The vulnerability of endpoints, from mobile phones and laptops through to home computers will be exploited by cyber-attackers to gain access to corporate networks during enforced coronavirus remote working, according to Dave Waterson, CEO at security protection software company, SentryBay.
Speaking as hundreds of thousands of employees start to work from home as the coronavirus spreads, Dave Waterson urges companies to quickly ensure that they don’t allow unprotected devices to open the door to cyber criminals.
“Already malicious actors are targeting people with phishing emails, and there is much worse to come,” he commented. “Endpoints are notoriously vulnerable, with as many as 42% being unprotected at any given time. With so many people using compromised laptops or home computers to log-in to the corporate network, they are creating a weak link in the security chain, and potentially devastating damage to their employer at what is already a very testing time.”
SentryBay is anticipating that because over two thirds of security breaches already originate at the endpoint, the huge rise in remote working is likely to lead to a sharp increase in cyber-attacks as a result of this vulnerability.
“Not only are people moving on to unmanaged devices and home computers outside the corporate perimeter, which may only have inadequate anti-virus software protection, but they could also access the corporate network from tablets or phones without realising they have no protection,” said Waterson. “Most enterprises have little or no control over what software is running, or has previously been executed on these devices, and limited mechanisms for checking and addressing these deficiencies. “
SentryBay’s advice to organisations is to use security solutions that are specifically designed to protect data entry on Bring-Your-Own-Device and unmanaged devices, particularly into remote access apps like Citrix, VMWare, WVD, web browsers and Microsoft Office applications. Browsers that access the corporate network should be locked down, including URL whitelisting, enforced certificate checking and enforced https.
They urge companies to look for products that can be deployed rapidly - within 24 hours - and which do not involve specially configured software or hardware – a simple download and install from pre-configured software is the preferred option. This means selecting proven anti-keylogging software that can protect every keystroke into any application and prevent screen-scraping malware from stealing credentials and sensitive corporate data. It is also important that there is access to a portal that allows simple configuration by administrators.
More information on how software can help to protect and enhance compliance of any remote access, enterprise and SaaS application is available at SentryBay
Subscribe to our newsletter
For the latest insights into the quickly evolving cybersecurity landscape, please complete the form below and we will share our newsletter, SentryPost.
For a demo of our solutions and the opportunity to chat to our expert team, please complete the form below.