Home Links to Institutions & Initiatives Editorial Board Feedback Contents BG

Prof. Daniela Borissova
CIO, IICT-BAS
Issue Editor

Zornitsa Dimitrova
PhD Student, IICT-BAS
Issue Editor

Contents
2020, No 3

https://doi.org/10.11610/cybsec03, Full text (pdf)


Aims and Scope

The current online newsletter is focused on the topic challenges related to the protection of employees’ home networks and how smart devices changing the threat pattern associated with data sharing. Due the COVID-19 crisis, many security and IT teams have to support and protect employees who must work remotely. The practical recommendations from security experts toward the mitigating risks to enterprise security from home networks and smart-home devices are presented. Eight practical recommendations for remote workers’ protection are given from the security experts. In this respect, a strong policy for all home employees should involve the usage of an antivirus tool on the machines that access the organization’s resources. Consideration should be given to implementing alternative cloud-based workstation monitoring tools. An overview of supported console tools and required licenses to access non-domain computers should be done. A quick decision is to set up tools such as Splashtop SOS or LogmeinRescue to allow IT support team to remotely access employees’ home machines to assist in setting up remote access.

In the current issue the CounterCraft company that is a pioneering provider of cyber deception and counterintelligence products to detect targeted attacks is presented. CounterCraft’s solution deploys deception-based campaigns and offers deep monitoring and complex response actions. The Cyber Deception Platform is used by government's law enforcement agencies.

Some useful information about the problems of secure remote work is given by providing free e-books and free cybersecurity toolkits that will help to protect and manage remote workers. Remote workforce security tips and best practices from 8 security pros can be found too. Finally, some additional news and security tips about remote working at home is given. A list of links to Bulgarian, UK and international cyber-related institutions are also presented.

Issue Editors: Prof. Daniela Borissova, DSc and Zornitsa Dimitrova, PhD Student


Focus on This Issue: Challenges related to the protection of employees' home networks and how smart devices changing the threat pattern associated with data sharing

Remote work is not a new challenge. Many companies were already embracing remote work to give employees a better balance between work and life, along this contributes to reduce the carbon footprint and drive corporate efficiencies. Due to the Covid-19 pandemic situation worldwide, remote work has become a necessity for modern organizations looking to create business continuity plans. This is related to many IT challenges in today's reality of remote workers.

From an IT perspective, there are a lot of unknowns involved with managing remote work:

From the comfort of their home office, employees may fail to take precautions such as using only corporate email. Instead, they might send work files over their personal email to get work done faster – a practice that puts corporate information at risk.

The VPN should be used for applications with remote access. VPNs provide a flexible connection to a variety of services (web pages, email, a SQL server, etc.) and can protect your traffic. Keep in mind that not all VPNs are worth the money; it’s a good idea to evaluate your must-haves before you choose a VPN technology. Keep in mind that VPN services provided for privacy purposes only protect the data to and from the VPN provider, not to the destination so are not suitable for protecting remote access. For some use cases, it is possible also to be set up the encrypted remote connections into a remote desktop or other individual server. Many of these types of connections (RDP, HTTPS, SSH) include encryption as part of their service direction and do not require an additional VPN or other encryption service to secure the data-in-transit.

Everyone needs a remote work security policy. Organizations should develop a remote work security policy to refresh and inform employees of what’s expected of them when working remotely. For example, it is good practice to provide access to corporate resources only to those employees who use business email accounts and to block all others. The same applies to the use of video conferencing systems in organizing seminars, lectures, tests, and more. The applicability of this rule has been proven in the practice of the conducted lectures and tests during the latest 2 semesters at the University of Library and Information Technologies. Unfortunately, some organizations with an insufficient level of competence allow the use of personal e-mail addresses for business correspondence. The users working from home need to be aware of the home network risks and should be trained by the organizations on how to mitigate them. In this regard, during the conference DIGILIENCE’2020 on the 1st of October, a round table was conducted with a focus on the role and responsibilities of the CIO. Along with CIO responsibilities the needed attention was given also to the role of CISO, where the main contributions are to ensure information and data security. In addition to the important role of CIO and CISO, a CIO/CDO online training course is planned on18 of January 2021. The lecturer will be Prof. Siraj Shaikh – Professor of Systems Security at the Institute of Future Transport and Cities (IFTC) at Coventry University (UK).


