Data Access & Remote Work - What's the Risk?

With the changes in the last 18 months, we are entrenched in a war - a war with devices.  This is not a new war, it is one many in the cybersecurity and IT field remember - it is the return of the BYOD "Bring your own Device"... but in a slightly different way.  Instead of having to deal with the devices you and your staff bring onto your IT Networks you are instead having to defend your data and corporate information from all the devices on your employees home networks.   Remote work, love it or hate it, is becoming a new normal.  We can create processes to encourage users to return to the bastions of security that we have had for years, but that is a battle we are already losing.  Instead we need to look at the pressing concerns of the threats of today - especially the Internet of Things or IOT devices.

Earlier this year, Forbes wrote about the growing attack surface IOT represents and that hasn't changed.  We are having to secure devices on our networks, and throughout our networks, and secure devices that are brought into networks we are not able to fully secure.  When such a large percentage of business is occurring off corporate networks, there are few perimeter layers you can rely on, and relying on VPNs for Security is not a solid strategy.  Yes, you absolutely should have users use a VPN into your computer network, but that should be a step in the security process, not the primary one.   Ask yourself a few questions:

  • What happens if the users isn't using the VPN?
    • If you don't have some kind of enforcement protocol, they've just managed to defeat your security layer.  There are methods of forcing VPN connections but having UAC technologies that require the VPN in order to connect to corporate services or data, but there's been a huge push from users for "ease of use" especially in time of Covid.  It is important to verify users must be using the VPN in order to access corporate data. If this is your layer.
  • What are you doing to shield user devices on remote networks?
    • Do you have regular scanning on users machines that can tell you if a system is attempted to be hacked?  Do you have systems in place to protect a device from potential intrusion? Beyond Antivirus, because the most sophisticate attacks are going to look to evade traditional security technologies such as AV.
  • Who has access to your data, and do you know when it was accessed?
    • It is critical to know where your data is, who has it, and to verify it isn't on a remote system that is outside your security protections.  And if it is on that system, what you can do to encrypt it or remotely prevent it's exfiltration.  Security processes MUST be continued on devices not on network, or the security itself is flawed.
  • What is your process to restore if a system IS infected?
    • And... how do you do it remotely.  If you know a system is infected, how quick is your turn-around?  What is your process?  Do you know automatically or do you not have one?  How often do remote systems check in to KNOW they aren't infected?
  • Ultimately, how secure are your remote devices? How Secure is your Data?
    • This is the core question.  Organizations have created fortresses to ensure their data is protected for their on premise systems, and those fortresses occasionally are breached - but in today's remote work world - how are you ensuring that?  Organizations are only as secure as the lease secure network they have devices on.  Which now is non-corporate home networks of employees.

This is a huge problem.  Having devices that are remotely managed and (hopefully) secure is critical for every organization in 2021 - but what are you doing about security events as they happen?  Do you even know what is going on from a security vulnerability perspective on a daily basis?

Huge growth of services that provide this kind of value of alerting are available, but the critical question to ask yourself before you get one (or even if you are currently using one) is can they take action? Can they respond before an infection spreads?  Because most can't.  They rely on a notification model of suspicious behavior, and then might notice after a system is infected but not necessarily before it is has connected to your network and spread malware across it.  And at that point you're playing catch up, and having to determine how much of your data has been breached, too little too late.

London Security offers SecuritySHADOW to combat this.  It is a full Managed Detection & Response (MDR) / Security Operations Center (SOC) offering that covers 24/7 and 365 days a year.  This security process provides the key step many MDR & Managed Service Provided SOCs do not - which is an actual response.  We will detain the potentially infected system before it interacts with the majority of your network, and show a breakdown of what happened so we can better secure devices in the future.

Without this capability, you are dealing with a breach.  With this technology you're handling a single system infection and remediation.  It is a huge difference.  And with the growth of threats such as IOT - it is becoming critical to know what is going on home user networks that could potentially penetrate your corporate devices.  Having an additional layer that can respond in the middle of the night will save you time, energy, and budget - versus playing remediation and a down corporate network.

Please reach out today, we really do believe in this solution and would love to talk to you about it.