Teleworking Security Assessments
The global coronavirus outbreak is radically changing the way we work together and how we depend on teleworking technology. It should therefore be the current focus of your attention when it comes to IT security.
Set up a secure homeoffice infrastructure
Working from home was often not an option
For many companies, teleworking has not been an option up to now for a variety of reasons. Now they have to provide a new teleworking environment for a large number of employees in a very short amount of time, what confronts companies with a great challenge.
Massive increase of employees in homeoffice
Many companies already offered teleworking for a small number of employees. Now they are overwhelmed by the number of requests, especially in times of the coronavirus, to provide a teleworking environment for the whole company.
Teleworking IT Security - service packages
The following services – like all our current projects – are carried out remotely by our security experts to protect the employees and the companies themselves in the teleworking environment.
Is your company currently facing massive challenges, which cover multiple factettes and not only cybersecurity? Are your IT resources operating at over 150% due to the switchover to teleworking and therefore no time to conduct hours of technical kick-offs? All this whilst dedicated to keeping the usual services up and running during times of high usage? Is subsequent degraded IT security just one of multiple problems that your company has to face? Then this is the perfect package for you to get a good overview of your teleworking solution. This package provides the maximum outcome with the least effort on your side.
What SEC Consult experts will do:
With provision/access to your companies teleworking solution, provided to regular employees and without getting a deep technical introduction from your IT, our expert security consultants will simulate a no knowledge black box attack assessment on your teleworking solutions.
From one moment to the next, teleworking was enabled and supported by companies where it wasn’t previously. Suddenly a lot of employees are forced to put their laptops and other company issued devices containing highly sensitive data onto their own home network – a completely unknown network that can’t be controlled by the business – living side by side with smart assistants, vacuum robots and other outdated network components. Furthermore, visibility of your hosts by your Endpoint Protection is suddenly lost on most of your clients.
What SEC Consult experts will do:
A homeoffice workplace assessment including portscans, vulnerability assessments and a risk assessment based on the other devices in the home network.
This package contains several components to gain a deeper insight into the security status of your environment. SEC Consult will provide you with prioritized tactical and strategic recommendations for how to address the issues discovered, including adequate instruction allowing implementation by the company’s internal IT department without outside support (in most cases). We provide this data in an easily consumable format for multiple audiences including executives, managers and technical staff.
This package includes:
- Endpoint Security & OS Hardening Review
- Endpoint Malware Protection Review
- VPN & Virtual Desktop Solution Security Confguration Review
- Video Conferencing Security Assessment
Assume compromise…if a remote employee’s endpoint gets taken over by a malicious actor, this can lead to quicker and deeper compromise than an external attack due to all business perimeter defenses already being bypassed. This assessment examines internal IT systems for any weakness that could be used to disrupt the confidentiality, availability or integrity of the company internal network. The results of an internal penetration test typically demonstrate what information or other assets might be exposed to an unauthorised user who has assumed network level access to your corporate IT environment.
What SEC Consult experts will do:
- Examine your corporate network for various common vulnerabilities, issues stemming from unpatched systems to misconfigurations such as default credentials and unintended exposed services. If password hashes are obtained, a password cracking attempt is made.
- Test from the perspective of both an authenticated and non-authenticated user to assess potential exploits against identified systems/services.
- Identify misconfigurations that would allow internal users to access unauthorised sensitive information and inadvertently leak it online. Data exfiltration will be simulated to demonstrate the impact of an internal breach.
- Review of network architecture and segmentation.
The COVID-19 crisis is over, and everyone is moving back from their homeoffice to the trusted company network. This sounds easy but might be the start of the next crisis – this time in regard to IT security.
Devices that were utilised for months in uncontrolled environments have to be treated properly. It is extremely important to assess and ‘sanitise’ them before they rejoin directly to the internal company network.
- SEC Consult will provide you with a strategy on how to migrate back from 100% teleworking to regular business.
- Furthermore, SEC Consult will help you identify potentially dangerous devices, quarantine, ‘clean’ and ensure they are safe, meeting expected company policy and standards. This can be supported by SEC Consults forensic experts from SEC Defence if necessary.