Remote workers aren’t taking security seriously. Now that has to change

remote-workers-aren’t-taking-security-seriously.-now-that-has-to-change

IT teams help can mitigate the risks of shadow IT by being more flexible and adapting to the needs of remote workers, according to a new study.

UK businesses must tackle the dangers posed by ‘shadow IT’ as coronavirus restrictions are lifted and offices begin to reopen their doors again.

Remote working has led to a heavy reliance on productivity software and other forms of collaboration tools to keep businesses running amid COVID-19. However, organizations have also lost oversight on the apps and services being used by employee to conduct business, raising a variety of fresh cyber security concerns for IT teams.

Research commissioned by Citrix and carried out by OnePoll has highlight the extent of this problem. In to a survey of 7,500 office workers in Germany, the US, UK, Australia, Canada, France and the Netherlands, 43% of UK  admitted to using software and tools on their work computers that had not been approved by their IT department – or had been explicitly prohibited.

Of those using “shadow” systems – that is, technology and software not approved or managed by their organisation’s IT team – the most common example was unauthorised video conferencing applications, in which nearly half (48%) of employees admitted to using, followed by instant messaging software at 45%.

To avoid
shadow IT

and to make businesses more secure in a future with more office workers working from home, IT teams will need adopt a more “digitally-forward culture” that is more flexible, adaptable and able to anticipate employees’ remote working needs, Citrix said.

SEE: Shadow IT policy (TechRepublic Premium)

Darren Fields, VP of Networking EMEA at Citrix, told TechRepublic: “The rapid shift to working from home has created the conditions for shadow IT to become an increasingly important issue. Whilst it is understandable that employees needed to adapt quickly to new pressures and concerns, given the global pandemic, it is important that businesses tighten up on these procedures going forward in order to safeguard their organisation from external threats.”

Citrix isn’t the only organization to have spotted this trend: 
a recent study from Trend Micro

 also found people showing a lax attitude to following their company’s IT security policies, with 56% of respondents admitted to using a non-work application on a work device and a third of respondents saying they did not give much thought to whether the apps they use are approved by IT or not.

Earlier research also commissioned by Citrix found that seven in 10 respondents were concerned about information security as a result of employees using shadow IT or unsanctioned software, with three in five seeing shadow IT as a significant risk to their organisation’s data compliance. However, the same proportion also thought the use of informal software and applications by employees was generating more innovative approaches to teamwork and collaboration.

SEE: Working remotely: A professional’s guide to the essential tools (free PDF) (TechRepublic) 

Fields said employers needed to plan for the fact that remote working would become more commonplace in future and “get a better handle of the situation” to ensure “bad habits don’t become commonplace.”

Overall, employees appeared optimistic that companies would meet their expectations for the new normal: nearly two thirds of those polled (65%) believed employees would show a better understanding of the “human factor” in the workplace, while 47% percent agreed that the coronavirus crisis experience would “help soften established corporate hierarchies.”

“Technology equipment aside, employers should also keep an eye on their employees’ well-being in the new world of work,” said Fields.

“In this new, sometimes unusual situation, some people have a hard time drawing a clear line between their business and private lives. This is completely understandable, especially when both occur within the same room, or even at the same table.”

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays



Sign up today

Remote factories: The next frontier of remote work

remote-factories:-the-next-frontier-of-remote-work

Remote work has become the standard for office workers. Is it possible to do this with factories? Sort of.

Image: d1sk, Getty Images/iStockphoto

COVID-19 dramatically accelerated what was a slow and inconsistent deployment of remote working policies and technologies at most companies, and in a couple of months cemented remote working as a viable option for office workers. It’s a bit odd to reflect that less than a year ago, remote working was still a novelty or outright prohibited at the majority of companies.

