WHAT'S NEW - Cybersecurity - Remote Work

Cybersecurity - Remote Work

by Martin Turner

With remote working a necessity, it’s essential to make sure security is at the heart of the way  it’s implemented. And it’s particularly important because attackers know the pandemic makes us more vulnerable. Martin Turner is Managing Director of our cybersecurity partner, Full Frame Technology, and sets out the key points to consider. 

Like most major crises, the coronavirus pandemic has brought out the best and worst in our species. Unfortunately, in the online world, the picture is an overwhelmingly negative one.

"The cumulative volume of coronavirus-related email lures now represents the greatest collection of attack types united by a single theme that our team has seen in years, if not ever," one security company said.

Healthcare and medical organisations have been among those to be targeted (although some ransomware operators magnanimously promised to stop).

But for the rest of us, we should expect the attacks to continue – and indeed increase. This means that it’s critically important to discuss security with colleagues, and not simply assume that it will look after itself.

The key issues for most users;
- Are devices and applications up to date?
- When were home routers last updated?
- Has the router’s administrator password been changed?
- Are you re-using passwords?
- What sort of 2 factor authentication do you use?
- Do you have the tools you need? (Because if you don't, you'll start using your own solutions.) ​
- Are you keeping work and personal business separate?

The Manager's Dilemma

For administrators, this is obviously a challenging time, with a need to balance security with the overriding requirement to enable the business to keep working.

In many cases, there is likely to be increased demand for use of personal devices. If possible, these should be enrolled in a management solution. At the very least, the ability to wipe a device remotely should be enabled.

People tend to be problem solvers, so they are likely to come up with their own solutions if necessary. We would advise having open conversations so that everyone feels they can raise issues as they arise.

If one person has found a solution to a problem, it will most likely be of use to others as well, and it’s far better to try to bring them within the organisation’s control rather than drive them underground.

Now more than ever, it’s essential to check who can access what data. Accounts should be configured so that they have the lowest level of privilege needed for the person’s role. Particular care should be taken with administrator-level accounts.

The risks and rewards of collaborating online

Collaboration tools are crucial – and many organisations are taking advantage of the free trials being offered by the main providers.

Basic precautions are essential to securing these solutions. The US National Institute of Standards and Technology highlights the need to limit reuse of access codes; if these have been in use for a while, they are likely to have been widely shared – and you can be sure some of them are known to unauthorized users. If you can, use a separate access code or ID for each meeting to avoid the risk of them overlapping.

Meeting participants should announce themselves and the list of attendees should be monitored wherever possible.

Virtual meetings come with their own pitfalls (not least that they can be a bottomless time sink as people try to figure out how to use the camera and microphone). Microsoft Teams has just released new features, including one that will remove background noise and allow users to raise a virtual hand when they want to ask a question.

If your solution doesn’t have those capabilities (and even if it does), then it will improve everyone’s lives if you share simple dos and don’ts for remote meetings.

- Check your technology is up to date (before the meeting)
- Decide whether you need to share documents and content. If you do, best to do it beforehand.
- Mute when not speaking
- Resist the temptation to do other work during the meeting
- Don’t try to talk over people, or interrupt.
- If you’re sharing your screen, make sure you’re not showing anything you don’t want to.

The importance of plannning ahead

We advise everyone to keep in mind that remote collaboration tools and the internet itself are under extreme pressure – and that is likely to increase as the pandemic reaches its peak.

As an indication of the stress on these systems, Microsoft Teams added 12 million daily active users in just 7 days. And, following a call by the EU, Netflix and YouTube have reduced the quality of their streams to protect broadband networks.

The increased usage means that it may not be possible to rely on the technology working, especially when it’s most needed. Where possible, we suggest having a backup solution which might be as simple as a fixed landline for voice calls.

As with everything to do with cybersecurity, the key is planning. Time spent preparing will not be wasted.

Collaboration solutions
Microsoft Teams 6-months free trial for Microsoft Teams in an Office 365 trial. Offer is available to any existing customers who haven’t activated any other O365 trials in the past.

Cisco WebEx 90-days unlimited usage with no time restrictions, up to 100 participants, and dial-in facilities as well as VoIP capabilities. Offer available to organisations which are not existing WebEx customers.

Google Hangouts Hangouts Meet premium features free until 1 July 2020 for G Suite and G Suite for Education customers.

Zoho Remotely Collaboration suite, which includes 11 applications (ranging from video conferencing, instant messaging, business presentation, to project management, remote support) is free 1 July 2020.

UK National Cyber Security Centre (NCSC)
US National Institute for Standards and Technology
SANS Work-from-Home Deployment Kit
Scott Helme (a clear but slightly more technical take focussing on WiFi)