In rushed implementations of WFH access to the office network, risks were taken. Here are some tips to repair cybersecurity holes.
In a mad dash to enable a distributed workforce amid the pandemic, IT teams have had to act fast to keep operations and businesses running. However, some of their well-intentioned efforts resulted in misconfigurations and security trade-offs.
As the dust settles and the world adjusts to large-scale remote work, IT teams need to ensure that these vulnerabilities are addressed quickly and do not persist in their environments for longer than necessary.
According to a senior engineer at ExtraHop, Josh Snow, the following are some of the most common trade-offs that IT teams have been forced to make. He also offers recommendations on how to rebuild a strong security posture in the pandemic and beyond.
1. Deploying hardware
A significant number of organizations still issue desktop computers instead of laptops. This is because desktop computers are more cost-effective, tend to have stronger computing power and are inherently less mobile, thereby keeping sensitive information tethered to a secure environment. For these organizations, the move to remote work presented an immediate and monumental challenge to get employees up and running in a secure manner.
Some companies approached the issue by purchasing laptops. Others asked employees to use their personal devices. Some workers literally transported their desktops home with them. No matter which route an organization took, each came with security implications.
Purchasing new hardware is the easiest and most secure option. However, with computer manufacturing and supply chain experiencing significant delays, due to the growing demand, those lucky enough to acquire new computer hardware should remember to equip those devices with the right security applications and firewalls. If you are using refurbished hardware, it is critical to first conduct an audit to ensure that the device is secure and safe.
Similarly, many businesses have allowed employees to use their personal devices, such as smartphones, during this transition. While this may have been helpful in keeping the operations running, personal devices come with a slew of security challenges, including pre-existing malware infections and not having the latest updates installed. When these devices connect to corporate networks, it opens up the entire organization to unseen risks.
2. Use of Virtual Private Networking (VPN)
Whether employees connect via corporate computers or their personal devices, many are being asked to use VPNs to gain access to critical systems and assets. While many organisations already have VPNs configured, few had enough licenses for everyone who suddenly needed VPN access. In the rush to enable a distributed workforce, misconfigurations are a legitimate cause for concern. IT teams need to go back and audit those connections quickly to ensure that they did so in a secure manner.
With more people accessing the network through VPNs, it is common for the network to become overburdened with a sudden increase in traffic, causing latency and aborts. In most cases, IT teams will want employees to access the VPN via split-tunnel VPN, not full tunnel, so as not to overburden the network. This allows the user to have some applications running through the VPN while leaving other traffic outside of the tunnel.
High-volume applications such as meeting and conference applications need not be routed through the VPN. Taking up much of the bandwidth, these applications have the potential to affect performance if left unmonitored. Increased traffic has the potential to tip over the VPN and could result in denial-of-service (DoS) attacks. Full tunnel VPN access also increases the organization’s risk of routing nefarious traffic through the data center.
3. Bringing devices back to the office
IT teams should think about wiping machines and reimaging hardware and devices when employees return to the office. One way to go about enabling better workflow during work from home is to utilize Remote Desktop Protocol (RDP) to access their machines in the office.
RDP is a Microsoft protocol designed to facilitate application data transfer security and encryption between client users, devices and a virtual network server. It allows a system user to connect to a remote system with a graphical user interface. While it is acceptable to use RDP internally, misconfigurations and exposing RDP to the internet are potentially a catastrophic mistake. As a general rule of thumb, organizations should not use RDP long-term.
Above all else, it is imperative to access RDP through a secure VPN to ensure that your critical assets and systems do not get exposed through an open port to the internet.
What IT teams can do
Said Snow: “Amidst the flurry of activities, security teams should not let their guard down. All suspicious alerts in the system must be treated as critical. Environments should be regularly scanned to expose open ports, and IT teams should also pay attention to whois doing that scanning. Increases in scans should be a red flag since malware needs to scan for open port before starting an attack.”
According to Snow, increased dwell time leaves bad actors with even more time to burrow into the organization’s infrastructure. The average dwell time for attacks remains around three months. This means that the security implications of enabling large-scale work-from-home environments will not be known for some time, with potential issues having the potential to persist for a long time without detection. Thus, IT teams need to increase visibility across the organization’s currently distributed network. “Understandably, IT teams need to move quickly and make trade-offs in order to enable a productive distributed workforce and ensure business continuity. However, now, it is time to retrace our steps and tidy up the mess.”