SEE: Return to work: What the new normal will look like post-pandemic (free PDF) (TechRepublic)

With the COVID-19 impact still uncertain, technology leaders are likely going to be asked to continue to leverage technology to keep workers safe, and an obvious area of benefit is the factory. While automation is nothing new at most production facilities, it was previously reserved for tasks that were dangerous, difficult, or inexpensive to automate. The fact that most factories already had staff performing various tasks made the cost bar rather high for jobs that didn’t meet the dangerous or difficult threshold. If you already had someone inspecting equipment at a facility, it was essentially free to ask them to inspect a few more pieces of equipment.

However, the definition of danger is now expanding to include human proximity, causing production managers and executives to investigate new ways to reduce staffing, or provide less physical proximity. This is an area where technology can quickly help.

Remote inspection could be easier than you think

When technologies consider factory automation, we often jump to solutions involving dozens of Internet of Things (IoT) sensors, real-time analytics, and predictive models, and quickly build the perfect solution that, while feature-rich, has the major detractor of being costly and time-consuming to implement. In times of uncertainty, the perfect can often become the enemy of the good enough, and while cheap sensors abound, and analytics tools are now available in the open-source market, something as simple as a connected video camera might allow one technician to inspect multiple pieces of equipment across multiple geographies.

SEE: Coronavirus having major effect on tech industry beyond supply chain delays (free PDF) (TechRepublic)

In a matter of days, you can purchase, provision, and install some cheap cameras. This solution need not be a path that precludes you from complex analytics; many companies have used cameras as a “quick and dirty” sensor of sorts, and then used image analytics to perform automated or complex monitoring. In simple cases, a junior developer might be able to whip up a tool that checks the status of a couple of lights on a piece of equipment in an afternoon, and longer-term image analytics can do everything from identifying potential quality problems to ensuring production workers maintain social distancing.

Use technology to help your factory team

One of the struggles of COVID-19 is the disparate impact it has had on workers, which has generally broken down along economic lines. As a well-positioned leader, I am able to happily work from home and maintain my productivity and pay. Those who work in your factories are not so lucky and must put themselves at risk at work and as they travel to and from work, exposing themselves and their families to hundreds of people who could be potential carriers of the coronavirus.

Most of the focus of applying technology to help these workers has been rather draconian, subjecting workers to long security lines, temperature checks, and intrusive surveys that those of us who remain home can blissfully ignore. Consider whether technology could make some of these procedures easier, or how you might also use the survey and monitoring tools you’re building to communicate with employees and thank them for their hard work and personal risk. Building these tools for a perspective of respect for the safety of your colleagues and their families, rather than a perspective of “compliance” and risk mitigation, can make a world of difference in your design and implementation decisions.

SEE: Special report: The rise of Industrial IoT (free PDF) (TechRepublic)

Many of these workers also have hard-won knowledge about how your facilities function. Rather than a cursory interview or two, consider adding factory staff to your teams that are building remote monitoring tools both to inform the design and implementation process, and also to monitor and maintain the tools going forward. We’ve long lamented the monolithic nature of most technology shops, and this could be a unique opportunity to gain perspective and knowledge that’s taken years to acquire in exchange for some technology training that may only take a matter of weeks.

If nothing else, these challenging times have allowed for creativity and flexibility, and a rethinking of the status quo. Extend this thinking to your factories and warehouses, and you might just create new tools and processes that are better for your employees and the bottom line. 

Executive Briefing Newsletter

Discover the secrets to IT leadership success with these tips on project management, budgets, and dealing with day-to-day challenges.
Delivered Tuesdays and Thursdays



Sign up today

Also see

5 remote work statistics every employer should know

5-remote-work-statistics-every-employer-should-know

If your company is considering hiring telecommuters, here are some important facts to help decide if it’s the right move.

Image: 12963734, Getty Images/iStockphoto

In 2019, 62% of businesses already had a partial or full remote workforce, according to a survey, by OWL Labs, of employees between ages 22 and 65. Often referred to as telecommuting, remote work will continue to grow, especially as COVID-19 has forced employers in this direction in 2020. As companies and employees discover the benefits of remote work, this remote hiring trend is not unfounded—and will continue well into the future.

