Remote working was already an increasingly attractive option for many before the Coronavirus happened. A recent poll on attitudes towards remote working found that 99% of respondents would welcome the opportunity to work remotely at least part-time. Some have even said remote working, because of COVID-19, may be a turning point in how we approach work.
However, any change in working practices brings new considerations. In the finance sector, high value data compounds the security risks of home working. Here, We look at the type of risks that remote working presents and some ways to mitigate those risks.
Why Remote Working Opens Up Security Gaps
Wherever we choose to work remotely, be that a sofa at home, a home office or even a local cafe, we broaden our network connections. This is both in the digital sense, in terms of home-work connectivity and in the literal sense. Here are some of the ways that security gaps widen when we work remotely:
Out of sight out of mind
When bank staff work within the four walls of the office, we have a certain level of control over their use of technology. However, ‘Shadow IT’ is something that has entered the language of IT professionals the world over. Shadow IT describes how IT departments are losing control over tech spend, with individuals regularly using their own devices and apps to do company work. Cloud services are the most prevalent form of Shadow IT according to Cisco. Remote workers are exacerbating the Shadow IT situation as they need to collaborate across cloud infrastructures. This will likely increase the use of Shadow IT apps. The issue with this is these applications likely fall outside of the visibility of corporate security policies. Cisco research into Shadow IT has found that the ease of use of cloud-based apps for remote and collaborative working increases the cyber-attack surface.
Shadow IT does not have to be a bad thing. It can help improve productivity: A study by Entrust Datacard found that 97% of employees showed improved productivity if they were allowed to use preferred technology. Also, a remote workforce may depend, at least to some extent, on using their own apps. However, to maintain closer security controls you should ensure that security policies extend to cover employees’ own devices and apps.
Out of control storage
Part of working with devices and Shadow IT cloud apps is that the choice of data storage may be difficult to control. Remote working can result in a communication bubble or even closed communications. This can impact the lifecycle of data and where it ends up. Cloud storage is the obvious choice to ensure that data is placed in a known area that can be protected. However, enforcing the use of chosen storage is more challenging. Teams need to understand the importance of collaboration and how to work together using centralized cloud repositories.
Malicious employees are typically difficult to detect even within the confines of an office.
Restrictions on data sharing from devices can be potentially circumvented by malicious employees. In the privacy of their own home, a user could remove the hard drive from a work device and either mount it in another one or use specialist software to make copies. The result could be the theft of Intellectual Property (IP) or exposure of personal data.
Infiltration, Sniffing, and Eavesdropping
Once outside the corporate firewall, the traffic that is exchanged when emailing, texting, and generally sharing data, is at risk. Even home routers that are seemingly secure, are at risk of cyber-attacks. Research by Cisco-Talos, found that the malware, VPNFilter, targeted over half a million small office and home routers. Once infected, the routers were open to packet sniffing resulting in the theft of data and login credentials.
The use of smartphones for work is also a cause for concern. A 2019 study by Checkpoint, found a 50% increase in malware infecting smartphones. Infected apps include banking trojans that steal bank login credentials. Trend Micro found 85 fake apps on Google Play. The apps were infected with adware and installed over 8 million times. Malicious apps could result in stolen corporate login credentials too, especially if cybercriminals actively take advantage of the remote work situation re COVID-19.
If remote workers decide to work outside the home, perhaps in a local cafe, they may also be at risk of data communications being intercepted via Man-in-the-Middle (MitM) attacks. Fraudsters can also create ‘rogue hotspots’ under their control. These hotspot connections use social engineering to trick you into connecting via a malicious Wi-Fi account; often the rogue hotspot using the name of the cafe or mall you are working in or near.
Lost and found
Lost devices can result in sensitive data leaks. An example is AmberCare Corp., an employee losing 2,284 patient records when a laptop went missing. According to a report into mobile device theft and loss, around 69% are simply misplaced with 31% being stolen from cars, homes, etc. However, any loss of a device containing sensitive data should be a concern. Remote workers should have strategies in place to minimize this loss.
Data Security Compliance and Remote Working
Remote working can place a high burden on data security compliance. All of the risks that remote working brings to a company can impact your compliance with data protection and privacy regulations. Regulations such as the EU’s General Data Protection Regulation (GDPR) don’t stop just because someone is working from home to avoid COVID-19. Organizations must ensure they include remote work environments in any policies that cover data protection and privacy regulations. Data Privacy Impact Assessments (DPIA) should also extend to include remote workers. Strategies to manage remote working and regulatory compliance should include awareness of privacy as well as technological measures to protect data.
5 Tips to Secure Remote Working
As well as washing your hands to protect yourself against the virus, you can also follow a number of key tips to keep your remote work environment safe.
Tip 1: Security policy for remote working
Begin with a security policy that covers remote working. The effects of COVID-19 will hopefully not last too long. However, remote working looks set to be around for a while yet. If you offer employees a chance to work outside the office, it might result in more home workers in your company going forward. Remote working must be part of your overall strategic approach to security across your enterprise.
Tip 2: Security awareness training
Having a security policy that takes remote workers into consideration is one thing, but enforcing it is another. A recent report from Proofpoint found that 99% of cyber-attacks require human intervention. You should look at ways to minimize risks like MitM attacks and malware-infected apps. Much of this will come down to educating employees about the risks, such as using free Wi-Fi connections. Security awareness training is an important aspect of knowing that employees can be trusted to do the right thing outside of office controls.
