Goverlan’s Pascal Bergeot considers what the recent Google Document hit means for remote workers and advises what companies need to do to reduce the risk of such attacks.
News this month of the Google Docs phishing scam is not the first time that shared cloud-based resources have hit the headlines for all the wrong reasons. Much popular collaboration and IT management tools – such as Teamviewer and Slack to name just two – have had their time in the spotlight for compromises and breaches.

The truth is these systems unwittingly provide an easy backdoor for cybercriminals, and add yet another dimension to the expanding surface of attack that modern company find themselves faced with, which is already escalating thanks to the growing number of mobile devices and the increasing presence of the Internet of Things (IoT).

The way we work is changing – today’s connected world is customer-driven and business happens everywhere. More and more organizations are realizing that their applications must move with the business. From laptops and computers to tablets and smartphones, enterprises are becoming more flexible and customer experience is becoming seamless.
However, mobile workspaces must satisfy not just employees, but also IT teams as well. Employees expect to be productive and be able to collaborate with their colleagues; IT teams expect to deliver applications and tools seamlessly across any device while having enterprise-level control to ensure data security.

So how can companies continue being flexible while at the same time reducing security threats? The answer is to remove as much of the attack surface as possible. Here are five tips to help IT departments secure their borders as effectively as possible:

1/ Remove the parts you cannot control

If you cannot control a part of your process you cannot secure it and must rely on the controlling agent to warrant its integrity. While you may not be able to remove every potential weak link in the chain, you can minimize your risk exposure by reducing your reliance on third-party cloud-based systems. On-premises alternatives remove the single external point of failure that can put your networks at risk of compromise.

2/ Ensure you have secure privileged access

There are three key points that need to be made here:

  • Don’t allow for weak privileged access, such as single password authentication that provides backdoors to gain system access. Instead, strong native authentication mechanisms should be enforced.
  • Do not authorize system access account credentials to be registered and stored outside of your controllable realm. Allowing a third-party vendor to store credentials for your endpoints opens a prime attack vector.
  • Don’t allow system access accounts to be easily shared or distributed as the sharing and distributing itself will require protection.

3/ Don’t expose your data and system information

Any type of system information, as harmless as it may seem, represents intelligence data that can be used to exploit known vulnerabilities. As with privilege access accounts, do not let system information leave your premises. Allowing this information to be managed and stored by third-party vendors means you are relying on their security risk compliance policies to protect your data.

4/ Stay connected to your users

By making greater use of background endpoint management tools, you can perform scans and pre-empt any issues – without involving or interrupting the user. Crucially this also enables you to need to ensure that your users’ remote laptops are patched and up to date, which is one of the quickest ways to stop the vast majority of malware threats gaining access to your systems.

5/ Audit, Audit, Audit!

When it comes to your IT systems management, you must ensure that you audit every system access and operator action. Even though auditing is an after-the-fact reactive measure, it can also be pre-emptive as it enables you to prevent an error from being repeated. Additionally, it can act as an additional layer of internal security; if users/admins know they are being audited, they are less inclined to do harm.

Conclusion
Remote working and the need for collaboration are not going to go away, in fact, it’s likely to increase in the coming years. The tightrope that IT departments need to walk is one of allowing users as much freedom as possible while at the same time keeping a tight rein on security. Do this and they can rest assured that even though the user is remote, no data is leaving the company premises and they have complete management capability.

Source: https://www.cyberdefensemagazine.com/