Minimising corporate security risks with (XaaS) Everything-as-a-service

For the 93% of enterprises that have migrated to digital-based workspaces, having the necessary security solutions is essential for avoiding any potential cyber-attacks

And with many of us experiencing remote working for the first time, businesses now risk experiencing the most refined and strategic attacks known to date.

As a workforce, we are becoming more digitally advanced, and the sudden requirement to work from home has accelerated this. As this transformation continues, cyber attackers are looking for more ways to exploit the technology being used. For the majority of threats, staff awareness and knowledge can be regularly updated through internal training. For example, recent reports suggest that 73 percent of businesses have provided staff with extra training on how to remain safe when working remotely, including specific training concerning verifying passwords and log-in credentials. However, when a threat goes unmissed through the human eye, secure digital solutions must be in place to flag these potential attacks.

Rushing for a remote working solution

The sudden demand for remote working as a result of social distancing to reduce the spread of COVID-19 was something that many businesses had not prepared for and left lots of us rushing to find a solution. However, in the hurry to implement a solution, businesses may have failed to carefully consider the potential for cyber threats and as a result, nearly three-quarters of UK businesses now think that home working is putting their organisations at risk.

Whatsmore, many organisations have overridden their security rules to ensure workers are quickly set up to work from home. Private end devices such as laptops, tablets and smartphones which are not protected by the corporate network and uniform security standards are being used now more than ever. Not to mention, there are no IT professionals on-site to monitor traffic and watch for suspicious activity.

There are a number of solutions that businesses can employ to ensure that their workforce continues to work as normal with all their applications seamlessly integrated, and the security of these solutions must be the number one priority. The combination of software, platform and infrastructure as a service, otherwise known as Everything-as-a-Service (XaaS), can allow businesses to access any on-premises and cloud environments behind one web portal.

Preventing internal breaches

Last year, 34% of data breaches were conducted by an employee. For employers, this can be difficult to identify until the crime has been committed. Businesses, therefore, need to reconsider the internal accessibility employees have of sensitive information. Managing this means companies need to deploy a cloud system that has a stable infrastructure and is able to monitor the access of employees. With this in place, employers will be alerted of any suspicious activity or unauthorised access, minimising the further risk of attacks.

Such systems can provide users with access only for the duration of their session via encrypted streaming to the applications, instead of the entire network which means that data never leaves the secure hosting location. Digital workspaces in the browser are equipped with a second factor and can be supplemented with additional security policies for dedicated groups and roles.

The threat of phishing

Another increasing threat facing business is the strategy of phishing. 46% of UK businesses have already noticed an increase in phishing attacks targeting their networks and data since implementing a policy of widespread remote working. Through this, attackers are letting themselves into the goldmine of corporate data through fraudulent marketing emails and messages. This again is another common threat that can go unmissed by employees.

With lots of us now working remotely, employees are sending critical emails via their private accounts, store important files on a home PC without current updates and patches, or use virus-infected USB sticks to quickly take company data home. These invasion gates for cybercriminals must be closed as quickly as possible in order to ensure sustainable security of business operations.

Protection from viruses

Viruses, worms and trojans are constantly roaming the net which results in high losses for companies, public authorities and private users. Once the trojan has settled on a computer, it is almost impossible to get rid of it. As a result, this can lead to production downtimes and fundamentally, the loss of important and sensitive data.

Emotet is one of the latest malware affecting companies. Disguised as emails from friends, neighbours or colleagues, it reads the contact relationships and e-mail content from the systems and ensures continuous self-dissemination at an extremely high speed. Emotet is just one of many malware that attacks and exploits the weaknesses of the “old IT world”, which is why companies need to act to update their systems.

Readily available cloud solutions can help companies safeguard themselves from such attacks. Once client-to-site VPN connections are no longer required as a result of migrating systems to the cloud, there is no point of attack for trojans. Furthermore, no end device within an organisation will be able to infect an application server as the direct communication between the user and the target system can be completely ruled out.

Many suggest that in a post-COVID-19 world, remote working will become a permanent way of work for lots of us. If this were to be the case, businesses must first implement a strategy which minimises and potential security risks which could arise as a result.

About the Author

Dominik Birgelen, CEO at oneclick. oneclick AG with headquarters in Zurich, Switzerland, and an innovation motor in Prien am Chiemsee, Germany, is specialized in the development and operation of a cloud platform for the automated deployment of digital workspaces. The goal of oneclick AG is to play a major role in shaping and improving end user computing.