Coronavirus: Remote Working

COVID-19 is a new virus that has not previously been observed in humans. According to data compiled by Johns Hopkins CSSE, there are currently over 91,000 confirmed cases across the globe.
The virus is now also disrupting businesses, who are reconsidering how they do business and the increasing value of remote work.

Google and Twitter told thousands of their employees to work from home as a precautionary measure to help stop the spread of the virus. Analysts believe that the coronavirus could lead to employee absenteeism as high as 40 percent, with severe operational consequences. In heavily infected areas, numerous workplaces have shut down altogether and public transportation is being avoided.

IT leaders must seriously think about the ability of their employees to productively work from home during an emergency.

Many will already have a business continuity plan in place, with tried and tested technologies and processes in place for just such an event. If not, its not too late to act and implement a working solution. Below we will cover some of these proven solutions, taking into account data security and systems that actual help improve business efficiency and savings on the long term bottom line.

Many of these solutions are not new, in fact you can provide your employees with secure access to their work files from home through a simple, familiar experience from their laptops, mobile devices, or a web interface using home internet access – mimicking the experience they have in the office.

Secure enterprise solutions make users more productive and gives IT complete control over business content to ensure security, maintain compliance, and enable BYOD.

Many of the solutions can be deployed and managed centrally either on-premise or private cloud.


File sharing - Your users want to access their data from wherever they are and they want to share that data with their peers in a simple manner. This is causing many organisations to struggle with security and IT compliance challenges as multi-device users are turning to consumer file sync services (Google, Box, DropBox...). Additionally, the move to flexible working is causing users to become frustrated with the complexity of accessing existing file storage locations from tablets, smartphones, and Macs.
The problem is, how do you deliver highly flexible, secure data access and sharing in a cost effective way?
File sync and share services are adapting to not only protect company data but to aid in remote workplace collaboration. Some file sync and share tools now provide users with tools to preview and edit files in-browser, search and find specific company documents and versions, and keep all employees on the same version of a document.

File sync and share features are now part of many cloud-based endpoint data backup solutions.

Endpoint backup

Centrally control the of backup data on endpoint devices (or laptops, smart phones and tablets). Access file, data storage and business applications either residing on your on-premise or cloud-based platforms.

File services anywhere – Organisations are beginning to see the workday less as a clock-in/clock-out office environment, and have adopted an environment that supports the various schedules and lifestyles of their employees. With secure file-sync and share, employees are no longer constrained to a single corporate-owned device to be productive. Files can be accessed and shared with anyone from any Windows, iOS, or Linux device. Users enjoy desktop access to any number of cloud-based folders and files, helping enterprises maximise productivity regardless of the physical storage on users’ laptops.

Secure file backup – File transfer with password, expiry times, download limits, and tracking. Data is backed up / replicated using built-in VPN, providing AES-256 encrypted access to the enterprise’s private cloud that no third party can access. Work from home or from the coffee shop: your files are protected, to address governance and compliance requirements.

Data loss prevention and disaster recovery – When corporate data is centrally stored, it’s better protected against data leakage. This includes data lost to a cyber attack, employee error, or a lost or stolen device. With an enterprise-grade file sync and share solution, sensitive corporate data is kept secure and protected.

Secure access

Remote work devices - There are two major considerations when it comes to devices. Either a) workers can use their own, which is a bigger security risk, but quite a bit cheaper and faster to deploy if their devices are up to the task, or b) a company can provide the devices that are needed. Given that the prevalence of Shadow IT (workers using unsanctioned, unofficial apps to get their work done) is generally higher than most enterprise IT departments are willing to admit -- meaning that company data is already on many personal devices anyway.

Many IT solutions will have inherent data security features built-in, which will actually serve to improve and mitigate otherwise risky traditional or legacy systems that in-office systems might still be using. The solutions we cover can either act as a secure layer over existing systems or once implemented, serve to replace and lend to a better, more efficient and secure way of working.

> Manage endpoint compliance
> Provide a seamless user experience and reduce user support
> Contextual Security and zero trust

Secure access control – In general, the worker should never do any work for the organization without the VPN on their device(s) being turned on. Typically this is provided by a virtual private network (VPN) solution, which sits on the PC, laptop, or mobile device and creates an encrypted network connection that makes it safe for the worker to access IT resources within the organisation and elsewhere on the Internet or other networks. To protect application servers and other resources from unauthorised access, organisations turn to strong authentication and authorisation. This requires the implementation of identity-based access controls.

