COVID-19 boosts remote work, security concerns
With the instances of COVID-19 (coronavirus) cases increasing by the day, organisations in affected countries across the globe are instructing their employees to work remotely. However, offering this option without proper oversight or preparation, especially the presence of unsecured IoT devices in houses, is raising security concerns.
The National Cyber Security Centre (NCSC), UK, has issued a security advisory, urging those who use smart cameras and baby monitors in the home to take the steps necessary to protect their devices from cyber-criminals.
Financial data platform Sentieo detected 77 public company transcripts that mention “work from home” or “working from home” last month, up from just four mentions of the phrase in February 2019. Most of these documents also have the word coronavirus.
“With more people likely to work from home in the wake of the COVID-19 outbreak, now is the time for companies to review their security procedures related to remote access in office systems, to secure all endpoints and ensure that their connection to the corporate network is secure,” said David Emm, principal security researcher at Kaspersky.
“It has been well known for some time that a lot of smart devices are not secure. Back in 2018, the NCSC issued some guidance points for developers of IoT devices to follow, and it has been keen to promote these. The government has been discussing introducing legislation for smart devices to force vendors to consider security when designing smart devices,” Emm told SC Media UK.
Office and business environments also fall under the threat of IoT-hacking.
The use of IoT business platforms is growing year-on-year in almost all industries, with 61 percent of companies globally implemented IoT applications in 2019, said a report from Kaspersky.
Even though the technology offers savings, new income streams and increased production efficiency, 28 percent of organisations experience cyber-security incidents targeting connected devices, said the report.
The threat is booming by the day. There will be approximately 25 billion IoT connections by 2025, according to Gartner. A report by Gartner in 2017 said that by 2020, more than 25 percent of identified attacks in enterprises will involve the IoT.
The prospects of remote working in the wake of the pandemic has worsened the security situation, said Emm.
“If someone is working remotely, they are working on a network not directly controlled by their business. This is why it’s essential for companies to set up processes to enable staff to connect remotely to corporate systems securely,” he told SC Media UK.
“Businesses can help to protect their employees by ensuring anyone who connects to their network uses a VPN. They can also make sure the office and all endpoints are secure, patched, and up-to-date with cyber-security programs, and that the systems will only run authorised applications.”
Talking to SC Media UK, Kevin Brown, MD of BT Security noted how companies may find they do not have enough VPNs or tokens for all staff seeking to work securely from home and so they would need to prioritise what is critical - which services and which people are essential to keep things running.
Assessing the present situation for SC Media UK, SailPoint EMEA director Ben Bulpett wrote that working from home is not anywhere near as cyber-secure as being in an office. Preparation is required to ensure company systems are able to support a critical mass of staff suddenly working remotely, he wrote.
“Vendors who manufacture these IoT devices still have a long way to go to make their products fully secure and protect users from incidents like this,” observed Will LaSala, senior director of global solutions at OneSpan.
“Quick fixes in the way of SMS authentication are often added, but this simple protocol has been hacked previously in the banking industry and any other industry where it’s been deployed,” he added.
“The obvious first step is to use a decentralised password manager to create a unique password for each website or service you use. To ensure wider data privacy, you can build on this strong foundation by using a plethora of other tools that mask your IP address, warn you if you are being tracked on a website and encrypt your communications so they can’t be snooped on or hacked as you move towards digital independence,” commented Emmanuel Schalit, CEO Dashlane.
“Moreover, it is essential that governments require companies providing these IoT devices to implement a better security protocol than generic default passwords that most users are not required to change,” he added.
For those running critical infrastructure in the event of escalation, there may even be circumstances where certain teams need to be kept in isolation - demonstrating how physical and cyber-security can collide.
source scmagazineuk
Industry: Cyber Security
Latest Jobs
-
- PCI QSA needed. Discreet Opportunity | London | Client facing
- London
- N/A
-
CH08421 PCI QSA needed. Discreet Opportunity | London | Client facing. Payment Card Industry - Qualified Security Assessor - London Seeking someone looking to accelerate their career, into a variety of interesting clients / projects. Must be happy to be onsite with clients- this is not a fully remote role. You must currently hold a valid CISSP or CISM or ISO27001 lead implementer certification AND one of the following; CISA, GSNA, iso27001 lead Auditor, CIA or IRCA ISMS auditor+ Visa sponsorship not available. Apply today for more information chris.holt@dclsearch.com Use this whatapp link to reach out https://wa.me/message/6USF5RAQBOZIP1
-
- Network / Security Infrastructure Engineer | West London | Permanent
- London
- N/A
-
Network / Security Infrastructure Engineer | West London | Current Config, Install, upgrade experience On prem / Datacetner experience essential. Hands on experience MUST include: Routing, Switching, Network Security (firewall, IDS etc), Microsoft exchange / Exchange 365. Scripting / automation experience wanted. Python, Powershell etc Regular travel to West London is required. Visa sponsorship not available. Apply today for more information chris.holt@dclsearch.com Use this whatapp link to reach out https://wa.me/message/6USF5RAQBOZIP1
-
- Security Operations / information Security Analyst / Engineer. London
- London
- N/A
-
Security Operations / information Security Analyst / Engineer needed for a London opportunity. A technical hands on role to investigate, escalate and proactively work to protect a globally recognised brand. Someone with SOC Analyst / security engineering background would be well suited. This position will join a small team and would suit someone that has broad experience across the security threat landscape. Experience / knowledge across industry GRC standards such NIST, ISO27001 etc very advantageous and a priority. You will work across multiple teams proactively working to secure the business. Must be able to commute to Central London 3 days a week. Visa sponsorship not available Apply today to find out more.
-
- Security Cleared Penetration Tester: United Kindom
- N/A
- N/A
-
Security Cleared Penetration Tester Deliver technical Penetration tests to the NCSC CHECK standard. Active CHECK Member or Leader status desirable either in Web Application or Infrastructure. Reach out to find out more. Whatsapp directly here https://wa.me/message/6USF5RAQBOZIP1 Or apply today