How to Safeguard Remote Access to Corporate Networks
The novel coronavirus, also known as COVID-19, is having a profound effect on the way Canadians work. The intentional shutdown of the economy as a result of the COVID-19 has resulted in an increased number of workers using remote access to work from home.
5 Million Canadians Worked from Home in April 2020
During the second week of April 2020, Statistics Canada reported that out of the 12 million Canadians who were employed and worked more than 50% of their usual hours, an estimated 5 millions of these worked most of their hours from home. In 2000, Statistics Canada only recorded 1.4 million Canadians who worked from home and this number increased to 1.7 million in 2008.
Out of the 5 million Canadians who worked from home, Statistics Canada said 3.3 millions of these worked at a location other than home. “It can be reasonably assumed that these workers changed their workplace in response to the COVID-19 economic shutdown,” Statistics Canada said.
According to Statistics Canada, in most industries where close contact with others is vital, a relatively low number of workers who worked at least one hour did their jobs from home in April, while in industries where close contact with others is less necessary, more workers tended to do their job from home in April.
Workers in industries where close contact with others is less necessary include professional, scientific, and technical services (75.5%); finance, insurance and real estate (67.4%); and public administration (62.6%). “These same industries have experienced relatively fewer employment losses since February and may find it easier to resume full activity, either through continuing work from home or possibly through investments in workplace adaptations,” Statistics Canada said.
Remote Access to Corporate Networks
Companies wanting to continue their business operation have hastily allowed workers to remotely access corporate networks – referring to critical servers and workstations – with little security preparations.
Remote access allows workers working from home access to a corporate network, including the internal services, applications, and information within – similar to access while in the corporate office, but this time, the access is over the internet. Remote access, however, introduces new vulnerabilities.
A dive into the dark web – sites that allow the selling and buying of illicit goods and services – reveals that malicious actors are selling and buying remote access to corporate networks. While many of these for sale remote access belong to large organizations, it isn’t far-fetched to assume that small and medium-sized enterprises (SMEs) with lesser cybersecurity budget would likewise fall into the trap of failing to secure remote access.
On the dark web, for sale remote access refers to software, exploits, authentication credentials (for example username and password combination), or other means that allow illicit remote access to a corporate network. Depending on the size of the organization and whether the data breach is a new one, some remote accesses are sold from as low as US$10 to as high as US$100,000.
Buyers use these remote accesses to launch attacks on the victims’ networks or hire a much more skilled team to launch attacks on the victims’ networks to gain domain administrator privileges and infect critical servers with malicious software (malware).
Ransomware operators have been known to be the first ones to set up “ransomware affiliate program” in the dark web. In this affiliate program, the ransomware creator splits the proceeds of a ransomware operation with the affiliate or affiliates (some affiliates can reach 8 to 10).
Typically, the share of the ransomware creator is lesser than the affiliates. The reason for the bigger share of affiliates is that they do most of the dirty work such as buying remote access to the network and finding ways to bypass the network’s security solutions.
One of the commonly sold remote access to corporate networks on the dark web is the access to Remote Desktop Protocol (RDP) – a proprietary protocol developed by Microsoft that allows a user to connect to another computer over a network connection. RDP is among the top application-level protocols for remotely accessing Windows workstations or servers.
While RDP doesn’t necessarily have to be accessible via the internet, many systems administrators exposed RDP ports to the internet mostly protected only by the traditional authentication: via username and password combination. Many of these RDP authentication accesses end up on the dark web. McAfee Labs reported that the stolen RDP authentication credential of a major international airport was sold on the dark web for only US$10.
Cybersecurity Best Practices in Securing Remote Access
Take an extra step in protecting remote access to your organization’s network. Protecting an RDP port of a critical server with a simple username and password combination opens it to brute force attack – a type of cyberattack that uses the trial and error method in guessing the correct username and password combination.
Adding extra layers of protection for RDP is important in protecting your organization’s network. One of the best practices in securing RDP is by making it available only through a corporate virtual private network (VPN).
It’s also important to apply the latest patch to corporate VPN as in recent months threat actors have been going after unpatched VPNs as these are seen as gateways to corporate networks.
The Canadian Centre for Cyber Security has this advisory to protect the data being sent or accessed through a VPN: “Your organization should assess what data is sent and accessed through a VPN and the value of this data to understand the risks associated with using a VPN. Your organization should have clear policies for employees who use a VPN to remotely access a work server. If possible, the configuration settings should require individuals receiving the encrypted data to enter authentication credentials in order to access the information. Having two separate keys or credentials for encryption and decryption is called asymmetric cryptography.”
Our team of experts has years of experience and expertise in supporting safe remote access to mitigate the risks of an attack on your corporate network. Start today with a no obligation assessment to make sure your employees, your network and valuable data are secure.
Call today (416) 920-3000 or email us at sales@genx.ca