SEE: Return to work: What the new normal will look like post-pandemic (free PDF) (TechRepublic)

But will telecommuting work in every industry? Global Workplace Analytics’ survey shows a breakdown of work-from-home employees by major industries. Post-COVID-19, many employers and their employees in these industries will have come to terms with the realities of remote work. 

Here are five noteworthy facts that every employer should know when considering hiring in-house or remote team members.

Remote work improves business continuity

There’s never been a better time to try a new remote workforce. COVID-19 has made the perfect case for why: Business continuity. Outside of essential services, the survival of most businesses has become fully dependent on having remote workers. Going forward, your company will be faced with making some decisions about keeping at least some employees remote to reduce the risks of disruption in the future. It’s for this reason, and others, that by 2028, it’s estimated that 73% of all departments will have remote workers, according to a 2019 study. Thanks to the pandemic, 62% of organizations are shifting more jobs to remote work.

Remote work lowers operating costs

The financial impact and benefits are always top-of-mind for most companies. Global Workplace Analytics estimates that for each half-time remote worker, employers can save more than $11,000 per year. Hiring remote workers reduces your computer, phone, electricity, heating, and office lease, furniture, insurance, and maintenance costs. Further, well over half of the businesses surveyed say that these capital and operating cost savings have helped them to manage risk and consolidate their portfolio.

Remote work helps attract and retain talent

The days of fancy titles and offices are, for most employees, no longer a motivator. In fact, 80% of U.S. workers say they’d pass on an opportunity that didn’t offer some form of flexible working arrangement. Almost 80% of respondents in In Crain’s Future of Work survey cited flexible schedules and telecommuting as the most effective non-monetary way to retain employees. Remote work arrangements are particularly attractive to the 84% of millennials, who are already experiencing burnout.

Remote work improves productivity and work quality

Productivity is a big concern for many employers. There’s always a concern from managers that remote workers won’t work as hard if they’re not in the office being monitored and managed. A 2018 Flexjobs survey reported that 65% of remote employees say they find themselves to be more productive working from home than in a traditional office setting. Why? 

  • Fewer interruptions
  • Less stress and time due to commutes
  • Less stress from office politics
  • A more comfortable working environment  

Remote employees are more apt to be engaged in work activities when they are comfortable. Research by Gallup found that “optimal engagement… takes place when employees spend 60% to 80% of their time working off-site—or three to four days in a five-day workweek.”

Remote work helps reduce environmental effects

As companies struggle to find ways to become more aware of their environmental impacts and try to reduce their carbon footprints, hiring a remote workforce may hold some of the answers. Allowing employees to work from home reduces traffic congestion, pollution from vehicles and air travel, and wear and tear on infrastructure. The “2017 State of Telecommuting in the U.S. Employee Workforce report found, “telecommuters reduce greenhouse gas emissions by the equivalent of taking over 600,000 cars off the road for a year.” The reduction in pollution also ensures your company plays its part in having a positive impact on people, pets, wildlife, and other living organisms.

Executive Briefing Newsletter

Discover the secrets to IT leadership success with these tips on project management, budgets, and dealing with day-to-day challenges.
Delivered Tuesdays and Thursdays



Sign up today

Also see

How to protect your remote desktop environment from brute force attacks

how-to-protect-your-remote-desktop-environment-from-brute-force-attacks

An RDP compromise provides a cybercriminal with a backdoor for ransomware and other types of malware, says security provider ESET.

cyberattack.jpg

The coronavirus lockdown has prompted a host of organizations to require their staffers to work from home. But many of those employees still need to remotely access computers in the office, which has triggered an increase in the use of programs that rely on Microsoft’s Remote Desktop Protocol (RDP). Of course, cybercriminals have pounced on this transition, which is why RDP is more exploitable than ever. A report published on Monday by ESET discusses how attackers take advantage of RDP and what organizations can do to combat them.

