While the COVID-19 worldwide situation is still unfolding and the number of cases is increasing daily, quarantine times are being extended for the foreseeable future until a cure or an effective vaccine is researched and widely available. It’s because of this that remote working has become a necessity for businesses to survive. Many small companies with limited resources are struggling to find a way to enable their workers to continue with their jobs.
A solution often adopted in such situations is to provide access to “Remote Desktop Services”. Remote Desktop provides facilitate network access to employees over the internet. But this solution might not be the most adequate and presents several risks that businesses need to evaluate and mitigate against.
What is Remote Desktop?
The “Remote Desktop Protocol” (known as RDP) allows remote
access to a computers desktop by providing the right credentials (username and
password). Remote Desktop comes built-in to most versions of Microsoft Windows,
making it a perfect candidate for ease of deployment. When used within a
private network, it is a very convenient tool, however, once open to the
internet public access, it is not secure enough.
Thanks to the wide access to the computer it provides, RDP is used by cybercriminals to launch attacks. Recent statistics show that RDP is the most dominant attack vector, being used in up to 63% of disclosed targeted ransomware campaigns in Q1 2019
Cybercriminals know about you
Cybercriminals are aware of the valuable information that companies need to make available for their remote workers. To leverage this data, they have developed a wide array of tools to continuously look for remote access points on the internet. Such services are available online and designed to map assets on the internet and can also discover potentially vulnerable targets.
For example, though a quick use of such tools, we found out
that in the recent days of COVID-19, RDP in Malta there were less than one
hundred (100) open access points. After the lockdown came into effect the
number has been steadily increasing to reach nearly four hundred (400) three
weeks later.
These tools easily allow cybercriminals to gather a basic
understanding of the currently exposed system, their vulnerabilities, other
services and potentials usefulness of the data they can contain.
Not only can they access sensitive information should they
hijack the login information, they can also deploy ransomware or use the
exposed server as part of a wider botnet. There are also several vulnerabilities
widely documented that allow targeted outdated systems to be remotely used to
DDoS attacks, or just get the servers to be unavailable for remote access.
Buying and selling “Remote Desktop” credentials is also a
common practice in criminal markets such as xDedic[2] as reported by
kaspersky[3].
Securing remote work
Under the current exceptional circumstances, companies must provide the continuity to their remote workers without exposing their valuable data and risking their assets.
Fortunately, there are several options that can help prevent
the exposed risks of an open RDP:
Virtual Private Network
A Virtual Private Network (VPN) creates a securely encrypted
connection between internally protected servers and outside clients. This
allows for a number of services to be available to remote workers without
exposing the internal computers to the risk of being hacked.
Most enterprise level firewalls offer a decent level of VPN
encryption and deployment options. Some of these devices will require additional
licensing to provide the service or provide a limited number of unlicensed
connections.
It’s important to note that VPN traffic puts a tax on the
amount of traffic the firewall will be able to cope with; this is usually a
physical limitation of the amount of processing power available to the device.
RDS Gateway
Windows Server includes the “Remote Desktop Gateway”. This
service creates a secured HTTPS gateway that creates an internal tunneled
connection to the Remote Desktop server.
Signed and validated certificates are recommended to deploy
this solution, since they will provide the encryption and security.
This solution allows companies to easily leverage the spare
processing power in their virtualised environments (creating a new VM to use
just as a gateway), although it will require adequate windows licensing. It’s
the quickest to deploy and easiest to provide access for remote users, as the
only requirement for this to work is to have access to a web browser in order
to provide the credentials.
Multifactor Authentication
Although not a mandatory option and not to be considered
while the remote desktop is publicly available, Multifactor Authentication will
substantially improve the security of any publicly available service.
Overlaid on top of the two previous solutions, it is
strongly advised to provide multifactor authentication when available.
There are several standard technologies that can be used to
gain MFA options like Azure Active Directory, Office or Microsoft 365
subscriptions can also integrate with your RDS Gateway or VPN solutions to
allow MFA. RSA keys or Duo are also good options.
What to do next if you use Remote Desktop
The above may sound too complex or technical for many small and medium businesses. At BMIT Technologies we can help you figure out if you have the right set-up in place, and if not, suggest ways how you can address it.
