Remote Operations & Data Security: Long Haul to Pass
By NaimishaPublished On July 27, 2021
As Covid-19 hits the world, many parts of the globe undergo lockdown, offices, and work come to standstill, but the IT department of every organization didn’t let the spirit of work die. The concept of Work from home was introduced globally and the organizations were happy to know that their work is on and revenues of the organization aren’t stopped. Firms were proud to be working and supporting their employees financially in such tough times. But one risk associated with the new environment arose in “Data Protection & Information Security“, as this was easy in a controlled network environment, where sites are blocked, access and systems data are logged and firewalls help the system to be safe, and that was possible with VPN and virtual desktop for employees working remotely. But the workforce that was working in an uncontrolled environment, no VPN and Virtual desktop, no updates of antivirus and systems software, and many such risks associated with workforce while working from home.
In the recent past and short distant future, we would be able to clearly differentiate between Good and Poorly resourced IT teams. Many enterprises would be in a haphazard way to tackle the unacceptable risk in their areas and few of them will leap ahead for business with planning full utilization of resources available with them and vision so that they can see risk coming ahead.
How can you safeguard your organization and prepare for the worst?
There are 3 steps to sail through this tough time
It’s all right to say that if a user wasn’t proposed to work from home for enterprise systems before COVID-19, it was probably for a fair reason. Many privilege access holders will now be waiting for a ‘least worst’ option to make it happen quickly. So let’s begin from here.
Systems Presence in working conditions and high-speed internet are probably most important of all other considerations at present. But Information security has to hold out on a few minimum requirements:
Use company-managed devices, wherever possible – Not style icon though we must say, users, need to be open for following a minimum standard of security. For a maximum of organizations that haven’t reached a saturation of security, we have only control for systems and visibility necessary for secured remote connections when we can enforce policy on the device.
Avoid third-party remote base supporting tools – Avoid the use of control sharing applications like VNC, TeamViewer, etc. Users should be allowed to connect via remote sessions only that are secured, and on company-approved apps that can be updated and reviewed by the organization’s security team.
MFA, always – All user connections should be connected via 2-3 factors of authentication – may which device or access mechanism. If you have Hardware MFA there is nothing like it, SMS are the least desirable, and the many variations in between are the most practical.
Scan and patch – All devices of the remote access solution should be updated regularly for identified vulnerabilities – with a full review of VPN agents and concentrators.
Avoid RDP altogether – If you don’t need it, you should ideally disable RDP. But if you really need it.
Don’t reveal RDP to the open net – User should be connected only with company-managed devices over an encrypted network i.e. VPN. RDP sessions should be initiated only with a centrally-operated RD Gateway that is installed in DMZ, If available from the backside of a web application firewall. This is easy to converse nut it is really a nightmare to perform such action
Enforce quality security baselines – 8-15 characters long and complex passwords, MFA and forced logout, account lockouts after few incorrect passwords is the least to do.
Target – Be vigilant over RDP as that is so commonly exploited by hackers.
It might not be as big a change as you wonder, but it will help for sure.
Any organization that has taken a license for Office 365, for instance, If they have created a cloud-based identity store. Microsoft’s Azure Active Directory Application Proxy can be used as an identity store to provide similar remote (Single Sign-On) access into applications that are hosted internally as part of Microsoft’s cloud suite.
There are other service providers also for CSOs and CIOs like Akamai, Cloudflare, and others. They offer the network-level connectors that are required to provide internal services for remote workers via “identity-aware” proxy services. Users sign in using SSO (via Azure AD, Okta, whatever), then get piped through Akamai or Cloudflare’s network to internal apps.
So if you feel like being stopped – and feeling brave to try on a new set-up- the users that were working on the workstation at Headquarters will make a great testing group. It’s a relatively new technology for sure and there will be adoption issues, but it’s certainly worth taking a chance.
Set up training programs, conduct red team assessment, Social engineering test, etc for people to understand how they can be attacked. Make them aware of types of attacks (MitM, Phishing, Ransomware, Spyware, Malware, etc), the immediate first step of disconnecting the system from the network and reporting the incident to the help desk and Incident Management team. Cooperate in the investigation if attacked, about all the first-hand reports and being vigilant to identify such attacks.
Working remotely is not easy, and creating a set-up to provide users a set up to work from home is also a huge IT infrastructure requirement. If the set-up is not configured in a correct way, your all data is at risk, which may lead an attacker to intrude and take control of your organization’s data. So at WeSecureApp, we help you set up all your IAM, Security, VPN, and other remote access tools in a fashion that your data is secured, access is authenticated and classified, and minimal risk of intrusion.