TechCentralTechCentral
    Facebook Twitter YouTube LinkedIn
    Facebook Twitter LinkedIn YouTube
    TechCentralTechCentral
    NEWSLETTER
    • News

      Standard Bank IT spending tops R10-billion in six months

      19 August 2022

      Hungry Prosus to splurge up to R30.7-billion on iFood stake

      19 August 2022

      Koeberg unit shut down due to mechanical fault

      19 August 2022

      Blue Label expects robust full-year earnings growth

      19 August 2022

      Sarb tells banks they should work with crypto exchanges

      18 August 2022
    • World

      15 September pegged as target date for ethereum’s big ‘Merge’

      19 August 2022

      Qualcomm gets serious about servers

      19 August 2022

      China blasts US over ‘discriminatory’ Chips Act

      18 August 2022

      Tencent reports first-ever sales decline

      17 August 2022

      Chip makers are flashing a big warning for the global economy

      17 August 2022
    • In-depth

      Are you a chronic procrastinator? Read this!

      18 August 2022

      Semiconductor boom turns to bust

      16 August 2022

      African unicorn Flutterwave battles fires on multiple fronts

      11 August 2022

      The length of Earth’s days has been increasing – and no one knows why

      7 August 2022

      As Facebook fades, the Mad Men of advertising stage a comeback

      2 August 2022
    • Podcasts

      Qush on infosec: why prevention is always better than cure

      11 August 2022

      e4’s Adri Führi on encouraging more women into tech careers

      10 August 2022

      How South Africa can woo more women into tech

      4 August 2022

      Book and check-in via WhatsApp? FlySafair is on it

      28 July 2022

      Interview: Why Dell’s next-gen PowerEdge servers change the game

      28 July 2022
    • Opinion

      How AI could transform financial services in emerging markets

      19 August 2022

      No reason South Africa should have a shortage of electricity: Ramaphosa

      11 July 2022

      Ntshavheni’s bias against the private sector

      8 July 2022

      South Africa can no longer rely on Eskom alone

      4 July 2022

      Has South Africa’s advertising industry lost its way?

      21 June 2022
    • Company Hubs
      • 1-grid
      • Africa Data Centres
      • Altron Document Solutions
      • Amplitude
      • Atvance Intellect
      • Axiz
      • BOATech
      • CallMiner
      • Digital Generation
      • E4
      • ESET
      • Euphoria Telecom
      • IBM
      • Kyocera Document Solutions
      • Microsoft
      • Nutanix
      • One Trust
      • Pinnacle
      • Skybox Security
      • SkyWire
      • Tarsus on Demand
      • Videri Digital
      • Zendesk
    • Sections
      • Banking
      • Broadcasting and Media
      • Cloud computing
      • Consumer electronics
      • Cryptocurrencies
      • Education and skills
      • Energy
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Motoring and transport
      • Public sector
      • Science
      • Social media
      • Talent and leadership
      • Telecoms
    • Advertise
    TechCentralTechCentral
    Home»Sections»Information security»Work-from-home rules putting huge pressure on IT departments

    Work-from-home rules putting huge pressure on IT departments

    Information security By Agency Staff19 March 2020
    Facebook Twitter LinkedIn WhatsApp Telegram Email

    As companies and government agencies send their employees home to avoid contact with the coronavirus, many cybersecurity teams are facing the unenviable challenge of securing sprawling, vulnerable networks.

    Every time an employee connects to their corporate network from home, they’re creating possible access points for hackers to exploit. When this happens a thousand times on a single network almost overnight, it’s increasingly difficult to ensure every connection is secure.

    The specific security challenges are wide ranging. While those using company-provided laptops are likely protected by internal safety measures, they could still be vulnerable if their security software isn’t updated or their remote network connection isn’t perfectly configured. The bigger problem is employees using their own equipment that security teams can’t monitor for malicious traffic. For all they know, these devices may already be infected with malware.

    Pivoting from office desktops to laptops at home are projects that security teams at large companies execute over months

    The challenge can overwhelm security personnel, especially for those companies that have previously discouraged employees from working from home. Pivoting from office desktops to laptops at home are projects that security teams at large companies execute over months.

