Security Roundup: Remote Workers, Bitdefender-Splashtop, Wandera-Microsoft

Almost half of organizations don’t let IT teams lead in developing remote work security policies.

Edward Gately, Senior News Editor

April 3, 2019

8 Min Read
Security Roundup
Shutterstock

More than one in three organizations has experienced a security incident due to a remote worker, an unnerving fact considering that nearly 70 percent of employees globally work remotely at least once a week.

That’s according to a new survey by OpenVPN. It goes on to show that of those who have suffered a security incident, 68 percent experienced it within the last year.

We spoke with Francis Dinha, OpenVPN’s CEO, about this growing problem associated with remote workers.

Channel Futures: What are some of the common shortcomings in organizations’ remote work security policies?

Francis Dinha: While 93 percent of those surveyed have a remote work security policy in place, 24 percent of businesses haven’t updated these policies in more than a year. And although many of these policies have the right requirements – 74 percent require VPNs, 69 percent require sensitive data to be encrypted, and 68 percent prohibit work-related data on personal devices – they can’t simply set the policy and walk away. Your security policy deserves a regular slot on quarterly meeting agendas among C-suite executives so that the organization can hold itself accountable at the highest level for continuous security improvement.

Dinha-Francis_OpenVPN.jpg

OpenVPN’s Francis Dinha

Additionally, our study shows that 44 percent of organizations don’t let IT teams take the lead role in developing the remote work security policy. But why let anyone besides your resident security experts steer the initiative? No one approaches things from a truly security-first perspective like IT, so if security is an initiative’s main point, as it is with a remote work security strategy, IT should be heading the effort.

CF: Does the prevalence of remote workers present opportunities for MSSPs and other cybersecurity providers to assist organizations? Can you give some examples?

FD: When asked whether the benefits of remote work outweigh the risks, 92 percent of IT professionals said they do. Despite this, though, 90 percent of respondents believe remote workers pose a security risk in general, and more than half believe that remote employees pose a greater security risk than onsite employees.

Here’s how MSSPs and cybersecurity providers can assist organizations in mitigating this risk:

  1. If no VPN is present within the organization, then the company needs to institute one immediately to protect sensitive data going between the employee and their company network(s) and services.

  2. The company should establish some type of two-factor authentication with the company’s authentication system if not already present.

  3. A company should develop a policy on how to handle BYOD and which device’s sensitive data should and should not be stored.

  4. Workers need to have clear guidelines on how to secure their work devices when on unsecured networks and insecure physical environments.

CF: How do you ensure remote workers are following security policies?

FD: Nearly half of IT leaders say they only somewhat agree that remote employees adhere to remote work policies. As new measures are rolled out, IT representatives should hold live meetings with remote workers to illustrate how they can meet the requirements.

Additionally, education also plays a strong role in increased employee adherence. But our survey shows that only a third require their remote workers to take part in cybersecurity training twice a year, and this share drops to less than a quarter for more than twice a year. Make sure that remote workers aren’t …

… left out of regular security training and that they take required courses at least biannually.

CF: What was most surprising about the survey findings?

It is surprising that nearly half of the respondents’ organizations don’t let their IT teams take the lead on developing remote. If your organization does not have a dedicated CISO or CSO position/department, then it only makes sense that the most tech-savvy group of employees – IT – would handle developing the remote worker security policy. This group of employees is on the front lines in developing your organization’s unique infrastructure, tech stack and digital assets. So while it’s tempting to simply “loop in” IT and tell yourself that means security is prioritized, no one approaches things from a truly security-first perspective like IT.

Bitdefender Integrates with Splashtop Remote Support

Bitdefender‘s anti-malware security tools now are fully integrated with Splashtop remote support, giving IT and MSPs the ability to protect their managed computers with endpoint security technology.

Splashtop remote support users will be able to manage and deploy Bitdefender technology to their endpoints from within the Splashtop console. Once deployed, Bitdefender technology will keep endpoints secure with anti-malware, antivirus and other security capabilities. And Splashtop remote support users will be able to view the protection status of their managed computers anytime in the Splashtop console.

Bitdefender integration with Splashtop remote support is available now.

Thomas Deng, Splashtop’s co-founder and senior vice president of product management, tells us the integration with the Splashtop remote support solution opens up “tremendous revenue opportunities for channel partners.” Many Splashtop channel partners have “significantly expanded” their revenue by reselling the Bitdefender add-on to customers, he said.

