Get the latest updates on the Coronavirus impact on engineers.Click Here
Cybersecurity

Secure remote access to survive and thrive

Secure remote access (SRA) is being used to help companies survive and thrive during the COVID-19 pandemic, but there are some new challenges that need to be considered. See 10 remote access best practices.

By John Almlof July 21, 2020
Courtesy: Chris Vavra, CFE Media

As the world sorts itself out during and post-pandemic, one thing is certain – remote working is here to stay. Fortunately, technology can provide the visibility needed to secure operational access, whether employees are working from the office or at home. While this level of flexibility hasn’t been so readily embraced in the past, secure remote access (SRA) is now being widely used to help companies survive and thrive.

Take, for example, a 70-year old plant engineer who was considered high risk due to a medical condition, and needed to self-isolate. The company he worked for had to provide secure remote access just for him, so he could get “inside” their facility to manage their critical assets.

The challenge was by enabling remote access to critical operations assets, the company significantly expanded its attack surface. In fact according to research from NordVPN, 62% of employees are now vulnerable to cyberattacks, thanks to the use of personal computers for remote work during the COVID-19 pandemic.

Another survey found COVID-19-related phishing emails are on the rise, with many embedding different malware strains as attachments. AgentTesla (45%), NetWire (30%), and LokiBot (8%) were the most actively exploited malware families, said researchers at Singapore-based Group-IB’s Computer Emergency Response Team’s (CERT-GIB). With some minor differences, the goal of all these malware samples is to harvest user credentials from browsers, mail clients and file transfer protocol (FTP) clients, as well as capture screenshots, and secretly track user behavior and send it to cybercriminals’ command and control centers.

Loss of control

“One of the things that’s changed is that a corporation no longer has control over the infrastructure its employees are using for work,” said Pam Johnson, vice president of customer experience at Dallas-TX-based solution provider, TDi Technologies. “For example, they’re using personal computers to access the business network. They’re using unsecured WiFi to access operational systems. That’s a fundamental issue that could result in malware making it through from personal computers, going over a home WiFi to the business network.”

“We’re used to knowing who’s touching our critical infrastructure, because outsiders have had to sign into a visitor log,” said Bill Johnson, chief executive and founder of TDi. “And when they’re onsite, all the cyber hygiene, cyber protocols, and visitor protocols are being met. They’re not bringing in USBs or laptops from the outside, they’re using equipment contained within the four walls of the business. But with so many remote workers, cyber challenges are added onto the personal and physical-distancing challenges that now exist.”

A big spike in the number of people working from home, and most likely continuing to do so, has brought about a change in the micro view of how employees operate and in the macro perspective of how industry could operate in the future. The pandemic has forced an industry that’s slow to change even the smallest of details into accepting supporting technology.

“We’ve been delivering remote access to different industries since ’91, and I’ve not found people so eager before. And, not only are they eager to look at secure remote access, they’re coming to us with a shopping list of requirements,” Bill Johnson said. “‘You must be IT-centric or OT-centric, or be able to create a unified view.’ That’s another thing we’re hearing a lot of, ‘I’ve got these other tools, and you have to integrate with those, or you have to be able to allow me to access these other critical tools that I use to manage my business.’ So, the pandemic has led to people becoming more educated about security requirements. In the past, it was a nice-to-have. Now it’s a must-have.”

Technology’s gaining role

Security was always thought of as a collection of people, processes and technology, but the latter is now playing a bigger role in allowing businesses to operate via remote access.

“I’ve found that people were often the inhibitor to technology, in that they simply didn’t want to allow technology to be accessible remotely,” Bill Johnson said. “Historically, SCADA technologies and OT technologies haven’t been connected to a network that could be remotely accessed. So, consequently, some organizations default to ‘security by obscurity.’ But the COVID-19 pandemic has forced companies to re-think both people and processes.”

While it might be preferable for employees to be physically present, secure remote access technology allows organizations to manage remote access to critical systems in a responsible, secure way, providing situational awareness and auditability to see who is touching the business infrastructure.

Easing a logjam

“Remote access might be the only way right now to keep a business alive and generating revenue, but if you do it incorrectly, you can put the business out of business,” Bill Johnson said. “That’s why the people in the process have always been a blockage. And it’s also why companies are being very specific about the technology capabilities they need to do it right.”

“From a business perspective, we always want to know who, and where are workers coming from,” Bill Johnson said. “What are they doing? How are they doing it? Are they authorized to be here? Show me the log and the audit, and tracking of their remote access.”

Eight secure remote access tips for companies, two for employees

To help ensure secure operating practices, Bill Johnson and Pam Johnson listed best practices that companies and employees could follow:

For companies, they should:

  1. Protect everything with firewalls, VPNs and two-factor authentication (basically zero trust)
  2. Monitor remote access connections to gain visibility into all remote systems interacting with your network
  3. Make sure standards and policies are in place, including rules for secure servers, and the settings on those servers
  4. Constantly check to make sure those settings haven’t changed
  5. Evaluate how those servers are configured, what software is on them and what version it is, and all automation behind the scenes
  6. Apply patches if it is possible to do so securely from a remote location
  7. Incorporate a regular password update process, through automation
  8. Keep a log of configuration or firmware changes, what was done and by whom.

Employees should:

  1. During remote access, double check the location you’re going to visit before going there
  2. Don’t click on links and files that you’re not familiar with.

This content originally appeared on ISSSource.comISSSource is a CFE Media content partner.


John Almlof
Author Bio: John Almlof is director strategic alliances and business development – Americas at Nozomi Networks.