COVID-19 boosts remote work, security concerns
With the instances of COVID-19 (coronavirus) cases increasing by the day, organisations in affected countries across the globe are instructing their employees to work remotely. However, offering this option without proper oversight or preparation, especially the presence of unsecured IoT devices in houses, is raising security concerns.
The National Cyber Security Centre (NCSC), UK, has issued a security advisory, urging those who use smart cameras and baby monitors in the home to take the steps necessary to protect their devices from cyber-criminals.
Financial data platform Sentieo detected 77 public company transcripts that mention “work from home” or “working from home” last month, up from just four mentions of the phrase in February 2019. Most of these documents also have the word coronavirus.
“With more people likely to work from home in the wake of the COVID-19 outbreak, now is the time for companies to review their security procedures related to remote access in office systems, to secure all endpoints and ensure that their connection to the corporate network is secure,” said David Emm, principal security researcher at Kaspersky.
“It has been well known for some time that a lot of smart devices are not secure. Back in 2018, the NCSC issued some guidance points for developers of IoT devices to follow, and it has been keen to promote these. The government has been discussing introducing legislation for smart devices to force vendors to consider security when designing smart devices,” Emm told SC Media UK.
Office and business environments also fall under the threat of IoT-hacking.
The use of IoT business platforms is growing year-on-year in almost all industries, with 61 percent of companies globally implemented IoT applications in 2019, said a report from Kaspersky.
Even though the technology offers savings, new income streams and increased production efficiency, 28 percent of organisations experience cyber-security incidents targeting connected devices, said the report.
The threat is booming by the day. There will be approximately 25 billion IoT connections by 2025, according to Gartner. A report by Gartner in 2017 said that by 2020, more than 25 percent of identified attacks in enterprises will involve the IoT.
The prospects of remote working in the wake of the pandemic has worsened the security situation, said Emm.
“If someone is working remotely, they are working on a network not directly controlled by their business. This is why it’s essential for companies to set up processes to enable staff to connect remotely to corporate systems securely,” he told SC Media UK.
“Businesses can help to protect their employees by ensuring anyone who connects to their network uses a VPN. They can also make sure the office and all endpoints are secure, patched, and up-to-date with cyber-security programs, and that the systems will only run authorised applications.”
Talking to SC Media UK, Kevin Brown, MD of BT Security noted how companies may find they do not have enough VPNs or tokens for all staff seeking to work securely from home and so they would need to prioritise what is critical - which services and which people are essential to keep things running.
Assessing the present situation for SC Media UK, SailPoint EMEA director Ben Bulpett wrote that working from home is not anywhere near as cyber-secure as being in an office. Preparation is required to ensure company systems are able to support a critical mass of staff suddenly working remotely, he wrote.
“Vendors who manufacture these IoT devices still have a long way to go to make their products fully secure and protect users from incidents like this,” observed Will LaSala, senior director of global solutions at OneSpan.
“Quick fixes in the way of SMS authentication are often added, but this simple protocol has been hacked previously in the banking industry and any other industry where it’s been deployed,” he added.
“The obvious first step is to use a decentralised password manager to create a unique password for each website or service you use. To ensure wider data privacy, you can build on this strong foundation by using a plethora of other tools that mask your IP address, warn you if you are being tracked on a website and encrypt your communications so they can’t be snooped on or hacked as you move towards digital independence,” commented Emmanuel Schalit, CEO Dashlane.
“Moreover, it is essential that governments require companies providing these IoT devices to implement a better security protocol than generic default passwords that most users are not required to change,” he added.
For those running critical infrastructure in the event of escalation, there may even be circumstances where certain teams need to be kept in isolation - demonstrating how physical and cyber-security can collide.
Industry: Cyber Security
- Lead CyberArk deployment Consultant
- Upto £80,000 plus benefits
CyberArk Consultant is needed to be responsible for leading the deployment of CyberArk solutions for this expanding IT services business, You will work with customer both pre and post sales, getting involved in CyberArk Solution Design, helping to create CyberArk Strategic Roadmaps, on-boarding accounts, product and process integration into the CyberArk Solution and Proviso of Installation and technical Documentation. We are looking for this individual to have experience in: Installation of CyberArk PAS for V11.X and V12.X (Vault, DR Vault, Central Policy Manager and Password Vault Web Access) Upgrade of CyberArk from V9 and V10 (Vault, DR Vault, Central Policy Manager and Password Vault Web Access) Installation and Upgrade of Privilege Session Manager and Privilege Session Manager Proxy As some of your client will be government site, all individual will need to be put through SC clearance, therefore you must be eligible to receive this and happy to be put through(With a British Citizen or to have lived in the UK for the past 5 years) We are unable to provide work visa sponsorship for this opportunity
- Senior Business Analyst - Outside IR35 Contract, SC Clearance Required, London
- £400 per day outside IR35
Senior Business Analyst - Outside IR35 Contract, SC Clearance Required, Based in London Project- to engage with colleagues and stakeholders to investigate and model business functions, processes, information flows and data structures, using a range of business analysis techniques. • You will translate the solution to the business problem into detailed requirements by creating user stories and well-defined acceptance criteria. • Elicit end-to-end business requirements for a live cross-government service • Working across the Government departments to bring together varied business and operational outcomes to form a holistic overall set of service requirements Current SC clearance is required. As is the ability to travel to London.
- DV cleared CCP Senior IA Architect Contract. 12 month Outside IR35
- 600 per day Outside IR35
DV cleared CCP Senior IA Architect Contract. 12 month Outside IR35. £600 MOD experience (Secure by Design, Accreditation, management) / CADMID project life cycle. Working within and across programmes across Land, Air and Fleet. Meng / Ceng. Ability to travel where as and where needed across the M3 / M4 corridor
- Illumio Engineer - CONTRACT. EUROPE
Engineer with hands on Illumio needed for 6 month contract. Ideally based in Sweden, but would consider the right individual to deliver a hybrid role (Occasional travel to Sweden will be required). Connecting services in Illumio, rollout of the agents (VEN). Experience with Illumio Core, endpoint, cloudsecure Looking to start ASAP