Categories
Uncategorized

Coronavirus Cyber Security Challenges – The Remote Workforce

The Cyber Security Implications of the Coronavirus

As the fear of the Coronavirus – COVID-19 – spreads, governments and companies are looking for containment strategies that reduce human contact.  Exposed cities are on lockdown, forcing any work to be done remotely and there are more restrictions to come.  Some companies have already closed locations as a precaution, and as restrictions increase, others will be forced to send workers home to work remotely.  The criminals have already started the scams: phishing campaigns to take people to fake news updates to see if they can entice a click.  That is the easy starting place.  No doubt that the cyber criminals will find other ways to try to monetize the situation including new types of Ransomware attacks.

Need help?
Contact one of our representatives and we’ll help you find solutions.

Remote Security Posture vs. Capacity

Many have created remote security policies and procedures to address the potential risks which need to be taken into consideration.  Systems have been designed with capabilities to allow secure remote access and keep sensitive data safe, but they often don’t have the capacity for everyone or even most of the organization to work remote simultaneously.  

Will the workarounds and changes you make to accommodate the need for operations compromise your security?  They might.  It is situations like COVID-19 where the urgency of a solution often does not get full Cyber Security due diligence.  Or, there is not enough time and funds available to implement a prudent secure solution that considers the risks. 

What to Do

Evaluate Risk

The discipline of applying cybersecurity protections is centered around the risk to the organization, its people, its systems, and the information.  Now, you don’t have to stop what you are doing for a couple of weeks and perform a formal risk assessment, but could an extra day or week for a more secure solution reduce hundreds of thousands or millions of risk?  Here are some basics about remote access that you should consider:

  • Who will be accessing the resources?
  • What devices will be used to access resources?
  • What resources will be accessed?  Data, Networks, Applications, Physical systems, etc.
  • What will the individuals be doing with the resources?  Download, screenshot, email, copy, print, control other systems, etc.
  • Will remote access to the information comply with statutory and client requirements that we must abide by?
  • If all of the above are not created equal (and they are not), then which might need to be treated differently?
  • See other known risks below

Implement MultiFactor Authentication 

For everything that is remotely accessible.  There are many options depending upon what you are trying to protect.  It is not a silver bullet and can be circumvented in some cases, but it GREATLY reduces your risk.  You should also require an additional layer or stronger security for certain individuals like your IT administrators and others with access to sensitive information.

Ensure that your basic security protections also apply

You MUST have difficult passwords, require patching, screen saver time-outs, and all of the other basics that you require for your internal network.  

Monitor Remote Access

Is that really John?  Why is he still working at 2:30am?  Geez, he is copying a lot of files right now.  You need to be able to understand that the remote behavior is legitimate and if not, take action.

Train Your Staff About Working Remotely

Ensure they know what is allowed and not allowed and what the risks are.

Consider a Tiered Solution

If you can’t provide the same level of security for everyone, then ensure that those that need the most security are on your best solution.  Create workarounds for others.  Many may be able to operate without remote access to the environment at all.  Cloud services come in handy here.  You can also check with your vendors about emergency temporary licensing or solutions.  See below for some considerations of different types of remote access. 

Known Risks Associated with Remote Access

You CANNOT and MUST NOT trust a home network

The PC itself is an unknown device that has many risks.  I hate to be the voice of doom, but it may already be compromised by a bad actor and be part of a botnet network or otherwise

  1. Could have multiple users including kids playing games and others going to known risky sites
  2. May have risky applications installed
  3. It may not have current or working Antivirus and security software in place
  4. It may not be fully patched and have many vulnerabilities
  5. It may not require a password
  6. You get the picture…

    The Network is consumer-grade and does not have the ability to offer protections that you depend on at work.

  7. Firewall.  There may not even be one, just the device provided by the Internet provider
  8. Security Monitoring and Alerting.  Mature business environments have regular information available to surface anomalies and other risks that home networks do not have
  9. There are other devices that are not secure on the network.  Other computers, mobile phones, smart refrigerators, home automation systems, and who knows what other new security risks (baby monitors…) 

Data Sprawl

This is a big one.  When users know that they may be out of the office for a while, they will find ways to be productive in the easiest manner possible AND they are less concerned about the security or compliance requirements.  Be aware:

  • People will email themselves information.  Either to a home account or to themselves in their corporate account
  • Data will be copied to USB keys and might be transferred to other file-sharing technologies
  • Now that this data is being duplicated into other places, how can we keep up with it and secure it
  • If allowed, the above-copied data will end up on non-company computing devices.  