SEE: How to work from home: IT pro’s guidebook to telecommuting and remote work (TechRepublic Premium) 

Though Remote Desktop Protocol can be enough of a security risk on its own, organizations often compound the vulnerabilities by failing to properly secure RDP accounts and services. Accounts with RDP privileges may have a weak password or no additional layers of security. Those flaws open the door for brute force attacks in which cybercriminals use automated tools to obtain the account password. If successful, the attackers can then invade a network, elevate their rights with administrative access, disable security products, and even run ransomware to encrypt critical data and hold it hostage.

However, ransomware and extortion aren’t the only types of attacks that can follow an RDP compromise, according to ESET. Often, attackers will try to install coin-mining malware or even create a backdoor, which can be then used if their unauthorized RDP access is ever identified and shut down.

Other actions performed by attackers following an RDP breach include clearing out log files to remove evidence of their activity, installing tools and malware on compromised machines, disabling or deleting scheduled backups, and exfiltrating data from the server.

ESET has seen a rise this year in reported RDP attacks from among its customers. From just under 30,000 reported attacks per day in December 2019, the volume has been hovering around 100,000 since April 2020.

Trend of RDP attack attempts against unique clients per day detected by ESET.

Image: ESET

“RDP has been a popular attack vector for many years now, but this has increased even more ever since IT teams had to accommodate a remote workforce due to COVID-19,” said Javvad Malik, security awareness advocate for KnowBe4.

“In an attempt to keep the show on the road, many IT teams would have enabled RDP in addition to relaxing security controls in order to allow employees to work unhindered from home,” Malik said. “However, this all accumulates as technical debt, one that the criminals are well aware of, and which would lead them to increase their attacks.”

How can organizations better guard against RDP compromises through brute force attacks? One key effort starts with the password itself.

“Enforcing password discipline where users must choose complex passwords with uppercase, lowercase, numeric, and special characters, with a minimum length greater than 14 characters, makes a brute-force attack much more complicated,” said Gurucul CEO Saryu Nayyar. “Fifteen characters is a minimum to withstand rainbow table attacks, with longer passwords giving much greater security.

But even strong passwords should be backed up by such tools as multifactor authentication and security analytics.

“Multifactor authentication can also greatly reduce the risk from brute-force attacks, whether it is provided through an application or a physical access key,” Nayyar said. “Advanced security analytics can help identify a brute-force attack before an account is compromised by identifying the behaviors associated with this attack vector, automatically blocking access at the infrastructure or account level.”

User training is one more important factor to add to your cyber defense strategy.

“It’s worth bearing in mind though, that even when these security controls are put in place, criminals can still get in by social engineering the users,” Malik said. “Especially during this time where many are working remotely from home, it has become easier for criminals to masquerade as the IT help desk to either phish credentials, or persuade users to download malicious files, which is why security awareness and training should also form a critical component of any layered defensive strategy.”

Finally, ESET offers several tips for effectively configuring and securing your remote access accounts and services:

  • Disable internet-facing RDP. If that’s not possible, minimize the number of users allowed to connect directly to the organization’s servers over the internet.
  • Require strong and complex passwords for all accounts that can be logged into via RDP.
  • Use an additional layer of authentication (MFA/2FA).
  • Install a virtual private network (VPN) gateway to broker all RDP connections from outside your local network.
  • At the perimeter firewall, disallow external connections to local machines on port 3389 (TCP/UDP) or any other RDP port.
  • Protect your endpoint security software from tampering or uninstallation by password-protecting its settings.
  • Isolate any insecure or outdated computers that need to be accessed from the internet using RDP and replace them as soon as possible.
  • Apply all of these best practices to FTP, SMB, SSH, SQL, TeamViewer, VNC, and other services as well.
  • Set up your RDP correctly using the advice shared in this ESET report from December 2019.

http://www.techrepublic.com/

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays



Sign up today

Also see

80% of organizations did not have a remote work program before COVID-19

80%-of-organizations-did-not-have-a-remote-work-program-before-covid-19

The coronavirus pandemic completely altered the way of work, changing the landscape for hiring and daily business operations, Mind Edge and Skye Learning found.