We provide several options to both allow your employees remote access to your servers and applications while keeping your business and data secured and reliable.
Reach out to us.
“Work Anytime … Work Anywhere”, a term that might have been a bit of a buzz phrase and just something to aim for a few weeks ago is now today’s reality.
For
decades we were acquainted with the idea of travelling from home to the office
and back … At the worse possible hours of the day. Covid-19
gave a whole new meaning to the phrase “ability to adapt”. With the world at the mercy of a pandemic,
business must somehow find way to keep on running, especially in countries where
a lockdown, or partial one, is in force.
Within the span of a few weeks, or rather days, business had to somehow
rush to roll-out a work-from-home practice.
For most organisations, the sudden change in the way they operate their
day to day business not only impacted their operations but also the way their IT
function delivers its services.
Let’s
have a look at the telework, or remote work toolbox, and demystify the
technology behind it.
For
most businesses, IT services can be categorised in the following categories
- Communication
Services
- File Services
- Line of
Business Applications
Let’s start with communication services.
Email, instant messaging and telephony are the most common services under the communication services category. Undoubtedly, such services become even more important as a company moves to a teleworking set-up. With smartphones becoming standard in everyone’s pockets, email communication has moved out of the boundaries of the traditional office location and is always-present, often to the regret of the smartphone owner or those around him or her! On the other hand, instant messaging and telephony have always been deemed as secondary services, mostly because employees used to spend most of the business day at the office, where such tools resided on the the phone desk or not available at all, as in the case of IM. Things took a different turn when the traditional office had to be locked down, and employees sent to work from home. Such services instantly become the foundation for inter-company communication. In addition, a service that is rarely used in an office set-up but become default in teleworking is video conferencing.
Moving on to file services, these have been an integral part
of every organisation for decades. While file servers gives employees a convenient and
easy way to share files and data, these are generally very much restricted to the
office network, and therefore to the need to be at the office. Although a VPN can be used to extend such
services while working remotely, this is generally not the best option, usually
due to performance and overall control issues.
File servers are generally central to document share and access within
every business and due to the dependency on them, and also the widespread of
this service, IT departments often find it difficult to phase out the traditional
file server set-ups in order to replace them with more modern options.
Finally, there is a category of tools, referred to
as Line of Business (LOB) Applications. These are
programs/software that are critical to running the
business. Such applications include stock management systems, financial
packages, Enterprise resource planning (ERP) or Customer Relationship Management (CRM) systems, as well as custom build applications. These
applications enable organisations to
successfully operate their business.
Enabling
a new way of working
Luckily the cloud era made it easier for businesses to move out of the boundaries of their office. Products like Microsoft 365 incorporate all the components needed to replace most business communication and file services. Exchange Online, OneDrive and SharePoint Online are among the most compelling components offering within the suite. In addition, Microsoft Teams makes chat, meeting and collaboration available under a single platform. With telcos now offering SIP services instead of the old ISDN, the possibility of integrating telephony within tools such as Microsoft Teams or software-based PABXs has become a reality. All an employee needs is Teams or PABX systems sych as 3CX installed on his laptop and mobile, and your PABX is now totally mobile.
Digging in a bit more into the technology behind tools such as Microsoft365, a key aspect relates to the security features offered “be default”. Apart from the productivity tools such as Word, Excel, PowerPoint, Outlook and Teams, Microsoft 365 includes numerous security features to ensure a smooth and secure transition from the traditional security methodology. Historically, security focused entirely around the perimeter on one’s network. Multi-factor Authentication, Mobile Device Management, Azure AD, Conditional Access, Advanced Threat Protection and Cloud App Security are only a handful of the included features and services available that help organisation stay on top on today’s cyber threats. Without going into the details of each, one can summarise the benefit as being end-to-end security from the device up the core infrastructure running the applications on the cloud.
Azure as a complementary platform
to Microsoft 365
Microsoft
Azure augments Microsoft 365 to give a truly cloud first experience to
businesses. For Line of Business
applications, where migrating to a SaaS might be difficult, Microsoft Azure
bridges the gap with thousands of available
services that one can tap in on in no time.
