also more likely to have been used by non-security trained people at some point. Therefore, use of BYOD can increase vulnerability to cyber threats. PROTECTING YOUR ENDPOINTS Now that you are discouraged from allowing BYOD devices, securing your endpoints is key. As users are using their current corporate machines, most of this can be managed remotely for firewall, antivirus, malware and OS patching, in addition to password management policies. When we discuss endpoint protection, ideally having a solution that provides data 28 NETWORKcomputing MAY/JUNE 2020 @NCMagAndAwards WWW.NETWORKCOMPUTING.CO.UK
FEATUREREMOTE WORKING loss protection is key, as now the corporate machine is most likely to be exposed to threats upon the home network. Finally, protecting the endpoint is not just about cybersecurity, but also physical security. Ideally, the same policies should be executed at home, such as screen locking, invoking MFA for laptop access and securely storing the laptop when not used. USER ACCESS To enable remote working, users require access to applications. Typically, access is granted with a username-password combination. However, multiple applications require users to remember multiple passwords which, if they forget, can lead to locked accounts or end up with users writing them down. A single sign-on solution (SSO- identity provider) can resolve most of these issues, but ideally multi-factor authentication (MFA) should augment the login process, as an SSO solution allows a single password to access a plethora of applications. EMAIL SECURITY All too often email security solutions allow a phishing or similar bad email to be delivered to a recipient. These may have a bad payload or embedded link to a compromised site. Hackers are getting more imaginative on setting up new email domain and locations, in order to send their spam messages. The best piece of advice is, if in doubt, delete the email. If it is someone you do not know or conduct business with, delete the email. If the sender persists, pass it to your IT security team who can check the message for validity. Aside from the technical working environment, the physical working environment also needs to be considered. The level of focus that employees have in an office takes time to develop in a home environment: patience, dedication and routine are not achieved overnight. The home environment can provide distractions you might not otherwise have in the office, which can lead to human error. You attach the wrong version of a file, or send it to the wrong person, and there is the breach. That's how data leaks. It is a situation that is less likely to happen in an office, as there is less distraction. Hence, alongside antivirus and endpoint protection, businesses also need data governance and data loss prevention solutions. Generally, employees are not focused on security when doing their job and that is understandable. Lack of focus on security is even more prevalent in environments when they are juggling several other priorities at once. This is why tools that can enforce and educate the security policy interactively are so much more important. By controlling what users can access and then, in turn, what they can do with that data once they receive access, you can ensure that it is not going to be subject to those minor human errors. This can stop the accidental attachment of the wrong version of a file, provide a reminder to check the recipients of an email and stop data transfer to external media to work on it on home devices, all of which can help prevent breaches. Finally, having clear, defined policies and guidelines for staff ensures a smooth and trouble-free remote working deployment. Provide education sessions to reinforce safe working practices from time to time and support staff who are completely new to this concept. Teach them about physical security, as well as cybersecurity, as they both go hand in hand with a successful remote access strategy. Lastly, detail a simple escalation path for when things may and do go wrong. In this way, mitigation steps can be applied quickly and any potential damage is limited. Remote working during the current time is essential and highly beneficial, so the need to ensure your business is secured during this time is crucial. NC Phil Underwood, Chief Information Officer, SecurEnvoy Chris Cassell, Technical Specialist, SecurEnvoy WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards MAY/JUNE 2020 NETWORKcomputing 29
Page 1 and 2: NETWORKcomputing I N F O R M A T I
Page 3 and 4: COMMENT COMMENT NETWORKING IN THE N
Page 5 and 6: Pragmatic and experienced risk mana
Page 7 and 8: INDUSTRYNEWS Securing against ident
Page 9 and 10: PROFILE:SUPERMICRO Liang explains:
Page 11 and 12: One Platform for Digital Business
Page 13 and 14: PRODUCTREVIEW ZPE Systems Nodegrid
Page 15 and 16: PRODUCTREVIEW NetAlly EtherScope TM
Page 17 and 18: FREE CISSP WEBCAST SERIES Get a Loo
Page 20 and 21: PRODUCTREVIEW SolarWinds AppOptics
Page 22 and 23: TRAINING& EDUCATION SHEDDING NEW LI
Page 24 and 25: SECURITYUPDATE UNDER FIRE AT HOME B
Page 26 and 27: FEATUREREMOTE WORKING YOU'VE GOT MA
Page 30 and 31: MASTERCLASS Business continuity and
Page 32 and 33: SECURITYUPDATE RANSOMWARE SOARS WOR
Page 34: SECURITYUPDATE MALWARE MENACE A PRI

NC May-Jun 2020

Create successful ePaper yourself

Delete template?

Save as template?