Now is not the time to be tempted to use insecure homeworking solutions

March 16th, 2020. The demand for homeworking is exploding because of Covid-19 measures being taken worldwide. As it turns out, a lot of organizations are not scaled to provide secure homeworking. Not all employees are equipped with laptops, VPN or VDI platforms are not scaled for mass usage, et cetera. In attempts to keep the business running, IT departments are taking urgent measures in scaling for mobile and homework. Unfortunately, this doesn’t always happen with security best practices in mind:

• • • Open RDP: Users are just getting access to desktops and server-based computing environments via an Open RDP environment. In our study from Jan 2020, we saw over 360.000 Open RDP environments in 6 European countries. I’m sure this will be significantly higher today.
    • No MFA: Organizations are not using MFA (multi-factor authentication), and, are just using Login & Password. These are still too often easy to guess or hack. E.g. ‘123456’, ‘password’ and ‘qwerty’ are in the top 3 of most used passwords in 2019. Alternatively, malicious entities could also link logins and passwords via the many lists that are floating around on the dark web. If you don’t have extra security measures in place, using just a login & password means your business is a sitting duck.
    • VPN Access on BYOD: VPN is the most used tool for remote access. With the spike in demand, organizations are tempted to enable VPN on unmanaged devices (that could be compromised). Running a VPN on a compromised device is a definite no-go. It gives hackers the possibility to enter your network without too much hassle.

Corona hackers?

We see an increase in hacking activity since the Corona outbreak. TheNextWeb reports that hackers are publishing malware-infested outbreak maps and dashboards. While the official map from “John Hopkins University” informs the public, these maps are built to discover credentials such as usernames, passwords, credit card numbers, etc. This could be the personal webmail account of the user. It could also be access to your corporate network. 

Not necessarily related to the same root cause (which is still unknown), but March 13th Computer Weekly reports that a hospital in Brno, Czechia, was the victim of a cyber attack. The hospital IT systems were turned off and have been encrypted by ransomware. This, amidst the Covid19 crisis. The worst possible timing for the hospital. And probably the best for the hacker(s) to see any form of ransom payment. 2 days later, on March 15th, the municipality of Marseille, France, is also hit by ransomware attacks says Securityaffairs.co. This attack right before the local French elections. 

Secure homeworking with Awingu

Awingu enables secure access within the principles of “Zero Trust”. Users take whatever device, including unmanaged ‘BYOD’ devices, and login via their browser to RDP based desktops and remote apps, file shares, intranets, … Nothing is running locally on the device. The user only gets access to these assets (files, apps, ..) they have the right to access. MFA is built-in. User controls can very gradually be turned down (e.g. no remote printing, no copy-pasting, etc).

The beauty is: Awingu runs on top of your existing back-end environment. It is not disruptive, still adds all the mobility and security benefits. 

Fast, faster, fastest deployments

Time is of the essence. Deploying Awingu in your existing network can be done in the lapse of hours. Roll-out to users is also very quick as there are no agents and clients to install on the end-points. Users just need to authenticate to the Awingu workspace via a browser. That’s it.