As the Dust Settles: The Value of Secure Remote Access in the Hours After a Cyberattack

The first 24 hours after a cyberattack are chaotic. The investigations and conclusions will come far down the road, but in the immediate aftermath of an attack, the entire organization is in reaction mode. The public relations team will update media members hungry for additional details. If an attack affects an organization’s own employees, the human resources department will issue alerts internally. The legal team will remain on standby to ensure regulatory requirements are met, offer counsel and guide the organization through the first few days of what is likely to be a process lasting many years. For the IT department, meanwhile, those first few hours are all about containment – discovering the origin of an attack, isolating or stopping its harmful effects, and securing IT systems to assure continuity. Yet, in many cases, victims of cyberattacks aren’t taking these critical first steps. According to a new survey by the SANS Institute, only 59 percent of organizations are able to contain attacks within 24 hours and more than half claim to be dissatisfied with the length of time it takes for them to contain and recover from an attack. Even the federal government doesn’t really have a perfectly coordinated strategy for responding to these events. As last summer’s hack of the Office of Personnel Management (OPM) showed, the government isn’t well equipped to react quickly to emerging threats and successful attacks, and individual agencies don’t always take ownership of a coordinated response. Fortunately, most businesses don’t have such a burden. Most are more agile than the government, and therefore better positioned to respond quickly, even if the findings of...

Seamless Roaming or Always On: The Remote Access VPN Feature Digital Nomads May Be Missing

In remote working environments, the Digital Nomad isn’t tied to a desk or cubicle, but he has close relationships with his coworkers. The Digital Nomad works exclusively from mobile devices that connect wirelessly to the Internet, and she’s still able to finish all her tasks on time. For now, these workers are generally the exception to the rule, but that may not be the case for much longer. One-third of business leaders anticipate that by 2020, more than half of their full-time workforce will be working remotely. It’s not difficult to see why remote work is so popular. Today, Digital Nomads can be more nomadic than ever, setting up new mobile “offices” wherever there’s a network connection. They don’t even need a hard surface to put their device on or an outlet to plug into. But, what they do need for security purposes is a remote access VPN to enable a secure connection back to the corporate network. VPNs are reliable, but the problem is, network interruptions have long seemed inevitable. They get in the way and disrupt the user’s computing session. That’s when a VPN feature known as seamless roaming or always on comes into play, allowing a user to move between different networks without losing the connection. The Value of Seamless Roaming Whether you’re a finance executive fighting dead zones as you work on your laptop from a train, or a sales professional working from an airport across a spotty Wi-Fi connection, each time there’s a network disruption, the user has to manually restart the VPN connection to continue working. This is why seamless roaming is no...

OPM Breach Shows Need for ‘Nimble’ Government Network Security

No matter how you look at it, the Office of Personnel Management (OPM) is on the hook for revealing the records of millions of Americans. The only question is how many millions. If you believe the agency’s own report, then it’s 4 million. Four million current, former and prospective government employees whose personal information became public following a cyberattack conducted throughout the early part of this year. The numbers are even worse if the reports from the Associated Press, Bloomberg and other prominent news sources are accurate. They claim the number of victims is closer to 14 million. Although the OPM investigation is still ongoing, the federal government has already begun the task of investigating and explaining the attack. As White House Press Secretary Josh Earnest told reporters last week: “Protecting the computer networks of the federal government is a daunting challenge. It does require the federal government to be nimble, something that’s difficult when you’re talking about an organization that’s this large.” Earnest is right. When you’re talking about the federal government as one body, it’s difficult to imagine it being fleet-of-foot and responding effectively to new and emerging cyberthreats. On a smaller scale, though, there are plenty of government agencies, at all levels, that are getting the job done locally, and taking proactive steps that should prevent them from becoming the next OPM. Let’s look at one government agency in Iowa that’s upgraded its remote access and, in the process, is protecting its network. Read Case Study Lessons from the Heartland Iowa Vocational Rehabilitation Services (IVRS) is a state agency, headquartered in Des Moines, that partners with...

Q&A on Employee Provisioning with Joerg Hirschmann: Part 2

This is part two in a series of questions related to employee provisioning and VPNs. Earlier this week, we addressed how enterprises can ensure that their provisioning processes benefit their overall security postures.  Question: Provisioning’s security holes become particularly apparent when remote mobile access users leave a company and enterprises try to apply a one-size-fits-all de-provisioning approach. In today’s mobile, global, 24-hour business world, what de-provisioning tactics are necessary to mitigate security risks during employee transitions? Joerg Hirschmann: The best de-provisioning approach will be one that does not rely on a singular component to keep up with an organization’s changing needs. For instance, a provisioning process should go beyond the ordinary capability of disabling an account; instead, an organization should use the scalable method of PKI (certificate based authentication), which offers an additional option to withdraw remote access permission by revoking the user’s certificate. Similar offerings are available through One-Time-Password tools, which can also disable specific tokens, for example. At the end of the day, the quality of the automated process will dictate how effective provisioning and de-provisioning will be. Stay tuned for more on employee provisioning and VPNs next week. If you have any questions that you would like answered, as related to VPNs, remote access, network security and the like, send them to editor@vpnhaus.com.  Joerg Hirschmann is CTO at NCP...

Q&A on Employee Provisioning with Joerg Hirschmann: Part 1

Today’s post kicks off a Q&A series with Joerg Hirschmann, CTO at NCP engineering GmbH. These questions and answers, which we will post over the next few weeks, are related to employee provisioning and VPNs. Question: While user provisioning can enable efficient employee on-boarding, poor provisioning can result in expensive and irrevocable data leaks. How can enterprises make sure their provisioning is a benefit, not a detriment, to their overall security postures?  Joerg Hirschmann: VPN user provisioning should be as automated as much as possible to rule out manual flaws, which are often caused by workload, unplanned absences, etc.  However, if not designed properly, even the best automated processes can allow security leaks to disrupt the corporate networks. Normally, the provisioning process does not originate from the IT department; rather, it is initiated by HR once the decision is made to sign on/off staff or to provide access for external partners (temporary or permanent). Processes will have to be defined accordingly so that these kinds of personnel decisions will find their way into relative data records, which are then processed by IT. Therefore, a remote access solution must provide relevant interfaces to get synchronized with the appropriate databases. The more time this information needs to be delivered to the relevant system, the bigger the security risks are going to be. It goes without saying that the processes defined need to be thoroughly tested and approved. Stay tuned for more on employee provisioning and VPNs this week. If you have any questions that you would like answered, send them to editor@vpnhaus.com.  Joerg Hirschmann is CTO at NCP...