Tip 3: Keep an inventory of hardware
One way to avoid hardware tampering or at least keep track of device changes is to keep an inventory of devices. Keep a record of the serial numbers of all the hardware installed on the device to ensure that devices are not tampered with.
Tip 4: Technology solutions
A number of technology solutions should be considered to help secure remote working. Some food for thought:
- A virtual desktop infrastructure can be useful to protect against malicious insiders removing hardware or replacing software
- A virtual private network (VPN) could help to protect users when they are not using a secure connection
- Hard disk encryption for laptops
- Anti-malware on all devices
- A software patch strategy that takes remote worker devices into account
Tip 5: Use a principle of least privilege across your cloud infrastructure
Tightening up access control measures can be a good way to minimize cyber-attack risk. Make sure that resource access is on a need to know basis. In addition, harden authentication in line with tighter access controls by using multi-factor authentication.
Finding the Positive in COVID-19 Remote Working
COVID-19 may be a worldwide health concern but we shouldn’t let it become a security issue too. In certain areas, remote working may become the norm, at least for a while, if not for the foreseeable future. The financial sector has to deal with high value, sensitive data, that is put at greater risk in uncontrolled environments such as home working. However, if you know what type of security risks come with remote working you can put in place steps to prevent those risks from becoming a cybersecurity incident.
Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71), a Singapore-based cybersecurity entrepreneur hub, has unveiled the 10 startups that got funding through its ICE71 Accelerate program. The companies, which received roughly US$22,000 each, hail from Singapore, India, Turkey, Vietnam, the UK, and the US.
The startups were introduced at this year’s ICE71 Accelerate Demo Day in Singapore, where they pitched their ideas and technologies to investors and cybersecurity leaders. After Demo Day, ICE71 will continue to support the selected 10 through further fundraising, product development, and commercial expansion, according to a statement.
Here are the cybersecurity startups from ICE71 Accelerate’s second cohort.
- 689Cloud uses rights management technology to protect, track, and control access rights on externally shared digital documents, preventing data leaks and unauthorized redistribution of confidential data.
- Aversafe provides credential issuance and verification network services that connect employers, individuals and credential issuers together to prevent forgery and counterfeiting of credentials and licenses.
- Blue Phish provides an online platform of e-learning modules to drive cybersecurity awareness and play a part in reducing the number of cyber attacks that – 95% of the time – are created due to human error .
- GuardRails makes open-source security tools, which have been tuned to only report high-impact security issues, available in GitHub Pull Requests.
- Infra builds automated solutions for assessment and intelligence without the need for security analysts.
- Keyless provides a privacy-first platform for authentication and identity management driven by secure biometrics.
- Loki provides cloud-based, single point management cybersecurity and network management services for small and medium-sized enterprises using SD-WAN technology in SaaS model.
- OneKIY addresses data privacy and security and runs on a decentralized, user-controlled security system. Coupled with an applications marketplace, users can download relevant apps to take full advantage of their KIY (keep it yourself) token.
- PhishBase operates as a mail transfer agent that analyzes emails flowing in and out of the system.
- Seconize offers an enterprise IT risk assessment product that identifies cyber risks and translates them to continuous business impact.
A partnership between Singtel Innov8 and the National University of Singapore’s NUS Enterprise, ICE71 also said that it’s now accepting applications for the third cohort of its accelerator program.
Read more news:
Large companies must share confidential reports and other information with their top executives including the Board of Directors. In this case, security and confidentiality is most important.
689Cloud is an easy and secure way for companies to share data with their top executives
Improve Productivity ⇒ Get more Profit
- 689Cloud is more efficient and easier than E-mail, FTP, or on-premise solution
- Remote access for travelling and remote executives
- Improve the speed of communication in the company
Improve Security ⇒ Compliance with Law / Reduce Risk
- 689Cloud can protect sensitive documents so that only authorized people can open
- More secure than E-mail or other ways
- Stop copy, print, screen capture to prevent data leaks and spying
- Comply with regulations for disclosure of sensitive information
Vietnam Web Summit is the largest annual festival day for developers and marketers relating to Web industry. This is the chance for them to update related knowledge from the well-chosen speakers of well-known Internet & Tech companies. With +100 topics from the top experts. The exhibition will be performed by enterprises and startups. This is also the place for demo show for a lot of products, as well as technologies of businesses. Recruiting is also among the activities that bring valuable benefits to both businesses and attendees.
Some pictures in the event.
689Cloud attended at Week of Innovation and Startup in HCMC in 2018 (WHISE 2018) took place from 15-19/10, hosted by Department of Science and Technology Ho Chi Minh City under the direction of the People’s Committee of Ho Chi Minh City.
Attracting more than 3,500 visitors and 125 demonstration and demonstration projects and more than 200 investors.
During the WHISE 2018 Week, nearly 30 events were held, attracting the attention of the startup community:
– Communication Industry Adaptation Workshop 4.0
– HCMGIS PLATFORMS – The basis for GIS application in Ho Chi Minh City, and announced the Search Solutions – GIS HCM City 2018
– Scientific Conference on Technology Solutions for Smart Cities
– Summing up Community Activism Connecting Students 2018 with the theme Innovative Innovation in the Digital Age
In addition, many innovative start-ups, product demonstrations of startups are also taking place at WHISE 2018.
Notably, there have been 61 start-up projects and innovations participating in the exhibition have been arranged with the organizers contact with investors, potential customers, and this is one of the practical activities that Ho Chi Minh City to promote the science and technology market, support startup development.