As government agencies move to working remotely, how can they ensure that staff work as securely, effectively and productively as before, if not more?
Scenarios and policies are evolving on a daily basis, requiring civil servants to adapt at an unprecedented scale. In some countries, entire agencies are for the first time ever working from home. Technology like videoconferencing and cloud-based collaborative apps are allowing them to continue with as little disruption as possible.
Governments will need to ensure that this work remains secure. We look at the risks governments face and how they can secure their systems.
Agencies will not be able to prevent every attempted attack on their system during this time. Instead, the great risk they face is to contain attackers before they access critical data.
Stealing employees’ credentials is a common first step taken by hackers, as was the case with the attempted attack on the World Health Organisation last month. A group of elite hackers set up a malicious site mimicking the WHO’s internal email system, Reuters reported, and used it to try and steal passwords from agency staff. Such impersonation attacks on WHO have “more than doubled”, the agency’s Chief Information Security Officer said.
The US, UK and other governments have warned staff on the risks of working remotely, and both have issued guidance on cyber-vigilance to civil servants. All employees at NASA and the US Cybersecurity and Infrastructure Security Agency experimented with telework for an entire day to test whether their systems were up to it, The Washington Post reported.
Agencies will not be able to secure WiFi connections in employees’ homes. Singapore’s strict air gap policy will mean that many civil servants wouldn’t even be able to connect their work devices to the internet at home, and will need to use secondary devices.
The usual security tools like VPNs and passwords simply won’t cut it, as thousands of people adapt to new environments and work around the clock to keep critical public services running. Passwords are hard to remember and can be easily hacked, and VPNs don’t allow the kind of granular control for access management that agencies now need.
Tech departments in governments must use the principle of “zero trust”, where no one inside or outside the organisation is automatically trusted. Instead, everyone needs to be verified before they are granted access. They must closely manage and monitor who has access to systems and data.
Securing remote users
Managing access to critical information is an effective way to minimise the kinds of attacks public sector agencies are now facing, says Israeli security company, CyberArk. The company specialises in building technology to control and manage access to systems.
This approach can allow agencies to minimise the moves hackers can make once they’re in the systems and stop them before they cause any real damage. “Attackers are working to capitalise on people’s fears and desire for information, which underscores the need to safeguard critical systems and assets,” says Gil Rapaport, who co-developed the company’s biometrics-based tech, Alero.
The company has made Alero available for free to qualified customers until the end of May. This allows remote employees to use facial or fingerprint recognition through their smartphones, combined with a one-time QR code, to login to privileged infrastructure.
The sessions are encrypted end-to-end. It means that staff can access assets and information much more quickly and securely. They can also safely give access to colleagues from partners and contractors as all hands are on deck to respond to the pandemic.
The service can be managed centrally with a cloud-based system. Tech teams can see who has access and audit administrators. The system also identifies suspicious activity, and automatically responds to threats.
CyberArk has shared four ways any organisation can reduce remote working risks:
1. Implement and consistently enforce strict controls regarding who is able to access critical internal resources that house sensitive information.
2. Enable alerting and response to anomalous behavior or activity and improve visibility into activities on your network, such as who is accessing what resources.
3. Automatically provide and remove access to systems, allowing people to only access the systems they need to do their jobs.
4. Implement secure multi-factor authentication methods to verify identity of third party vendors.
Governments are facing extraordinary stresses. As they closely monitor and control physical borders, they must do the same with their digital ones.
Click here to find out more about CyberArk Alero.