Working from Home: Secure Connections

Here’s how to protect your business!

There are some in the security community that suggest that September 2020 will begin a wave of cybercrime that we’ve not ever seen. Good news: It is preventable.

What are some secure ways to continue to do business from home? VPN (Virtual Private Networking) provides an encrypted tunnel between the home and the office. Remotely controlling an office computer is an effective way to have the tools to work, from wherever you are. Mobile device email access is another great way to stay connected. Using MFA (multi-factor authentication) can ensure that all the above is accessed securely. Businesses have differing levels of access to these technologies.

Businesses have rushed to meet stay-at-home orders while keeping employees productive. Many are subject to several layers of compliance requirements which are mandated by government and industry associations. These requirements had guidelines, albeit not specific to pandemics, which provided a great deal of value in making sure they can still operate correctly.

The vast majority of small businesses have little to no compliance requirements. They are generally free to operate any way they see fit, usually taking a path which focuses on productivity first and security takes a position that is far down the priority list. Cybercriminals are counting on businesses taking shortcuts on security.

Prime Targets

While cyberthieves can go for large corporate targets with huge payoffs, the security systems they use take quite a bit of skill and time to breach. A team of theives can work for months and score a big payoff, to be split over the group and typically they have to get right back on the next mark.

Small businesses are the lower hanging fruit, with fewer security barriers. The payoffs might not be nearly as valuable, but thanks to automation and distributed networks of attack sources, one cyberthief can attack hundreds of businesses at the same time with little more than a few clicks of a button.

The average small business cybercrime attack cost $200,000 last year. These costs are related to stolen money, the cost to provide identitiy theft recovery to clients and employees, attorney’s fees, costs of investigations, and of course all the right protection to prevent another attack. Succesfully breached companies get on a hot list of other cybercriminals. They share their successes.

Choosing the Right Tools

We’re going to review a few of these tools and the ways they can be employed securely. There’s also some details about each one that might make them a clear choice to benefit your particular business. Not every tool is best for every business.

VPN – Virtual Private Networking

VPN has been a tool in corporate IT for decades. Little has changed since its inception which means it’s not quite as easy to implement and use for most non-technical staff members. Key points about VPN:

Encryption means a portion of bandwidth is used to secure the tunnel. Slow internet endpoints like homes or wireless access make for much slower access. VPN was typically used office-to-office. Much less often from office-to-home.

VPN is only as secure as the passwords of the account used to connect. Implementing MFA (multi-factor authentication, covered below) is rarely used in most VPN implementations. Best practice in the absence of this is frequent password changes.

VPN is generally only used for file transfer. Accessing a database over VPN can cause the database to be corrupted. This is due to the design of most database clients to be used on a local network. Data streams are constantly sent back and forth. VPN connections over slow or spotty internet break those streams and can write incomplete or bad data which renders the database inoperable until it can be restored from backup. Accounting packages are notoriously ill-designed for VPN use.

VPN can be used for direct access to remotely control office computers. It allows another layer of security which is excellent. Just make sure passwords are changed frequently and never re-used.

Remote Control – Remote Desktop, GoToMyPc, WinVNC, and others.

Remotely controlling your office computer is being widely used among small businesses. The software or services that allow access are inexpensive (if not free) and allow you to use the office computer from home as if you were sitting right in front of it. Some important considerations of this solution are:

Remote control software quality varies widely. That quality impacts security and performance. Some allow direct access to the computer from a website login. These can be very dangerous, as if that password is compromised, there’s nothing to stop an attacker from doing a lot of damage. Having to log into the computer after the access site helps reduce the risk of breach.

Feature sets – Do you need multiple monitor support? How about the ability to print an office document on the home computer? Do you need high-quality video to the work computer? File transfer? These and other features are not always covered by the remote control product.

Secure login – As mentioned above, having a few layers of access is always a good thing. Use a remote control solution which has MFA (Multi-factor authentication, explained below) for some rock solid security.

MFA – Multi-Factor Authentication

Multi-factor basically means that you are providing authentication through two or more ways. Generally, we like to say the factors are “what you know, what you have, and what you are”. What you know can be a password. What you have can be a mobile phone authentication app, and what you are could be a fingerprint or retina scan. So what’s important about these?

Availability

MFA isn’t available everywhere. We’d like to see MFA wherever we see passwords, but they’re expensive and complicated to set up. A cheap, or easily configured MFA system itself can be compromised, leading to an incredibly false sense of security.

Secure delivery – When considering “what you have”, many use SMS (mobile texting) or email authentication. SMS authenitcation has been often proven to be insecure as the mobile phone chip can be duplicated, delivering the authenticaiton to a hacker’s device. Email can be a little better, but if it’s merely password protected and becomes compromised, those codes are just as easily intercepted. A more secure method is an authentication app on a mobile device which offers a code which changes every 10-15 seconds. These are much less likely to be compromised.

Homework

An often-overlooked component of MFA systems is the recovery key. Many who have used MFA for a while encountered a case of the app failing, a mobile device being replaced, or some other change that leads to a bit of work to recover accounts. Keeping the key in a safe place can do wonders in the event you have to make a change.

If you want to prevent cybercrime while keeping your team productive, get in touch with Tech Masters! Our team is here to provide you with some of the best security services on the market. We have been providing high quality IT protection for more than a decade and have the knowhow and manpower to help protect your company against all kinds of attacks! Get in touch with us today and let us protect your business against hackers, scammers, and other bad characters.