Coronavirus: combating the security risks of working from home.
With millions of employees now working from home due to the coronavirus pandemic, experts are warning of an imminent new wave of cyberattacks. Tom Kellermann, who served on a presidential cybersecurity commission during the Obama administration, warns; “There are nation-states that are actively taking advantage of the situation, particularly our Cold War adversaries, and we need to be keenly aware that they are aware of the lack of security that is presented by everyone telecommuting.”
In the face of these new threats, be they state-led, criminal or industrial espionage, authorities are recommending increased vigilance. The Cybersecurity and Infrastructure Security Agency (CISA) has said that with the increase in telework, they encourage organizations to “adopt a heightened state of cybersecurity.” Chris Hazelton, of security firm Lookout, states "Students and workers remaining at home, or possibly stranded in a remote locations are going to be heavily dependent on their mobile devices. Mobile attacks are particularly effective because they often trigger immediate responses from recipients - instant communication platforms like SMS, iMessage, WhatsApp, WeChat, and others.”
For IT departments the scale of the challenge is huge, with device sprawl, and patching and securing hundreds of thousands of endpoints. “As a security team you lose control of the environment in which the user is working,” suggests Chris Rothe of security company Red Canary. “Essentially, your network perimeter now includes all of your employees’ homes.”
It is not just the unprecedented scale of this shift, but the inexperience of some of the workforce involved. The New Jersey Cybersecurity & Communications Integration Cell warns “Individuals who have never worked remotely are being provided with laptops and told to work from home. For some organizations and individuals, this is unchartered territory.”
Against this backdrop, what actions should organizations adopt in order to protect their business, their employees and their clients? The priority must be to secure communications. With departments scrambling to adapt and roll out business continuity plans, the nature and sensitivity of their communications represents a significant area of concern. Put simply, if those conversations are not secure, they expose all subsequent planning as vulnerable.
A workforce newly teleworking will find themselves using cell phones and laptops to communicate, for the most part unaware of the risks this presents, including fake cell towers/IMSI catchers, network attacks, signalling and device attacks.
These threats are not limited to state-actors or high-cost hackers; with nothing more than a browser, an internet connection and maybe a pre-pay debit card, anyone can spoof SMS messages and Caller IDs. Combined with basic social engineering, recipients could give up critical information such as passwords, employee locations, and much more.
The risks of consumer messaging apps
The unfortunate reality is that employees will turn to consumer messaging apps, putting their business in even greater risk. Despite their promises of encryption, a voice or text conversation over a consumer messaging app should be considered to be a conversation between two individuals in a public space.
These apps also effectively create a shadow IT, outside the control of the organization, with no integration into enterprise IT networks, no auditing for regulation and no control of their meta-data.
The Cellcrypt solution
Cellcrypt’s mobile and desktop apps put the enterprise in control, with the highest level of protection for mobile communications; all calls, conferencing and messages are protected by military-grade, authenticated, end-to-end encryption. Cellcrypt is enterprise ready, easy to integrate into existing IT infrastructure and puts the organization back in the driving seat.
The product is carrier and operating system agnostic, working across all platforms, including Android, iOS, Windows and Linux, and over cellular, WiFi, landline, and satellite networks. Calls and messages over Cellcrypt are not susceptible to attack from IMSI catchers, SS7 or other mobile network threats. Cellcrypt is available for Windows PCs and Apple Mac, iPhone, Blackberry, and Windows mobile devices, and is certified to the FIPS 140-2 standard, approved by the US National Institute of Standards & Technology (NIST). And running communications through Cellcrypt lightens the burden businesses are placing on their VPNs and core infrastructure, eliminating international and roaming charges and reducing voice overages.
Cellcrypt is in active use within enterprises and governments worldwide, with organizations ranging from intelligence services to banking, mining and cellular carriers. The mobile and desktop apps are self-serve, with licenses and downloads available via our website, the App Store and Google Play, ready for immediate use.
In addition, Cellcrypt can provide organizations with a private switch, on-premise or cloud hosted, a regulatory archive add-on module, and our Voice Gateway enables users to connect mobile with an existing PBX, allowing the use of normal extension numbers. All of which can be rolled out in a matter of days, potentially even hours depending on infrastructure.
Enterprise faces huge disruption, unexpected costs and an increased risk profile. At Cellcrypt we’d like to help where we can – to that end, for organizations affected by coronavirus we’re dramatically reducing the price of Cellcrypt licenses. Visit this page for more information and to protect your business.