Remote Access Security Audit

Cyber security threats have increased massively during COVID19

The rapid and unplanned move to mass remote working caused by the epidemic brought with it a huge increase in security risks. Phishing attacks have increased massively with hackers enticing people in both home and work environments to access counterfeit websites and open phishing e-mails given the general increase in anxiety and the desire to read news, advice and guidance on COVID19. TechRepublic reported a 667% increase in phishing attacks in March alone.

Remote working revives a whole lot of familiar challenges, many of which have already been fixed in the in-house working environment. A recent survey of 3,000 remote office workers in the U.S., U.K., France and Germany revealed that 77% were using unmanaged, insecure BYOD devices to access corporate infrastructure, 37% storing passwords in browsers and 29% allowing family members to use their office issued computers for activities like schoolwork, gaming and shopping. In addition employees might lose mobile devices containing sensitive data or download files to insecure storage.

Other than ‘remote’ employers have no certainty of where employees are working. Remote could mean cafés or other public areas with little or no security. Staff working from their homes can be just as compromised. Is their WiFi secured? Are they using their own devices (desktops, laptops or tablets) and if so have they applied the latest security patches? What firewall and antivirus software is in place? How good is their security awareness, do they take appropriate precautions at video conferences, are they downloading sensitive or confidential information or worse still printing it? How do they log in and connect to shared services, is data encrypted in transit and at rest and how secure is log on authentication?

What is a Remote Access Security Audit?

We use a systematic approach to identifying and eliminating vulnerabilities.

Phase 1 – Discovery

The aim of this phase is to understand your remote IT and security infrastructure for both the individuals working remotely and for the services they access. Infrastructure in the broader sense will cover not only IT hardware and software but also at least as importantly the practices and policies in place. Even the best IT security will do little to prevent employees for example, allowing their video conferences to be overheard or forwarding sensitive e-mails to their home e-mail addresses. We would expect to interview IT infrastructure and security staff as well as employees who are working remotely.

Phase 2 – Identify

Following the discovery phase we will identify potential vulnerabilities and devise tests to clarify and confirm these. This is likely to involve phishing and spear phishing techniques and identification of potential vulnerabilities in the remote infrastructure either by probing externally or by a paper exercise. Your security and confidentiality is paramount so this will not be carried out in an intrusive or public way, rather we aim to identify vulnerabilities, not exploit them.

Phase 3 – Report

Having identified vulnerabilities we will produce a report detailing our recommended remedial actions. This is likely to be a combination of IT fixes as well as changes to policies combined with education to influence employee practices.

Phase 4 – Implement

This phase implements the recommended remedial actions. You may choose to carry this out yourselves, employ us to do this or a combination of both. It is important to note that this is not a one-off process and that businesses continue to monitor security, educate staff and maintain communication on current cyber security threats.

Phase 5 – Retest

Following remedial action, it’s essential to rerun the tests carried out in the Identify phase to ensure that the issues identified have been resolved