Eight Practical Recommendations for Remote Workers Protection
(from: csoonline.com)

Many employees at businesses worldwide have been forced to work from home because of COVID-19 related social distancing mandates. This trend heightens the need for organizations to pay more attention to the security of home networks and of the smart-home products and other devices connected to them, analysts say. Home routers, printers, security systems, DVRs, gaming consoles and other smart devices can significantly change the threat model for the corporate network. Many security and IT teams suddenly have to support and protect employees who must work remotely due to the COVID-19 crisis. Here are some areas that should be covered:

  1. Determine what endpoint protection you will require for home users. While you may have consoles and the ability to manage all the workstations at your physical office, you do not have the same level of control for home computers. Windows Defender included in Windows 10 is a more than acceptable antivirus tool for a remote machine. Any remote worker that has a Macintosh should not be exempt from using endpoint protection software. One in ten Mac users have been attacked by the Shlayer Trojan.
  2. Review what software remote employees need. For Office 365 subscribers, some of the licenses allow you to install the Office suite on up to five PCs or Macs, five tablets and five smartphones. Those with Volume licenses can allow Office for home use purchases for your employees. You may need to review your options and licensing alternatives based on what platform and version of Office you are currently licensed for.
  3. Ensure remote access does not introduce more risk. You may have to suddenly set up and license remote access servers, Windows 10 virtual desktops or other remote technologies. Don’t introduce more risk in terms of licensing and security risks based on the decisions you make. For remote access that includes remote access services, remember that ransomware attackers look and scan for open RDP servers, targeting anything responding on port 3389. Don’t move RDP to another port as TSgrinder scans for an RDP response on any port.
  4. Implement two-factor authentication (2FA). When adding more remote access solutions, consider adding 2FA to remote access solutions. You can easily add 2FA solutions such as DUO.com to existing on-premises remote access solutions. DUO.com can add 2FA to RDGateway and Remote Web Access solutions. While your organization may need to move quickly to allow your staff to work remotely, you can still ensure that only those admins and users are allowed in and not any attackers as well.
  5. Use a virtual private network (VPN). Recently there have been several high-profile vulnerabilities in VPN software. Often on client workstations that have not been updated in years, an older version of VPN software has been left behind. Ensure that your VPN solutions are up to date both on the server or firewall that is providing the VPN solutions, or on the desktops of the remote user.
  6. Assess the impact to firewalls, conditional access policies and other logging. Your organization might have a security information and event management (SIEM) logging solution that looks at traffic coming from local desktops and laptops to server resources. If your entire workforce traffic suddenly comes in from various IP addresses, your logging platform data will no longer be “normal”.
  7. Educate employees on COVID-19 scams. The National Cyber Awareness system warned of COVID-19 scams that are circulating. Urge your users to not click on unsolicited emails and to use only official websites. Ensure that the firm has a central online bulletin board that they go to for official communication and notification, especially if anyone in your organization becomes infected.
  8. Update acceptable use policies for employees. Finally, ensure your acceptable computer use policies cover employees' home computer assets. If this wording is not already there, you’ll need to quickly get up to speed in allowing employee’s personal assets to be used for remote access. You’ll need to work with the organization’s attorneys and tax advisors to see if the use of personal computers and personal phones of the employees mandate a need for reimbursement for use.

Useful e-books & Tools for Secure Remote Work

Remote Work Security:
Privacyand Cybersecurity Essentials
Cyber Security Incident Management Guide
The Remote Work eBook:
Your Guide to Creating Effective Remote Workplace Learning Programs
Remote Working Successfully – EBook.
Implement and Perfect your Remote Working Setup

Managing Remote Workers: Free Toolkit.
The following free cyber security toolkits will help to protect and manage remote workers:

Remote Workforce Security Tips & Best Practices – 18 security pros share their top tips and best practices for securing a remote workforce.


Some News and Security Tips about Home Working


Cyber Institutions & Initiatives in UK & Bulgaria

CounterCraft is a pioneering provider of cyber deception and counterintelligence products to detect targeted attacks.
Advanced adversaries and targeted attacks threaten large organisations on a daily basis. CounterCraft provides a distributed Deception Platform that creates automated digital breadcrumbs to bait adversaries into thinking they are penetrating companies’ networks. This innovative cybersecurity approach allows CounterCraft to get information on attackers’ and objectives while misdirecting them.

Counterintelligence campaigns are time-consuming to design and complex to deploy and maintain. Monitoring them can be an arduous, if not impossible task. It is difficult to evaluate the success of a campaign and deliver useful intelligence as an output.

CounterCraft’s solution deploys deception-based campaigns and offers deep monitoring and complex response actions. The Cyber Deception Platform is currently used by governments, law enforcement agencies, and Fortune 500 companies – proving craft and expertise in IT security. It runs automated counterintelligence to discover targeted attacks with a real-time active response and zero false positives.