With the outbreak of COVID-19, there are widespread extended requirements for staff to work from home. The phrase “work-from-home” brings-in fears on data security and data-pilferage risk from unmanaged end-user owned remote desktops, PC, and laptops that would be used as endpoints by staff and external vendors, partners, and contractors.
Remote access from unmanaged devices introduces elevated risks. Often these devices have a lower security posture, possibly out-of-date anti-virus or internet security software; they offer a higher risk of compromise because they might be running counterfeit or unlicensed solutions, or they are on untrusted networks. The enterprises have little or no control over what software is running or has previously been executed on the devices.
These unmanaged devices deliver a higher risk of stolen sensitive data (including corporate credentials) from attacks involving keylogging, which, along with spyware is ranked the highest global malware, by the NTT Security Threat Intelligence Report. Other attacks to be wary of include screen-capture or screen-grabbing, man-in-the-browser, saved account detail harvesting, screen-mirroring, man-in-the-middle, DLL injection, and RDP double-hop. During the coronavirus crisis, the risk is exponentially much higher.
Connectivity commonly used is VPN from these remote devices to corporate networks. VPN does not protect the user from malware that records the keystrokes entered or takes pictures or videos of the user’s endpoint in order to steal data. They scrape up passwords, credit card, and banking information, personal details, and more, to use in identity theft and other malicious deeds. Every piece of data entered into any application used by the home-based employee, contractor, or supplier such as Word, Excel, Outlook, Office apps, corporate apps, browser, webmail, SaaS applications, and so on – can be uplifted on the endpoint itself by malware – then sent out to the command and control server of the cybercriminal. In summary, all this data is stolen by cybercriminals even before it enters the VPN tunnel.
Ideally, with virtually no time for preparation, customers look for products that can be deployed quickly (i.e. within 24 hours) and which do not involve specially configured software or hardware – a simple download and install from pre-configured software is the preferred option. This means selecting proven anti-keylogging software that can protect every keystroke into any application and prevent screen-scraping malware from stealing credentials and sensitive corporate data.
Raqmiyat, an authorized reseller of Sentrybay, provides secured work-from-home solutions. “During this challenging time, organizations struggle to provide a secured work-from-home solution. By partnering with Sentrybay, we are offering this secured solution to help our customers without sacrificing their security posture,” said Abhijit Mahadik, Director – Cybersecurity Solutions at Raqmiyat.
Armoured Browser from SentryBayprovides a browser on Mac and Windows – a very unique secured browser that provides anti-keylogging, anti-screen capture, and anti-screen scrap features thus enabling a secured browsing environment for sensitive work to be done irrespective this malware on the PCs. “The best part of this offering is that it creates separate user & desktop sessions and leaves no-trace upon closing. With the latest enhancements, it can be installed as a pseudo-remote access solution to lock down the use of, say, Office365, SaaS apps, browsing, and so on. It can also be deployed for Citrix, Vmware or any other remote access solution deployed,” the company said in a statement.
“We have experienced a huge surge in demand worldwide, especially in the UAE for this niche solution from Sentrybay. Some of our largest banking clients have added licenses in the past week, specifically to enable more employees to work from home,” said Marcus Whittington, Co-Founder and COO Sentrybay.