Network Security

Recent extraordinary events have introduced a sudden and dramatic increase in home and remote working, which has given businesses the opportunity to assess the strength, performance, capacity and security of their existing networks and policies.

While much of the security news agenda around the coronavirus outbreak has focused on the opportunistic cyber criminals, the average businesses focus should be on ensuring their security systems keep them safe from threat campaigns, bug disclosures and cyber-attacks.

Employees working remotely will naturally be required to access their organisation’s network/drives/resources etc, and this usually requires a virtual private network (VPN) connection.

A VPN connection uses client software (open-source or proprietary) or a standard web browser to create a secure encrypted tunnel that extends a private network across an insecure public network. This allows users to send and receive data as if the device was directly connected to the corporate network.

Some businesses can work around the insecure home network issue by getting their users to use remote desktop services (RDS), where you are remotely controlling your real PC in the office through a secure network connection. If you are unable to take advantage of this option, the main issue when using home PCs is making sure that they are as secure as possible. To ensure security you should install/update the latest software (e.g. OS/application updates & antivirus software), use strong passwords and preferably log in using two factor authentication (2FA). Organisations should also be using intrusion detection/prevention (IDS/IPS) capability in conjunction with their perimeter firewalls.

Does your organisation have relevant and updated policies to help during this time? Ensuring your organisation’s remote-working access management and password policies are updated and rolled out to staff should be top of your list as your company transitions to having more people outside of the office.

Capacity planning is also essential to an organisation’s preparation for mass remote working. It is critical to ensure your organisation’s hardware capability and licence quantities can accommodate the maximum concurrent connections from all remote users. Without the correct number of licenses and/or hardware performance, some staff may not be able to access your company’s network when required.

During this time security services have suggested the following:

• Change default passwords on your home Wi-Fi router to prevent hackers accessing your network
• Use strong and unique passwords on every account and device – password management software helps greatly with this task.
• Consider using two-factor authentication (2FA) which is a second layer of security to prove it’s you who is logging in – something you know combined with something you have.
• Software updates contain vital security patches – keep all devices, apps and operating systems up to date
• If you are working in a more public place (when out of lockdown) use a privacy screen and tether using a 3G/4G connection instead of an untrusted Wi-Fi hotspot
• Only use software your company would typically use to share files. Refrain from using your personal email or 3rd party services unless reliably informed otherwise
• Be wary of unsolicited emails or phone calls. Cyber criminals will use any opportunity to take advantage of the current situation. Verify any unusual requests using an alternative trusted form of communication, e.g. a telephone call.

Essentially, all businesses should use this opportunity to evaluate their risk profile. While a certain level of security is required, especially with PCI & GDPR policies mandating requirements, preparing for all eventualities is the way a company moves forward.

Making sure the amount of security you need (beyond a minimum baseline requirement) is proportionate to the value of the data you are protecting, and the level of security is an optimum value for your business.

.