    Instead, the shift to working at home has happened in days. And with so much emphasis placed on simply making sure company operations don’t come to a grinding halt, network security can be an afterthought.

    “Everyone’s attention is drawn away from cybersecurity right now, with the first priority being safety and continued operations,” said Lesley Carhart, principal threat analyst at Dragos, an industrial controls security company. “That’s certainly forced some companies to rush into allowing remote access to critical operations.”

    New exploits

    A major power utility in southern Europe, for instance, sent home hundreds of employees last week. In a matter of three days, the company increased remote accessibility from just 9% of their machines to 53%, said Andrea Carcano, founder and chief product officer at Nozomi Networks, an industrial security company in San Francisco.

    “There’s a risk of opening access to all of those plants,” said Carcano, whose company provides network security tools to some of those power systems. He declined to name the utility. “That customer has some visibly. But it is a fact, you’re opening a new door that used to be closed. If it’s an opening for you, it could be an opening for an attacker.”

    The huge influx of people working at home has expanded the places hackers can exploit. As companies come to grips with this new normal, hackers are tweaking their attacks — sending phishing e-mails that claim to be about the coronavirus or purport to be from a trusted health agency — to leverage fear of the global pandemic.

    There has been a “flood” of cyber scams and hacking attempts related to the virus, according to Michael Daniel, president and CEO of the Cyber Threat Alliance, an intelligence sharing nonprofit organisation. “It’s really quite amazing how rapidly the bad guys have moved into that area.”

    Hackers appear to be targeting the most vulnerable. Data analysis from Italy indicates that companies that have quarantined workers or instructed them to work from home are prime targets for attackers, according to Cynet, a New York-based cybersecurity company.

    “This shows the propensity for hackers to shift their focus to remote work environments in order to capitalise on the virus while thwarting corporate security measures,” according to a Cynet blog published Wednesday.

    Updating passwords and using paid virtual private networks and multi-factor authentication are a good start

    With a daily onslaught of scary news about the virus, people who are working at home may be more likely to click on bogus misinformation links spread on social networks, cybersecurity experts said. And because they expect to get out-of-the-ordinary e-mails from their IT staff, they may be more likely to click on phishing messages.

    Employees can do their part at home. Updating passwords and using paid virtual private networks and multi-factor authentication are a good start, experts said. Keeping kids off your PCs, if you use them for work, is a good idea, too, because they could download games or other material infected with malware.

    Verify

    If you want to go the extra mile, buy a home router kit that lets users segregate their networks, said Aaron Zander, head of IT for San Francisco-based HackerOne, a vulnerability detection and coordination platform. He warned that allowing “Internet of things” devices — such as Amazon’s Echo speakers and security cameras — to live on the same network as corporate data further expands the attack surface.

    “Everyone needs to be more diligent,” Zander said. “If you get an e-mail asking you to make payment, it’s important to verify who that message is coming from.”  — Reported by Kartikay Mehrotra, William Turton and Alyza Sebenius, with assistance from Amy Thomson, (c) 2020 Bloomberg LP

    top
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email
    Previous ArticleSter-Kinekor suspends morning and evening movie screenings
    Next Article DionWired is no more – all stores closed as of Thursday

    Related Posts

    Standard Bank IT spending tops R10-billion in six months

    19 August 2022

    Hungry Prosus to splurge up to R30.7-billion on iFood stake

    19 August 2022

    Koeberg unit shut down due to mechanical fault

    19 August 2022
    Add A Comment

    Comments are closed.

    Promoted

    Does your contact centre have the CX factor?

    19 August 2022

    Entelek, A2pay to roll out 2 500 free Wi-Fi sites in South Africa

    18 August 2022

    Companies are drowning in data – but solutions are at hand

    18 August 2022
    Opinion

    How AI could transform financial services in emerging markets

    19 August 2022

    No reason South Africa should have a shortage of electricity: Ramaphosa

    11 July 2022

    Ntshavheni’s bias against the private sector

    8 July 2022

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2022 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.