Going the Distance — Remote Work and Effective Cybersecurity in the Age of Coronavirus

March 27, 2020 1485 Views Gabriel Torok

It’s official. COVID-19, more commonly known as the Coronavirus, has been declared a global pandemic by the World Health Organization (WHO) with hundreds of thousands of cases worldwide. In the United States, restrictions are ramping up as case numbers soar — New York governor Andrew Cuomo has ordered all nonessential workers to stay home, and my own state’s governor Mike DeWine has issued a statewide shelter-in-place order.

Along with disruptions to daily life, the expanding impact of COVID-19 has forced businesses to rapidly pivot and adopt remote-work models — even if they have no experience with mobile connections and on-demand collaboration. The result is a surge in remote everything, from team chats to primary school education to project management and even healthcare delivery. See my previous blog on our customer commitment during the age of Coronavirus.

And while efforts to bridge the digital divide are having a positive impact for both workplace productivity and the mental health of those in isolation, there’s a potential pitfall: Cybersecurity. As noted by CNBC, there’s already been a significant uptick in scam and phishing emails — but what happens if malicious actors breach critical apps and services?

Here’s a look at how companies can still go the distance for cybersecurity, even when they’re nowhere near the beaten path.

The Big Push

Remote work has been on the radar for years. Employees were overwhelmingly in favor — research from 2019 showed that 99 percent wanted the chance to work remotely “at least some of the time” for the rest of their career. Employers, meanwhile, have been historically more reticent to support remote shifts; as noted by Business News daily , 75 percent of staff surveyed last year said their employer won’t help cover the necessary costs of working from home, such as a reliable Internet connection.

The Coronavirus, however, gave companies the push they needed — but didn’t want quite so suddenly — by forcing teams to work from home full-time and still achieve some semblance of productivity. It hasn’t been easy; CNN reports that federal agencies are struggling with technology challenges that limit meeting participants or concurrent virtual users. The ubiquity of robust cloud services, powerful mobile devices and rapid design frameworks for applications, however, makes this a temporary (albeit large) hurdle that companies are rapidly learning to overcome.

CNBC puts it simply: Coronavirus may well be the “tipping point” for Americans working from home — once we’re here, there’s no going back.

The New App Ecosystem

In corporate offices, schools and healthcare facilities there’s a split IT focus: While applications are necessary for end-user productivity, underlying infrastructure management is also critical. Working from home shifts this balance — infrastructure related to Internet bandwidth, speed and access move off-site into the realm of ISPs and other third-party providers, creating a clear path to business value: Applications.

Existing application features — such as contactless payments from Google Wallet and retail apps from Starbucks — are suddenly getting a workout, while food delivery services have built-in new contactless delivery protocols and notifications that help drivers and customers stay safe.

There’s also been a massive surge in collaboration app use — as noted by The Hill , for example, Microsoft’s Teams collaboration tool gained more than 12 million users in the last week alone, reaching a record high of 44 million daily logins. According to Business 2 Community , other applications like Slack, Zapier and Zoom are also on the rise, with many offering free or discounted use for businesses, schools, banks and healthcare organizations.

And that’s just the beginning — new apps have already been developed to help manage Coronavirus cases. In China, the Health Code app assigns citizens green, yellow or red barcodes depending on their risk of exposure and infection, while Thailand’s Digital Economy and Social Ministry (DES) rolled out an app that tracks quarantined individuals in self-isolation . Closer to home, there’s an AI-aided application in development that will help Americans self-assess their symptoms and risk and direct them to the nearest testing facility if necessary.

The Missing Piece

It’s one thing for scammers to send Coronavirus-related phishing emails or solicit fake charity donations, but what happens if they compromise networks, services and applications?

As companies and individuals deal with the sudden shift to social distancing, it’s easy to overlook a critical piece of the puzzle: Effective cybersecurity. The potential impacts range from frustrating to potentially fatal — if hackers compromise food delivery apps, for example, they could reroute payments and tips to their own bank accounts. If they infiltrate infection and quarantine apps, meanwhile, the difference could be life-and-death.