Image: Zinkevych, Getty Images/iStockphoto

The majority of employers (80%) said they did not have a remote-work program before the onset of the coronavirus pandemic, but the crisis forced companies to adapt, a Mind Edge and Skye Learning report found. This significant shift completely altered the working world,  impacting hiring, work/life balance, and daily business operations.

The State of Remote Work 2020: The Age of the Pandemic report, released on Tuesday, surveyed more than 800 US remote workers to determine their attitudes surrounding work from home (WFH). 

SEE: Top 100+ tips for telecommuters and managers (free PDF) (TechRepublic)

While social distancing guidelines around the nation are still recommended, many businesses are looking to return to the office. The situation is still uncertain, however: Nearly a third (28%) of workers and managers said they expect to remain working remotely full time even after returning to normal operations, but another 35% said they expect to return to the office full time. 

Opinions surrounding WFH varied, according to the report, with many struggling to strike a balance between work responsibilities and home life. 

“For many people, remote work has blurred the line between ‘work’ and ‘life,'” said Jefferson Flanders, CEO of MindEdge Learning. “One of the biggest complaints from survey respondents was that they were unsure when it was time to end work for the day; as a result, we suspect that a lot of folks are working longer than they might be if they were still at the office.” 

Advantages and disadvantages of remote work 

“Many workers have been increasingly hard-pressed to maintain a healthy work-life balance, especially since the rapid shift to fully remote work,” Flanders said.

Some 30% of respondents said that working from home made their jobs harder, while 26% said it made their jobs easier. Most (40%) said the impact of remote work was both positive and negative, the report found. 

Workers ages 45 and older seemed to struggle the most, with 33% reporting that WFH made their jobs harder. 

Some of the biggest complaints with WFH included the increased number of meetings or phone calls (44%), problems with communication technology (37%), distractions at home (33%), and uncertainty about when to end the work day (23%), according to the report. 

“There are some sobering findings as well. Only 12% of workers say that working remotely has had a positive effect on their mental health, and half say that working from home has had a negative impact on their emotional or mental health,” Flanders said.

“Those who reported an even stronger dislike? Parents with school-age children at home, with half (50%) reporting a negative impact on their emotional or mental health,” Flanders added. 

Remote workers found ways to break up the time and reduce stress, however. More than half (51%) said they went outside for a walk/fresh air, some 43% said they caught up on TV, and 31% said they took breaks to spend time with family.

As for the positive sides of WFH, “It’s what you would expect: Flexibility and shorter commutes top the list, of those who say that remote work has made their jobs easier,” Flanders said. 

The majority (66%) cited increased flexibility as the biggest perk, followed by a lack of commute (59%) and fewer interruptions (46%). 

Changes in the hiring and training landscape 

The report also explored how hiring and training has shifted during this time. 

“Despite the recent disruption of the economy, 37% of the managers in our survey say their companies are hiring, and they express a strong preference for experienced workers (42%) rather than recent college grads (17%),” Flanders said. 

“But in this very uncertain economic environment, we think that the demand for training is going to be very strong,” Flanders noted. “Even before the coronavirus hit, our surveys found that many workers were interested in skills training to ‘future-proof’ their careers. Now that so many workers are unexpectedly back in the job market, we think that many of them will be looking for skills training to get a leg up on the competition.” 

Within organizations, that majority (82%) of managers said that training in how to manage remote employees would be helpful in navigating this new work environment, indicating that employees want to be upskilled, for the most part. 

“For those who are looking for a job, one of the biggest findings in our survey is that managers place a high value on certifications—exam-based credentials awarded by an industry-recognized group,” Flanders said. 

“Close to three-quarters (72%) report that certifications on a candidate’s resume hold a great deal or fair amount of value,” Flanders said. “With this in mind, graduates who are new to the workforce can begin to prepare for remote work positions by building their credentials to remain agile in times of flux.” 

For more, check out CompTIA offers remote certification exams, extends exam voucher expiration dates due to coronavirus on TechRepublic. 

