Cybersecurity and Telework: Unequal Businesses Face Risks

Cybersecurity and Telework: Unequal Businesses Face Risks Cybersecurity

A large part of the French discovered telework during confinement. This period was even extended until the end of May, at the request of the authorities. And it could still last until September for some of the employees.

However, securing data and applications in a telework context can pose difficulties for organizations, which are not always sufficiently prepared. Thus, the consideration of security in the context of the crisis was characterized by “very strong heterogeneity”.

Modern, classic and refractory: everyone has a level of risk

According to Wavestone security expert Gérôme Billois, these differences from one society to another resulted ultimately from “the posture in terms of teleworking”. Three main categories can be defined with regard to telework. And each has a more or less important level of security.

So-called “modern cloud” companies with cloud-based applications such as G Suite or Office 365 for employees may have had fewer problems protecting their systems overall. Security is often taken into account directly in these SaaS tools. In addition, organizations have often deployed protection solutions to support these web uses.

Second category, the classics. “They’re more like old-fashioned teleworking with VPNs on company-supplied PCs. For the ESN cybersecurity partner, members of this group have to deal with two “types of concerns”: the size and availability of systems, not intended to accommodate as many simultaneous connections.

This situation could have resulted in “a deterioration in security levels, with for example the deactivation of strong authentication for lack of sufficient licenses, or even the application of patches”. But, in addition, applications were not accessible by VPN. They had to be made available quickly, however.

Firewall rules removed for business continuity

“We have seen entire sections of firewall rules jump to open application universes that were not initially authorized in teleworking,” says Gérôme Billois. However, it is for the third category of teleworkers that the challenges are the most significant: the “refractory”.

These companies have gone forced on telework. Totally unprepared, they were able to opt for an “uncontrolled opening”. Clearly: a “risky situation”, observes the expert. These weaknesses in terms of security naturally pose risks, including for the most advanced. The main one is data.

“We know that corporate data has been saved on USB sticks, accessed from quickly implemented platforms such as Zoom. Many Dropbox accounts have been set up to share documents. We have a real concern about the data explosion. “

Employees must therefore be made aware of this data issue for backup and recentralisation on the systems mastered by IT. They will then have to be removed from the alternative platforms operated during the imposed telework phase.

Systems are the second pole of risk. The level of protection is lower due, for example, to such a rigorous deployment of security patches. “We have to regain control in order to improve the situation. A catch-up on the systems is necessary “, underlines Gérôme Billois.

The necessary search for threats and attacks

Finally, there remains the risk of security surveillance. Conventional intrusion or data leak detection tools, for example, have not been able to work as effectively in a telework configuration, compared to operating on the internal network.

“We have seen cases where the VPN server has only one outgoing address. So you end up with thousands of users with the same IP address. Doing fine security analyzes is necessarily difficult, ”reports the consultant.

Short-term actions by security teams will therefore involve the search for threats and attacks during the previous period of containment. Major accounts launched projects in this sector at the beginning of May. The restart of standby processes will follow, such as penetration testing.

The challenges are also in the medium term. Because of the risk of new crises, companies must now think of massive telework and associated security. Gérôme Billois also insists on managing the continuity of cyber activities in such a context, but also managing a crisis in terms of cybersecurity.

An operational example: a ransomware attack on the PCs of employees at home. Confinement and distancing contribute to accentuating the difficulty of managing such a crisis. “No one is prepared for it. Large companies are in the upstream reflection phases to define the means to limit the impacts and organize themselves. “

Strong authentication, a priority site for “refractories”

But it is perhaps first of all for organizations refractory to telework that security sites are the most urgent. For Wavestone expert, the first priority is undoubtedly strong authentication. “If there was only one site, it would be this,” he insists.

It also recommends the adoption of cloud applications or, failing that, the establishment of a VPN, as well as the supply of IT equipment to employees. This prevents the risks linked to the cohabitation of personal (even family) and professional uses on the same terminal. However, there is a cost. How then to safely support BYOD?

The subject has been debated for years. For the security specialist, the limits of this model are obvious. “For PCs, fixed or portable, it is very difficult to truly measure the conformity of a machine before it connects,” he judges. On mobile devices, however, risk reduction is more achievable thanks, for example, to containers of the BlackBerry or Samsung Knox type.

Security awareness is also an important pillar, even more so for employees who are teleworking and who have been insufficiently sensitized before. Aware of this risk, companies have also launched awareness campaigns at the start of containment. Refractors to telework are likely to suffer from shortcomings in this sector.

Last warning in terms of threats: reconnection of corporate PCs when returning to the internal network. There is indeed the risk of introducing malicious code on this occasion. “There is a specific cleaning procedure to be implemented if the company does not already have network access control to block a terminal at risk,” concludes Gérôme Billois.


Rate article