Target of hackers: remote workers
Do your employees work at home because of the corona virus? For many employers, it is convenient that employees can work from home to keep the organization running during this period. At the same time, criminals abuse the situation by harassing organizations digitally with ransomware, spam and other digital mischief. How do you ensure the organization's digital security of your remote working solution?
With a remote work security assessment, Web Security Scan tests your external company network for security risks and vulnerabilities and examines the design of your remote work solution. Our security experts investigate to what extent your organization has set up a safe remote working environment, with which the dangers and the attack surface are eliminated and minimized as much as possible for the company.
"DongIT has examined our external infrastructure. DongIT carried this out expertly. In addition to the reporting of the risks, the complete report also included possible solutions that were immediately applied by the municipality of Meierijstad.. read more"
Company network security crucial for secure remote work
Due to the corona crisis, many people work at home who would normally work in the office. Private Wi-Fi is generally poorly secured, while in that home environment login codes are entered to access company IT-systems. In addition to creating security awareness among home workers, an employer has little influence on this and must assume that the IT security of a home situation is in principle insufficient.
The most important component for a secure remote work environment lies in the set-up by the organization itself. The VPN configuration, firewall settings, linkages and open services of the cloud solution, and setup and management of workstations for employees are all components that are important for a secure remote working environment. In practice, these components are not always implemented in a safe manner, which means that hackers can gain access to the company network.
Web Security Scan is specialized in testing the access to the company network and the set-up of remote work solutions. A remote work security assessment consists of two different testing methods, namely a corporate network pentest focused on remote working situations and a security research of the specific remote access set-up.
Both testing methods can be requested as two separate tests or as a combination test. See the section below for more details on the tests.
Company Network Pentest for Remote Work Situations
- Research into possible attack vectors in the company network and connected employees who work remotely.
- Identification and exploration of remote work and other company systems, open services and applications.
- Identifying all (related) domains and IP addresses belonging to the organization.
- Testing relevant systems and applications. In what ways can these systems be approached (connections) and is this secure?
- Open source research into online information about, among other things, the organization, employees and software packages used, which could potentially be used for a hacking attack.
- Insight into which information is easily available to a potential attacker/hacker.
- Insight into the weakest links in the external corporate network.
Security Research of Remote Work Solutions
- Research into design for remote work solutions and facilitate substantiation for choices made (e.g. VPN solution, hosted cloud or custom remote access design).
- Testing the design, choices made and restrictive measures regarding company laptops/workstations handed out to employees.
- Checking configuration of company laptops (e.g. administrator rights, protocols for updating OS/software, virus scanner, write encryption, firewall, browser plugins, DNS content filtering, pre-installed apps).
- Which cloud services are used? How do they work? Are there known vulnerabilities, such as at Citrix in January 2020?
- Insight into which IT systems and services for remote working employees are also accessible to hackers.
- Insight into the security of the connection between remote workers and used web applications.
- Testing security of access to remote work solution (e.g. allowed mobile devices, private devices, etc.).