Increased Scams

We have already mentioned the increase in phishing scams.  Since January, there is documented activity of a number of questionable registered websites related to COVID-19 and reputable organizations like the WHO with the intent to take advantage of those that are looking for legitimate information about the pandemic.

Free WiFi

Hopefully, this is happening a little less in this situation, but you could have workers trapped overseas or on a cruise ship that is using insecure remote access.  Educate and provide alternatives.

Physical Theft

Now that we have more folks out of the office and working on company-owned or personal devices, these devices could be targeted by criminals.  If they get their hands on a home PC – without a password – that has company or customer information on it…

Security Postures of Possible Solutions

Today’s technology provides quite a few options for remote access; some of which are more secure than others.  Below is a discussion about the security considerations of some of the most common methods.  NOTE:  MFA (MULTIFACTOR AUTHENTICATION) is paramount for the security of any remote access solution.  MFA is not the silver bullet as you will see below, but we would not consider a remote access solution without it.

1 – Virtual Desktops

These offer the most protection, if on a company-owned computer and configured correctly.  

Also known as VDI (Virtual Desktop Infrastructure) and DaaS (Desktop-as-a-Service).  VDI is typically hosted internally or privately, while DaaS is typically provided by a hosting company.  This includes VDI and DaaS.  (More about Remote Access at the end of this post.)

Advantages:

  • All of the data and applications remain on the virtual machine located within the data center and its security controls.  
  • You can enforce the same level of security (or a chosen level) based on profiles or rules.  These include:
    • Copying (or not) data to the remote computer
    • Sharing folders with the remote computer
    • Printing
    • Access to certain applications
    • Location-based rules

Risks of VDI and DaaS:

  • If accessing from an insecure or compromised (home) computer, an attacker could see everything the user can see – even if you did use MFA to access…
  • If rules are not established to govern copying files, network sharing, and printing, then the remote computer and network are vulnerable.

2 – VPN (Virtual Private Network)

Good protection but can have hidden risks if not correctly configured.  A VPN is an encrypted tunnel into your private network that makes the connected Computer or network a remote part of the network it connects to.  

Advantages:

  • The secure tunnel allows connection to internal network resources including computers, applications, databases, and file shares.  
  • Some VPN software will enforce local security profiles on the connecting PC (including home PCs) to ensure that minimum requirements are met.  the same level of security (or a chosen level) based on profiles or rules.  

Risks of VPNs:

  • If accessing from an insecure or compromised (home) computer, an attacker could see everything the user can see – even if you did use MFA to access…
  • If not configured correctly, you can be attaching and insecure (home network and all of its insecure devices – your kid’s iPhones) to your corporate network.
  • Depending upon configuration, VPNs allow users to transfer files to remote devices and map network drives to file shares

3 – Remote Desktop Access Strength of security varies, but not as capable as VDI or DaaS.  When paired with a VPN, security is increased, but you still have risks.  Remote Desktop access is provided by software running on a computer inside your corporate network.  Examples include:  RDP, LogMeIn, GoToMyPC, VNC, Team Viewer, and there are others.

Advantages:

  • Access to the same computer and programs that you use while at work.
  • The company computer is subject to all of the company security policies and protections

Risks:

  • If allowed, the software can be installed and managed without IT’s knowledge, circumventing monitoring and other security controls creating an unmanaged gateway into the company.
  • Some solutions can be accessed from anywhere using a web browser and may not require MFA.
  • Solutions allow for data transfer and printing which can lead to risks of data breaches. 

More About Remote Access

Virtual Desktops – VDI & DaaS

After authentication (including MFA…) the user essentially receives a window that displays the computer and all of its applications on the remote computing device.  The computing infrastructure can be in a private data center or hosted.  There is a virtualization layer where computing and storage resources may be spread across multiple physical devices that sometimes are not in the same physical location.

Virtual Private Networks – VPNs

Instead of routing directly through a public network, VPNs put a layer between your information and public access. It can aid in masking your online activity from the public and provide you with a secure connection to another network online. They work by making your IP address and location anonymous; your data is sent through them before being released into an external server. Generally, outside forces can identify your IP address and track your activity online, but with the veil of VPNs, your online activity can only be traced back to your VPN service provider. 