“Splashtop is committed to introducing and integrating more best-in-class security add-ons to ensure MSPs and MSSPs are able to deliver enhanced security services, meeting governance and compliance requirements,” he said. “Bitdefender integration is just the beginning of the security offerings from Splashtop.”

The solution offers MSPs and MSSPs a holistic view of all computer alerts, compliance, security and management, Deng said.

“The powerful combination will drive stickiness with customers who can fully rely on their MSPs and MSSPs; and MSPs/MSSPs can enjoy a solid recurring subscription revenue stream,” he said.

Wandera, Microsoft Team Up for Mobile Workforce Security

Wandera, a provider of mobile security, has announced integrations within Microsoft’s Enterprise Mobility + Security suite to provide advanced mobile threat defense to enterprises.

The solution allows Microsoft customers to benefit from Wandera’s multilevel protection for users, endpoints and corporate applications. Wandera’s twin capabilities of endpoint security coupled with real-time prevention of network attacks are built using privacy first principles enabling mobile workforces to adopt security with confidence, and without privacy concerns.

Michael Covington, Wandera’s vice president of product strategy, tells us partners now can offer their customers a comprehensive solution that does not add unnecessary administrative overhead or ignore critical aspects of the threat landscape.

“We anticipate that this value proposition opens new opportunities for partner growth as they expand into organizations who want a more centralized view on their mobile risk posture,” he said. “This unified approach also allows partners to …

… differentiate from their peers who insist on selling multiple point solutions.”

Wandera works in tandem with Microsoft Intune, integrating mobile threat defense with an array of management tools to provide flexibility in reporting, enforcement and granular control. The integration also provides enterprise customers with device risk-based conditional access, powered by Azure Active Directory. Administrators can set policies that ensure only compliant devices are allowed access to Microsoft Office 365 services.

The integration with Intune is the latest initiative from Wandera to offer enhanced security to Microsoft customers. It’s available to all Microsoft customers and is compatible with all iOS and Android devices.

Group-IB Sheds Light on Malware Targeting 100-Plus Global Banking Apps

Cybersecurity company Group-IB has uncovered Gustuff, a mobile Android trojan that targets banking, cryptocurrency and marketplace apps.

Gustuff is a new generation of malware complete with fully automated features designed to steal both cash and cryptocurrency from user accounts en masse. The trojan uses the accessibility service, intended to assist people with disabilities.

Gustuff could potentially target users of more than 100 banking apps, including 27 in the United States, 16 in Poland, 10 in Australia, nine in Germany, and eight in India; and users of 32 cryptocurrency apps.

“In order to better protect their clients against mobile trojans, the companies need to use complex solutions which allow [them] to detect and prevent malicious activity without additional software installation for [the] end-user,” said Pavel Krylov, Group-IB’s head of product development. “Signature-based detection methods should be complemented with user and application behavior analytics. Effective cyberdefense should also incorporate a system of identification for customer devices (device fingerprinting) in order to be able to detect usage of stolen account credentials from [an] unknown device. Another important element is cross-channel analytics that help to detect malicious activity in other channels.”

The analysis of Gustuff revealed that the trojan is equipped with web fakes designed to potentially target users of Android apps for top international banks including Bank of America, Bank of Scotland, J.P. Morgan, Wells Fargo, Capital One, TD Bank, PNC Bank, and crypto services such as Bitcoin Wallet, BitPay, Cryptopay and Coinbase.

Gustuff infects Android smartphones through text messages with links to a malicious Android Package (APK) file, the package file format used by the Android operating system for distribution and installation of applications. When an Android device is infected with Gustuff, at the server’s command, the trojan spreads further through the infected device’s contact list or the server database. Gustuff’s features are aimed at mass infections and maximum profit for its operators, according to Group-IB.

The trojan can perform a number of actions. For example, at the server’s command, Gustuff is able to change the values of the text fields in banking apps. Using the accessibility service mechanism means the trojan is able to bypass security measures used by banks to protect against older generations of mobile trojans and changes to Google’s security policy introduced in new versions of the Android OS. Moreover, Gustuff knows how to turn off Google Protect. According to the trojan’s developer, this feature works in 70 percent of cases.

Gustuff also is able to display fake push notifications with legitimate icons of the targeted apps. Clicking on fake push notifications has two possible outcomes: Either a web fake downloaded from the server pops up and the user enters the requested personal or payment details; or the legitimate app that purportedly displayed the push notification opens — and Gustuff can automatically fill payment fields for illicit transactions.

Read more about:

MSPs

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like