So how do developers, enterprises and end-users go the distance for cybersecurity? Start with a three-point approach, including:

Information— As noted by Computer Weekly, it’s critical for companies to provide employees information about cybersecurity best practices for remote work, especially as numbers ramp up. This includes the use of antivirus programs and firewalls on home computers along with healthy skepticism around any emails that are supposedly “urgent” or “mandatory”.
Frustration — Wherever possible, it’s worth frustrating attacker efforts by giving them as little data as possible. The simplest path? Reliable virtual private network (VPN) services that prevent attackers from eavesdropping on data transmissions or tracing information back to its source. The caveat? Make sure the VPN service itself is secure before buying in.
Obfuscation — Applications compromised at runtime may appear to act normally but give attackers the ability to introduce new commands, exfiltrate data or reverse engineer code to steal IP or create persistent threats. With the sheer amount of app usage and development across industries and market verticals, it’s essential to protect critical code with tools capable of detecting potential attacks, hardening key functions and obfuscating sensitive code and data — in turn forcing attackers to try their luck somewhere else.

Remote work is the new reality. Applications and services are emerging to help boost productivity and increase public health but in the age of Coronavirus it’s not enough to bridge the digital divide — organizations must also go the distance to deliver a layered defense and effective cybersecurity.

Latest Blog Posts

Dockerize PreEmptive's Products using Floating License

Customers occasionally ask us about adding DashO, Dotfuscator, or JSDefender to their Docker-based build processes. We do not provide pre-built Docker containers for our products, but it is relatively straightforward to create your own containers with the distributions we do provide. Historically, setting up licensing for these containers could be a challenge, but with the recent addition of Floating license support to DashO, Dotfuscator, and JSDefender, even the licensing part is straightforward.

This blog provides example Dockerfiles for each product, as a starting point for building your own containers. You will need to replace {x.y[.z]} with the appropriate major.minor[.patch] version.

Read more

Navigating the Choice Between Security and Customer Experience

Navigating the Choice Between Security and Customer Experience

Chances are, if you’ve used a mobile banking app, or bought something online, your purchase was facilitated in part by a Fiserv product. Fiserv is a global provider of financial services technology. Clients include banks, credit unions, financial companies and retailers. As a Fintech company, Fiserv provides payment and commerce enabling technology to clients in more than 100 countries, serving as an “industry standard” across the world.

In a recent article “2020 Trends in Fraud and Financial Crime Risk Management” Andrew Davies – Fiserv’s VP of Global Market Strategy writes “Criminals are even more on the offensive, constantly researching new vulnerabilities and developing fresh attack vectors. For financial institutions, that's spurred growth in both process and technology investments to keep pace.” The question that Fiserv and many other financial institutions are asking: “How do you accurately manage detecting financial crime without inhibiting the customer experience?”

“Better licensing means more flexibility,” said CTO Bill Leach during a recent presentation on the release of DashO 11 - PreEmptive’s Android and Java Protection Product. “The new floating license and product activation features allow users to provision DashO on the fly – for example, on cloud hosted build agents that don’t already have DashO preinstalled. By specifying the license key at run time, development teams can more easily automate their builds, no matter where they run.”

Revamped licensing and activation are not the only updates in this latest version—other highlights include:

Cyber-attacks have increased in quantity and sophistication in 2020, but we may not have heard about them in the news. Covid-19 updates have dominated headlines, and our physical health and safety has taken the spotlight over our technology’s health and safety. While news of vaccines and outbreak hotspots will continue to be the most important “news of the day” – it is important to be aware of security breaches that threaten the safety of our data and privacy.

Protecting Industrial Internet Applications

Bayshore Network Case Study

Today’s utilities, factories and other infrastructure are exposed to high risk. The software that controls many of these entities is not protected. In the last 20 years, the way industrial environments operate has completely changed. Many industrial systems were designed with permissive set-ups that assume only the “right people” in the “right place” would ever give instructions. Past systems were not built with exposure to the internet in mind, and as a result they relied on this “air gap” to limit access to only authorized personnel within the organization. The rate of innovation within technology and wireless systems has outpaced the rate of development in security features. Control centers have gotten better - high tech displays and more capability, but this has led to an exposure to untrusted environments… and in many cases this threat has not been addressed.

Going the Distance — Remote Work and Effective Cybersecurity in the Age of Coronavirus

The Big Push

The New App Ecosystem

The Missing Piece

Dockerize PreEmptive's Products using Floating License

Navigating the Choice Between Security and Customer Experience

DashO 11 Release: Licensing, Bug Fixes, and Improved Functionality

Top 3 Cyber Attack Vectors During the Pandemic

Protecting Utilities and Infrastructure with PreEmptive's .NET Solution, Dotfuscator

Latest Blog Posts

Dockerize PreEmptive's Products using Floating License

Navigating the Choice Between Security and Customer Experience

JSDefender Version 2 Release

DashO 11 Release: Licensing, Bug Fixes, and Improved Functionality

Top 3 Cyber Attack Vectors During the Pandemic

Twitter