remote work

Is it easier to attack a company via a remote connecting worker? Why?

Not quite. Currently, almost all companies of a certain size provide employees with work tools such as secure platform laptops, VPNs for remote connection to the intranet, remote access protection, remote access infrastructures, etc. All this means that a company that is already prepared to work remotely will not have any variation or loss of security in its remote access policies. At most, when many unintended workers work remotely, you may have some performance, connection speed, or bandwidth issues. The problem occurs when the company has not previously defined remote access policies, practices, and methodologies for teleworking and is currently facing a multitude of employees accessing its intranet from abroad. Haste and lack of preparation can and often create situations of insecurity and even chaos, leading to malfunctions, denials of service and even unforeseen security vulnerabilities, which will put you in a dangerous situation. Security policies and architectures must be prepared in advance and tested in advance, just as making decisions or legislating on impulse is never a good idea. Medium and small companies are much worse prepared for this change and put themselves in more vulnerable situations at the technical and organizational level, depending on insecure and heavy access programs, depending in many cases on personal computers in the teleworker’s home to connect to their remote jobs. This is indeed a security risk for them since the level of security will depend on the security configuration of the employees and not on the corporate security policies.

We usually associate teleworking with good access to the management platform and intranet, but what other aspects do we have to take care of?

Teleworking is associated with many technical and organizational aspects within the structure of a company. Creating good planning for this new capacity is necessary to implement good policies, compliance regulations, standards, management and operating regulations, privacy policies, human resources policies, support structures, etc. It is not something banal that can be organized in a couple of days and affects many organizational and technical aspects. It is very important to take all this into account when implementing efficient and safe remote work policies, which also continue to meet all regulatory and legal requirements. In addition there is the secure access infrastructure that allows sustaining all of the above in an efficient, redundant and reliable way. If all this has been taken into account, the truth is that teleworking today is a great solution to improve our quality of life and work, reconcile work and family and not agglomerate the population around large cities, in addition to lowering production costs for companies.

What would be the best solution? What must be provided to the worker?

The best solution is planning and organization as I already mentioned. If the worker is provided with the necessary access and control tools, safety and efficiency problems are avoided in most cases. A well-configured laptop, platform by the company and equipped with the necessary programs and utilities to do the job well, will only depend on a good VPN-type remote access and a good access speed both for the employee’s internet access and for the width of the company’s access band. This allows using the same platforms, tools, programs, devices as if we were inside the facilities. On the other hand, it allows us to hold conferences, person-to-person or group videoconferences with different employees and departments. In general, in corporations the work changes little when it is executed remotely than locally. In small and medium-sized companies it is usually different and it is not prepared for this type of structural changes, although they can be adapted normally if they do not depend on production environments, such as manufacturing, machines, warehouses, products, etc.

From the worker’s point of view, what measures do you have to take? Especially if you work with your own teams

The worker is not responsible in any case for providing the security or the necessary infrastructure for remote access, especially when this situation has not been contracted with the company. The latter must not provide the access platform, or even their own personal equipment for the development of their work, unless they were freelance or self-employed. A similar situation occurs when employees use their laptops within the intranet or even their own smartphones in many cases. Safety planning should always start with the company and never with the employee.

Category: opinions
Yago Hansen avatar

Author: Yago Hansen

Yago Hansen is a recognized authority in IT & cybersecurity topics. He successfully managed projects related to the design of Security technologies and devices for the private corporate (baking, insurance, auditors) and public sectors (government security, defense). Ethical hacker specialized in delivery of infrastructure and network management. During the last years he has focused on wireless and RF technologies, having successfully managed projects in design, architecture, implementation, pentesting and auditing of Wi-Fi wireless networks. He successfully managed hotspot based infrastructure, multi-point and point-to-point-technologies, mesh and other 802.11 based technologies. He successfully managed a lot of projects related to the design of IT security embedded systems (Linux based) IoT. He is an expert trainer for the government security forces, intelligence and defense and he also authored multiple publications and is a frequent speaker in international security conferences and forums. Actually he teaches about offensive hacking and Red Team procedures for the private and public sectors.