Berkshire-based IT business, 1-Fix today warns local businesses of security risks following the increase of remote working due to Covid-19. The need to move swiftly during the first lockdown in March meant business cyber security may not have been front of mind during this workspace relocation process.
For example, WHO has seen a fivefold increase in the number of cyber attacks directed at its staff since the start of the Covid-19 pandemic compared to the same period last year.
Craig Atkins, Managing Director of 1-Fix highlights some key areas for local businesses to assess to ensure their IT is secure whilst remaining home-working friendly:
Remote Desktop Protocol (RDP) open to the internet
The common mistake we have seen recently is the Remote Desktop Protocol (RDP) port being open to everyone on the internet. Remote Desktop is a useful way to access your servers, applications, or computers remotely. However, it should be protected either via a VPN connection or by using the Remote Desktop Gateway functionality provided by Windows Server.
A plain “port forward” to your server puts your firm at high risk of attack, as hackers target these RDP servers and run continuous brute force attacks against your usernames and passwords to gain access.
Not all VPNs are secure
Virtual Private Networks – VPN for short – are an easy way to connect your staff into the office network. They are also a security nightmare if not configured properly.
First, ensure you are using a secure VPN protocol or program. PPTP – the “go-to” Windows VPN option for many years has been long compromised by hackers and is considered insecure.
Consider using SSTP, or an SSL VPN provided by your firewall instead.
Second, make sure you have firewall rules in place to restrict the VPN traffic down to what is required for your remote workers to do their jobs and nothing more. Opening your firms’ network to your end user’s machines means you are opening your network to a higher risk of malware. This is less of a concern when employees are using corporate devices which adhere to IT policy, but a major issue when they are using their own personal machines.
Secure your Cloud Apps
Any cloud application containing accountancy, financial or client data should have 2FA or MFA enabled. This is two factor or multi factor authentication, and means you are prompted for another proof of entitlement to access the system other than just your password when logging in.
Any cloud application without 2FA/MFA support should be locked down to only allow access from your office IP addresses, and if this is not possible then you should seriously consider changing provider.
When accessing your client’s accountancy applications on the cloud, do not share their login details. Ask them to set you up with your own login to the system, and once again enable 2FA/MFA as your access level to their data will be at a high privilege level.
Update your firewall firmware
Your firewall is the security door restricting access to your data vault, but it is not infallible. There are often updates to the firmware, which is the programming logic that runs the device, released by the vendor to fix security problems with their products.
Many IT teams have found it hard to patch firewalls with so many people working remotely, as not only does it disrupt the ability to work during the update, but a failed update can be a serious problem. However, leaving security vulnerabilities unpatched is a bigger issue, so make sure you are up to date.
Secure the endpoints
When everyone is working from company owned devices, security is straightforward. However, if you have allowed your staff to have access to your systems from their own personal devices then you should consider how to ensure they meet your IT security requirements.
Often the best way to do this is to roll out the same provisions you would for a corporate owned device, but this may not sit well with your staff member who owns the computer. At minimum, look to roll out your security solution to their device to ensure the system is virus free and not a risk when it is connected to your network.
If this is not agreeable, you should consider providing company owned and managed devices to your staff to allow enforcement of security policies.
Unsafe user privileges
Many cries of “It’s not working” or “I can’t access those files” have been placated by uplifting file permissions or security rights for staff. Often these uplifts are only supposed to be temporary, while IT work out how to fix the issue.
Unfortunately these temporary permission “fixes” often end up being forgotten and can leave large gaps in security, either by inadvertently allowing staff to access files and data they should not, or giving ransomware the ability to encrypt many more files on your systems than it would or should have been able to – if it had even been able to run at all.
Now is a great time to run an audit on file permissions, folder permissions and administrative rights and roles. Work to a system of least privilege – where people have just enough rights to do what they need to do, and ensure that none of your users have local administration rights on their computers as this is the common mistake that allows ransomware to run havoc in corporate networks.