In a mad dash to enable a distributed workforce amid the COVID-19 pandemic, local IT teams in Singapore had to act fast to keep operations and businesses running. However, some of their well-intentioned behavior resulted in misconfiguration and security trade-offs. As the dust settles and the world adjusts to large-scale remote work, IT teams need to ensure that these vulnerabilities are addressed quickly and do not persist in their environments for longer than necessary.
Here are some of the most common trade-offs that IT teams have been forced to make and share some recommendations on how to rebuild a strong security posture.
1. Deploying Hardware
While some companies had experimented with remote work and were more-or-less prepared, many others were in no position to suddenly shift to remote working arrangements.
A significant number of organizations still issue desktop computers instead of laptops. This is because desktop computers are more cost effective, have stronger computing power and are inherently less mobile, thereby keeping sensitive information tethered to a secure environment. For these organizations, the move to remote work presented an immediate and monumental challenge to get employees up and running securely.
Some companies approached the issue by purchasing laptops. Others asked employees to use their personal devices. Some workers literally transported their desktops home with them. No matter which route an organization took, each came with security implications.
Purchasing new hardware is the easiest and most secure option. However, with computer manufacturing and supply chain experiencing significant delays, because of the growing demand, those lucky enough to get their hands-on new hardware, it is important to remember to equip those devices with the corporate image by installing the right applications and firewalls. If you are using refurbished hardware, it is critical to first conduct an audit to ensure that the device is secure and safe.
Similarly, many businesses have allowed employees to use their personal devices, such as smartphones, during this transition. While this may have been helpful in keeping the operations running, personal devices come with a slew of security challenges, including already being infected with malware and not having the latest updates installed. When these devices connect to corporate networks, it opens up the entire organization to unseen risks.
2. Securing IT Networks with the use of VPN
Whether employees connect via corporate computers or their personal devices, many are being asked to use VPNs to gain access to critical systems and assets. Earlier this year, the Singapore Computer Emergency Response Team (SingCERT), under the Cyber Security Agency of Singapore (CSA) issued an advisory highlighting the use of VPN when accessing and sending important and sensitive information.
While many organizations already have VPNs configured, few had enough licenses for everyone who needed VPN access. In the rush to enable a distributed workforce, misconfiguration is a legitimate cause for concern. IT teams need to go back and audit those connections quickly to ensure that they did so securely.
With more people accessing the network through VPNs, it is common for it to become overburdened with a sudden increase in traffic, causing latency and aborts. In most cases, IT teams will want employees to access the VPN via split-tunnel VPN, not full tunnel, so as not to overburden the network. This allows the user to have some applications running through the VPN while leaving other traffic outside of the tunnel.
High-volume applications like meeting and conference applications need not be routed through the VPN. Taking up much of the bandwidth, these applications have the potential to affect performance if left unmonitored. Increased traffic has the potential to tip over the VPN and could cause denial-of-service (DoS) attacks. Full tunnel VPN access also increases the organization’s risk of routing nefarious traffic through the data center.
3. Bringing Devices Back to the Office
IT teams should think about wiping machines and re-imaging hardware and devices when employees return to the office.
One way to go about enabling better workflow during work from home is to utilize Remote Desktop Protocol (RDP) to access their machines in the office. RDP is a Microsoft protocol designed to facilitate application data transfer security and encryption between client users, devices and a virtual network server. It allows a system user to connect to a remote system with a graphical user interface.
While it is acceptable to use RDP internally, misconfiguration and exposing RDP to the internet is potentially a catastrophic mistake. As a general rule of thumb, organizations should not use RDP long-term.
Above all else, it is imperative to access RDP through a secure VPN to ensure that your critical assets and systems do not get exposed through an open portal to the internet.
What IT teams should do
Amidst the flurry of activities, security teams should not let their guard down. All suspicious alerts in the system must be treated as critical. Environments should be regularly scanned to expose open portals and IT teams should also pay attention to who is doing that scanning. Increase in scans should be a red flag since malware needs to scan for open portals before starting an attack.
Increased dwell time leaves bad actors with even more time to burrow into the organization’s infrastructure. The average dwell time for attacks remains around three months. This means that the security implications of enabling large-scale work-from-home environments will not be known for some time with potential issues have the potential to persist for a long time without detection. Thus, IT teams need to increase visibility across the organization’s distributed network.
Understandably, IT teams need to hurry and make trade-offs to enable a productive distributed workforce and ensure business continuity. However, now, it is time to retrace our steps and tidy up the mess.
Josh Snow, senior engineer at ExtraHop, which provides cloud-native network detection and response for the hybrid enterprise, authored this article.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends. Photo credit: iStockphoto/Deagreez