Tech News You Can Use Newsletter

We deliver the top business tech news stories about the companies, the people, and the products revolutionizing the planet.
Delivered Daily



Sign up today

Also see

Setting up Remote Employees for Success

setting-up-remote-employees-for-success




TechRepublic Home

Keep up with the latest tutorials, videos, cover stories, and galleries on TechRepublic here and make this your starting spot.




TechRepublic Forums

Visit our forums to engage with your IT peers on the issues of the day here. Forums are available to all registered TechRepublic members. Register today, it’s free!




Resource Library

Browse our huge collection of tech white papers, case studies, downloads, and other resources here. Our entire collection is available to all registered TechRepublic members. Register today, it’s free!




TechRepublic Video

Watch TechRepublic’s videos of the hottest IT events and products, interviews with tech experts and innovators, and how-to tutorials here.

See

All

Remote Access Checklist

remote-access-checklist
  • Provided by
    TechRepublic Premium
  • Published
    June 9, 2020
  • Topic
    TechRepublic Premium
  • Format
    PDF

This Remote Access Checklist from TechRepublic Premium should be used to ensure all employees have the requisite items, accounts, access, and instructions needed for remote work. It should be filled out by the IT department and signed off on by the employee and their supervisor/manager.

This checklist can be customized to meet the needs of your organization.

People Also Downloaded

Splunk Remote Work Insights On-Demand Webinar – Watch Now (TH)

splunk-remote-work-insights-on-demand-webinar-–-watch-now-(th)

The current global situation has accelerated change, many of Splunk’s customers around the world have shifted their employees to working remotely, even after the easing of return-to-office measures.

This new remote world brings new challenges, and our customers have asked how can they support workforce productivity? How can they ensure their WFH environments are secure?

A university in Australia suspended all on-campus education activities and transitioned fully to online classes and work from home. Splunk Remote Work Insights helps mitigate security risks, ensure the students and staff are connected and engaged, and provide immediate visibility plus insights for the leadership team to ensure security, operation and business continuity.

A U.S. public sector customer now manages a 30,000 remote workforce. Splunk Remote Work Insights helps ensure the workforce can stay online and deliver emergency services to citizens.

A retail bank in the U.K. uses Splunk Remote Work Insights to secure and monitor their 3,000 remote workforce in real time, ensuring its core business is up and running during the lockdown period.

Download the Splunk Remote Work Insights (RWI) solution guide to learn how RWI delivers real-time visibility across multiple disparate systems, such as VPN, Microsoft 365, Zoom and Okta with executive level views and collaboration that boost employee productivity and ensure high performance for your critical business activities.

Click here to watch the complementary Splunk Remote Work Insights webinar recording showcasing the solution capabilities.

Going Remote: Virtualizing Your Desktops and Applications

going-remote:-virtualizing-your-desktops-and-applications

Social distancing and remote work are creating challenges for everybody. At the same time, there are many opportunities to create modern work strategies that will construct what a new normal will be. For organisations that are early in their digital transformation journey, this is an opportunity to advance and modernise
IT processes and invest in the tools and applications that enable digital experiences.

In this video Thierry Pellegrino and Renu Upadhyay discuss the value of desktop app virtualisation and how they are using VDI at Dell Technologies.

Windows Server 2019: The operating system that bridges on-premises and cloud.

Dell Technologies, Dell, EMC and Dell EMC are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.

Going Remote: Succeeding With Simplified Lifecycle Solutions

going-remote:-succeeding-with-simplified-lifecycle-solutions

Remote work can be more than getting computers in the hands of employees. Different people in different jobs need a wide variety of access to different business applications. They need to be able to communicate and access normal contacts and chains of command in a way that is not disruptive to business processes and operations.

Watch this webinar by Aaron Chaisson and Brooke Huling to learn ways to get devices into the hands of employees quickly, and how to speed up deployment all while providing your workforce with a consistent and connected workplace.

Windows Server 2019: The operating system that bridges on-premises and cloud.

Dell Technologies, Dell, EMC and Dell EMC are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.