Reimagining security in IT/ITeS industry for remote access systems

2020 witnessed the largest experiment in remote work to keep businesses running despite lockdowns and social distancing measures. This abrupt move drastically changed the way we work.

Remote access increased the number of vulnerable touchpoints, leading to a higher risk of cyberattacks and data leaks. According to cybersecurity firm Sophos, more than 80% of Indian enterprises have been hit by ransomware attacks — a type of cyberattack that ‘kidnaps’ a company’s data and encrypts it to make the data inaccessible until a ransom has been paid.

On average, tackling such attacks — either by paying a ransom or implementing measures to fix the issue and deal with its aftermath — cost more than INR 8 crores.

The challenge with remote access

Before the lockdown, remotely logging into client servers involved infrastructure heavily regulated by IT teams within enterprises. However, a need to digitize almost overnight spiralled this situation out of control, leading to several employees using personal devices and home internet connections to access client data.

Businesses barely had the time and resources to train their employees in security protocols that minimize the risk of cyberattacks. Without additional security layers such as endpoint security, two-factor authentication, or virtual firewalls, companies risk exposing themselves to malicious attacks.

As more businesses embrace the cloud and cloud-native technologies, the risk of such exposure only gets worse. Employees across India share this sentiment. According to a recent survey by Lenovo, 82% fear being vulnerable to data breaches.

Once an attacker breaks into a company’s system through an employee’s device or network, they can access and change anything they want. In most cases, the attackers install other remote-controlled programs to retain their access if a compromised server gets detected and replaced.

A need for better remote access systems

To reduce the risk of breaches, the way we log into client servers must be reimagined. Companies must have the highest regard for data security protocols and pay attention to strengthening the security features of their employees’ devices and network infrastructure at home.

It starts by raising awareness amongst employees regarding cybersecurity and encouraging them to use strong passwords that don’t contain any personal information, especially for endpoint security and their work devices. They must ensure that employees don’t end up using the same passwords for multiple applications.

Advocating the use of multifactor authentication is yet another measure that can reduce the risk of a security breach. As part of its cybersecurity solutions, Tata Tele offers the world’s fastest multifactor authentication powered by Cisco Duo and designed using the principles of zero-trust security.

Lastly, while logging into client servers remotely, companies should facilitate the use of VPN gateways, install endpoint security solutions in all devices used by employees (desktops, laptops, phones, and servers), and set up virtual firewalls to detect and block malicious threats. Such threats can include ransomware, phishing, malware, and other cyberattacks that can lead to expensive downtime and cause irreparable damage.

Using only one of these methods will not be enough. A recent ransomware attack on IndiaBulls Group exploited vulnerabilities in the VPN system. The best approach is to adopt comprehensive cloud security solutions such as those offered by Tata Tele, covering everything from endpoint security and virtual firewalls to email and web security

The security risks associated with remote access existed even before the pandemic. All that is changed is the urgency to adopt security measures to minimize the chances of potential breaches.