Identity and Access Management (IAM) solutions help ensure this necessary asset protection while certifying regulatory compliance. This key technique is used to determine whether access should be granted to each individual client. These solutions must also support custom and standardised internal applications as well as Software-as-a-Service (SaaS) applications.

With built-in features like VPN, single sign-on and two factor authentication. Gateways can provide secure access to Virtual Apps and Desktops applications, giving users access to all applications and virtual desktops through a single URL. Many gateway solutions can be integrated with combined MDM solutions (Mobile Device Management) which allow a certain level of access to data from mobile devices (see below). IT administrators can apply contextual security policies to control access to applications based on the state and posture of the end user device, to strengthen access before the user reaches the backend resource.

Two Factor / Mutli Factor Authentication - Single factor authentication such as password authentication is in many cases no longer considered as secure, as users like to use "easy-to-remember" and hence "easy-to-guess" passwords.

Cyber attackers use countless techniques to get the information they need to hack into your enterprise applications. But nearly all of them ultimately break in using the same method – they take over legitimate user accounts using stolen or cracked user IDs and passwords.

Provide transparent two / multi factor authentication to keep hackers out while granting easy, friction-less access to legitimate users. 2FA fobs (hardware devices that provide PINs to further authenticate users) are inexpensive now. Workers can also use their mobile devices as a 2FA authenticator.

Mobile access – Secure Mobile app completes the continuum of simple user access, with full data control from any Android, iOS or Windows mobile device. Even if users use personal smartphones to work, the centralised Mobile Device Management (MDM) platform ensures complete data privacy. Access gateway and MDM solutions deliver data protection features;

* Enable easy on-boarding of devices, but granular control of access
* Prevent unauthorised devices connecting and copying data
* Control the use of corporate and non-corporate apps (shadow IT)
* Containerise corporate apps and data,
* Controls and blocks types of files, of a certain size or content. Assigns limits copying data, print, screen shot etc.
* Remote wipe can selectively delete only corporate app data (users personal data not touched).
* Troubleshoot device and app issues.
* Kill Pill: Built-in option 'Kill Pill' allows remote clearing of entire contents of device disk / container and block or change the password.
* DCR - Data Content Reporting gives you the ability to remotely inventory and make a detailed verification of the contents of USB drives.

Network efficiency and uptime

Many enterprise organisations will have global office with thousands of employees. Moving a large volume of people to remote working and access will present performance challenges to backend systems serving the applications and data in an efficient and user friendly manner. For example Video traffic is accelerating, and for home working, video meetings are key within team, suppliers, partners and customers. You must ensure seamless, high-quality delivery. Scale globally, but optimise to ensure the highest possible customer satisfaction.

Load-balancing and deduplication/network optimisation - technologies, which means your users don’t need high-powered home modems and internet connections to work productively.

Whether you host your applications and content on premises, in the cloud or in content delivery networks (CDNs), Intelligent Traffic Management allows you to globally load balance all traffic, dynamically optimizing the user experience and lowering service costs. Using real-time machine learning to direct user requests to the most suitable content source.

Deliver VDI (Virtual Desk Top) experience - Instead of building and operating your own infrastructure, you can simply deploy desktops on demand with a DaaS solution (Desktop-As-a-service). With DaaS, you manage your images and users, while the infrastructure is managed for you by a service provider, on a pay-as-you-go basis.

Anti scam, malware and phising attacks

Coronavirus scams are popping up everywhere. As you can imagine, there are a lot of email messages and websites sharing information about COVID-19. Because of this overwhelming amount of information that you will be getting through email and other channels, it’s a good time to brush up on phishing and malware attacks. Criminals always find opportunity in tragedy, and this is no different. So far, we've seen a handful of attackers posing as authorities and using the Coronavirus as the basis of a scam.

Some of the most common scams are fake cures and fake fundraising messages. The World Health Organization and the Better Business Bureau have warned against both of these. There are currently no U.S. Food and Drug Administration-approved vaccines, and when a cure or vaccine becomes available, you probably shouldn't try to purchase it through an email link or website.

On-premise and cloud managed content filtering solutions and services can track and block malicious content before reaching your endpoint devices, such as desktops and laptops. It is good practise to not rely on a single line of defense in these case, so implementing malware protection software on endpoint devices is advised. Protection policies can be managed centrally by your in-house IT team or trusted third party managed service security providers.

By Paul Rummery, Securenet Consulting