Remote Desktops

Windows RDP

In Windows, this is a native software program that allows remote connection from another device running the appropriate connection software.  The user receives a screen just as they would sitting in front of the actual computer and is able to see the desktop and use their mouse and keyboard to interact.  One (insecure) way to use RDP is to open a port in the Firewall and allow direct connection from the internet.  This is how many machines have been compromised over the past couple of years.  RDP connections can also be brokered using a local server running Remote Desktop Services.  This is a safer, more secure configuration – don’t forget MFA. 

Local Remote Desktop Programs

Programs like Teamviewer or VNC can be installed locally on a PC or Mac that will allow direct connection over the network.  These function like Windows RDP above and can also be configured insecurely via a Firewall over the internet.

Hosted Remote Desktop

Other software is installed and managed by a cloud provider.  LogMeIn is an example.  The user installs the program on their computer and registers it with the service.  They can then remotely go to a web browser from any computer and authenticate (MFA?) to start a session with the company computer.

Contact Us

Contact us and one of our representatives would be happy to help you.

Categories
Uncategorized

Artificial Intelligence Advancements In Healthcare: The Needed Next Level of Cyber Security

How is Artificial Intelligence being used in healthcare?

Artificial Intelligence, or AI, is having a dramatic effect on the healthcare sector. At its core, artificial intelligence seeks to mimic the unique processing capacity of the human brain. Using algorithms, pattern matching, deep learning, cognitive computing, and heuristics, AI is able to quickly sort through masses of raw data. This is incredibly helpful in the medical field. In addition to the millions of Electronic Health Records (EHRs) at the center of our healthcare system, medical practitioners must also incorporate data from studies, data from testing, and past patient records when diagnosing and treating a case. AI can use predictive models to find irregularities or similarities in raw data that doesn’t have to be pre-sorted. This helps doctors improve diagnosis accuracy, patient care, and outcomes. AI’s ability to find meaningful relationships in data is being used as a powerful tool to aid in drug development as well as patient monitoring and treatment plans. Artificial Intelligence is becoming more common in many parts of the healthcare system, and it is estimated that $36.8 billion will be invested in AI systems across the US by 2025. AI is poised to be the main force that drives improvement across the healthcare industry.

Why is this a big deal?

Artificial Intelligence will be the engine of change by organizing masses of data and giving relevance to data points, which will ultimately improve reliability and objectivity in diagnoses. AI will provide context for patient data more quickly than ever before, allowing doctors to identify and treat diseases accurately, minimizing misdiagnosis and lowering the mortality rate. In addition, the costs for drug development will be lower, as we will more accurately be able to predict the drugs’ effects in certain patients. This all leads to an increase in doctors’ facetime with patients. They become freed from analyzing mountains of data and more able to focus on care and healing.

What concerns with cybersecurity arise when using AI?

When we open up patient records to artificial intelligence, we are opening up our systems to outside attacks. With sensitive information at risk, healthcare providers must be very careful that their rate of system upgrade does not outpace their security improvements. Installing new systems that sort sensitive patient data must be tested from all endpoints to ensure there are no flaws or vulnerabilities to attack. AI dramatically increases the complexity of assessing security threats. These new systems could be a point of entry for malware that will be difficult for systems designed to monitor human behavior to detect. 

What upgrades in cybersecurity are necessary to protect against these concerns?

Greater use of AI in healthcare systems means that we need greater use of AI in cybersecurity software to match it. Our main protection will be anomaly detection. This will mean installing these detection programs across all endpoints in the system. Anomaly detection works in the same way that the AI identifies meaningful relationships in patient data. It monitors the system and senses potential threats whenever there is unusual behavior. Anomaly detection can do more than discover malware within a system. It can also identify where the cyber attacks are coming from and what kind of attacks being perpetrated. Predictive analytics for malware detection can also stop problems before they start. These analytics can identify suspicious files and prevent them from opening, stopping problems before they start. Properly planned and configured, these new cyber security measures act like the immune system for a healthcare company. 

What are the challenges in implementing new AI/Cyber Security Procedures in healthcare systems?

Establishing new and heightened security procedures require behavior monitoring, to make sure users are complying with new systems. While some users may think that increased security measures are intrusive at first, compliance is paramount. When cybersecurity systems are implemented without factoring in the human element and allowing time for training, it can often lead to users falling back on unauthorized apps and outdated but familiar systems. These non-sanctioned entrances into the system leave it vulnerable to a breach. There are human users in your system in addition to AI, and it can take time and planning to make sure your innovations don’t outpace your cyber security procedures. A coordinated strategy that considers both human and artificial intelligence creates a healthcare system that is more accurate, faster, and cheaper for patient treatment.

Want to know more about how you can ensure your company is secure? Contact us!