If your organisation is embracing mass remote working for the first time, it’s important to ensure that it is doing so securely. Enabling workers to access the systems and data they need from home can create a wide range of cyber risks that attackers can be quick to exploit.
A remote working assessment from Incluzion Business Solutions is a type of penetration test designed to identify and help comprehensively address security vulnerabilities that can result as a consequence of employees working outside of the office. This includes misconfigured infrastructure, devices, SaaS applications and security controls.
Our CREST-certified security experts are experienced at helping organisations to identify and address a wide range of home working security risks, including:
To ensure that remote workers are able to access the systems they need outside the office, many organisations relax security settings such as IP address whitelisting. Use of access management technologies such as cloud access security broker (CASB) and zero-trust network access (ZTNA) can help to reduce risk, but these tools aren’t always configured optimally. We will review any access controls to ensure that they are implemented securely and configured with the latest threats in mind.
Bring-your-own-device (BYOD) is the practice of allowing employees to use their own devices to access company networks. Some organisations use remote access technologies, application containers and application wrapping to mitigate the associated risks, but these need to be implemented securely. We review your organisation’s BYOD policy and controls to help identify improvements.
A remote working security assessment is a type of penetration test designed to help organisations identify and address security risks that result as a consequence of employees working outside of the office. An assessment can uncover a range of security risks, such as misconfigured infrastructure, systems and applications. Unsafe remote working practices can also be identified.
A remote access penetration test is a type of penetration test that is specifically focused on identifying cyber security risks that result from the use of remote access solutions such as a virtual private network (VPN), a Remote Desktop Protocol Client (RDP) and Virtual Desktop. A remote access pen test can also be used to assess the implementation and use of cloud access security broker (CASB) and zero-trust network access (ZTNA) tools.
The time it takes a penetration tester to complete a remote working security assessment is dependent upon the scope of the engagement. A typical test to identify critical issues generally takes no more than a couple of days, but a more focused engagement to review policies such as firewall settings can extend the testing and reporting period. The duration of a test will also dependent upon the approach – whether it is a whitebox, blackbox or greybox engagement.
Yes, absolutely. Upon request, a remote working penetration test can include a custom email phishing exercise, designed to assess and help improve the security awareness of employees that work from home. Assessments can also target specific individuals to mirror spear phishing and business email compromise (BEC) attacks.
The COVID-19 pandemic has led to increased security risks for most companies, especially those that have been forced to embrace remote working for the first time. Many organisations prior to the pandemic were not set up properly to support remote working and have been forced to implement quick solutions to stay operational and provide employees with access to systems and data. In such instances, cyber security can be an afterthought.
Homeworkers should be alert to a wide range of remote working security risks during the COVID-19 pandemic. Users should be particularly aware of coronavirus themed phishing attacks, designed to trick recipients into disclosing sensitive information and/or installing malware.
Employees also need to exercise caution when using third party applications such as video conferencing software, which could introduce security vulnerabilities and create privacy and compliance issues.
We are trusted by global cyber insurers to conduct thousands of breach investigations
every year. Our experts can help you contain, recover and mitigate future attacks.
Copyright © 2023 By Incluzion Business Solutions. All rights reserved.
