News broke this month of a sophisticated new email phishing scam based on Google Docs. While Google claims to have stopped the attack in its tracks, it once more shows the dangers we are facing as we continue to open up our working practices to enable collaboration across remote sites and with disparate work forces.
The email scam involved an official-looking invitation to edit a Google Doc, with a subject line stating a contact had shared a document and invited users to click the “Open in Docs” button in the email. Once clicked this took the user to a legitimate Google sign-in screen that then provided a link, which had the potential to allow a bogus third-party app to access contacts and email as well as allowing the spam to spread to further contacts.
This is not the first time that shared cloud-based resources have hit the headlines for all the wrong reasons, many popular collaboration and IT management tools – such as Teamviewer and Slack to name just two – have had their time in the spotlight for compromises and breaches.
The truth is these systems unwittingly provide an easy backdoor for cybercriminals, and add yet another dimension to the expanding surface of attack that modern companies find themselves faced with, which is already escalating thanks to the growing number of mobile devices and the increasing presence of the Internet of Things (IoT). Attacks like the Google Doc malware show that companies cannot afford to let their guard down as new threats pop up all the time. To manage this situation effectively they need to remove as much of the threat as possible.
The way we work is changing – today’s connected world is customer-driven and business happens everywhere. Success in this new age of the customer economy largely depends on the ability to anticipate user needs and deliver measurable business outcomes. More and more organisations are realising that their applications must move with the business. From laptops and computers to tablets and smartphones, enterprises are becoming more flexible and customer experience is becoming seamless.
However, mobile workspaces must satisfy not just employees, but also IT teams as well. Employees expect to be productive and be able to collaborate with their colleagues; IT teams expect to deliver applications and tools seamlessly across any device while having enterprise-level control to ensure data security.
So how can companies continue being flexible while at the same time reducing security threats? Here are five tips to help IT departments secure their borders as effectively as possible:
Remove the parts you cannot control
If you cannot control a part of your process you cannot secure it, and must rely on the controlling agent to warrant its integrity. While you may not be able to remove every potential weak link in the chain, you can minimise your risk exposure by reducing your reliance on third-party cloud-based systems. On-premises alternatives remove the single external point of failure that can put your networks at risk of compromise.
Ensure you have secure privileged access
There are three key points that need to be made here:
- Don’t allow for weak privilege access, such as single password authentication that provide backdoors to gain system access. Instead, strong native authentication mechanisms should be enforced.
- Do not authorise system access account credentials to be registered and stored outside of your controllable realm. Allowing a third-party vendor to store credentials for your end points opens a prime attack vector.
- Don’t allow system access accounts to be easily shared or distributed as the sharing and distributing itself will require protection.
Don’t expose your data and system information
Any type of system information, as harmless as it may seem, represents intelligence data that can be used to exploit known vulnerabilities. As with privilege access accounts, do not let system information leave your premises. Allowing this information to be managed and stored by third-party vendors means you are relying on their security risk compliance policies to protect your data.
Stay connected to your users
By making greater use of background endpoint management tools, you can perform scans and pre-empt any issues – without involving or interrupting the user. Crucially this also enables you need to ensure that your users’ remote laptops are patched and up to date, which is one of the quickest ways to stop the vast majority of malware threats gaining access to your systems.
Audit, audit, audit!
If you’re going to give away the keys to your kingdom, then you better be sure to have a camera recording all the ins-and-outs. When it comes to your IT systems management, you must ensure that you audit every system access and operator action.
Even though auditing is an after-the-fact reactive measure, it can also be pre-emptive as it enables you to prevent an error from being repeated. Additionally, it can act as an additional layer of internal security; if users/admins know they are being audited, they are less inclined to do harm. Ensuring your IT systems management solution provides comprehensive centralised auditing of what happens in your network, will help you keep it under tight control.
The tightrope that IT departments need to walk is one of allowing users as much freedom as possible while at the same time keeping a tight rein on security. Do this and they can rest assured that even though the user is remote, no data is leaving the company premises and they have complete management capability.
Remote working and the need for collaboration is not going to go away, in fact it’s likely to increase in the coming years. Organisations need to prepare for this, which means they need to be looking at not just how to manage diverse locations and remote workforces, but how to do it safely and without exposing their organisation to undue risk.
Pascal Bergeot, CEO, Goverlan
Image Credit: ESB Professional / Shutterstock