Coronavirus Lockdown vs Remote Connection Restrictions

Questions:

With the impending lockdown due to the coronavirus (COVID-19), many on-site tech supports will be forced to go online.

Nonetheless, due to proliferation of cybersecurity intrusions and breaches and incidents where hackers leveraged on the Remote Desktop Protocol (RDP) as primary intrusion channel - before the virus, many big companies were stopping remote connection and required vendors to check-in on site.

I foresee that this development will put pressure on cybersecurity.

Comments by Tony Jarvis, Chief Technology Officer, Asia Pacific, Check Point Software Technologies

The COVID-19 outbreak is forcing a large portion of the workforce to work from home in an effort to restrict the spread of the virus. Many of these workers are not accustomed to working away from the office and this is putting pressure on IT departments to cope with the surge in remote workers.

In some cases, this may necessitate opening up access to corporate resources that previously required users to be physically present on-site. While it may seem that this would introduce additional risk, in reality the only heightened risk comes from following unsafe practices.

 Take for example the Remote Desktop Protocol (RDP) used to access workstations over a network or Internet connection. There were a number of cases reported last year whereby attackers gained access to systems via this protocol and began infecting victims with ransomware.

The issue here wasn’t with the access method being used, but rather that many organisations had opened up remote access over the Internet with no restrictions in place. Given the right password, which may have been easy to guess, anybody could get in.

The best practice here would have been to not make such access publicly visible, but to require the use of a VPN. A VPN extends corporate access to trusted users and maintains privacy, as opposed to the public nature of the Internet.

Unfortunately, we may see a number of breaches occur as a result of poorly thought out security policies stemming from the current situation. However, if organisations limit access to trusted users and devices, while enforcing basic security best practices such as complex passwords and two-factor authentication, then a remote working policy can be implemented safely and effectively.

unsplash-logoMacau Photo Agency

Editor's Comments:
  • After the Wannacry outbreak, many organisations reacted by banning unregulated remote connections such as those provided by Teamviewer software.
  • Nonetheless, many organisations also lacked the muscle to setup VPN effectively and to allocate resources to continued monitoring.

Comments