Migrating Line of Business applications to the cloud not only removes all
dependencies on the traditional office but also improves employee
productivity. Such applications can be
presented to employees using Microsoft Virtual Desktop, a fully-fledged Windows
10 user experience available from any browser on any device of the employee’s
liking;
it’s all transparent to the employee, while
keeping security at the very centre of the solution.
Post
Covid-19
While most
businesses are currently focusing on trying to continue operating under these
hard times, history has showed us that no storm lasted forever. This crisis will eventually unveil a new way
of operating and doing business. It is
safe to say that business will acknowledge the benefits and flexibility that teleworking
brings along. Pollution is down, many claim there there
is a better work/life balance, for sure there is less commuting and many organisations are
experiencing higher productivity. These are a few of the benefits that we might be
surprised to see following this storm.
BMIT Technologies has launched a quick-to-deploy solution to enable your business to be able to telework. It addresses issues such as access to core software, different security requirements, and specific business realities while preparing your business for tomorrows’ way of doing business. Reach out to us to know more.
Want to know more?
The Government of Malta, through Malta Enterprise, has announced a series
of initiatives to help businesses during this difficult moment for the economy.
One such initiative seeks to help business adopt teleworking.
In brief: Malta Enterprise will pay a grant to every business, up to
€4,000, for costs related to telework incurred between 15th February and 8th
May 2020. There is a 45% capping against total cost, meaning that if you spend
€2000, you will be given a grant of €900, wheras if you spent €10,000, you will
be given the full €4,000.
The grant is given to help businesses set-up and
operate teleworking, to ensure that employees can work in a secure and easy
way.
Some costs that do NOT qualify for grant are:
- Purchase of mobile phones
- Purchase or upgrade of broadband connectivity
- Teleworking-related costs incurred through agreements in
force before the 15th February 2020.
BMIT Technologies has launched a quick-to-deploy solution to enable your
business to be able to telework. It
addresses issues such as access to core software, different security
requirements, and specific business realities.
Reach out to us to know
more.
More info about the scheme is available on this Malta Enterprise minisite
Want to know more?
With the COVID-19 outbreak come several concerns for organisations in general, and CIOs in particular.
As many governments advise everyone to stay and home, and making appeals to companies to enable telework for their employees, CEOs and whole organisations are turning to their CIOs for solutions. Quickly. And available in the most secure manner.
Many companies did not wait for authorities to tell them what to do, as the financial situation worsens, it is clear that all businesses need to move swiftly to a remote work set-up..
Businesses need to shift technological capacity and invest in secure and scalable platforms in order to migrate their teams to work remotely.
What Should CIOs Look For in These Times?
Each organisation has different realities, but there are some best practice approaches that, from our experience, apply across.
The need for social distancing mandates telework, that’s a given. So the next step for CIOs is gather information as to which employees can work remotely, what resources they require, and what technologies and system should be made available to them. Exposing a CRM or an ERP solution remotely might be straightforward for some, whereas other CIOs need to jump complex hurdles of legacy apps being made available, once again securely. A second dimension relates to the standard office productivity tools to be made available. In our experience, Office 365 is a solution for practically all customer requirements in this regard, but it is strongly suggested to look beyond this, and factoring in issues such as mobility and security.
Device Security Also Plays a Role
The security of the IT infrastructure should obviously be solid, but this also extends to the end devices (laptops / tablets / desktops) the remote employees are using from home. Device security is not just securing against obvious risks, but also ensuring that the connectivity, data transfer and applications being used are secured and under control too..
CIOs therefore need to update the policies and train employees to work remotely if necessary.
These productivity, security and mobility requirements can be achieved through Microsoft 365 which provides access to Office 365 and tools such as Microsoft Teams, but also to a range of security and mobility tools to maintain security and control as a CIO.
In Conclusion
CIOs need to analyse the current state of the company and determine who can work remotely.
Once they have determined the people who can work remotely, they need to make available the required infrastructure and systems to enable this. They also need to find effective tools that can handle that kind of workload as well as provide solid security measurements so none of the data or systems get compromised.
If, for any reason, you think that your infrastructure, or systems, and not yet ready for telework, feel free to reach out to us. We have already helped a number of customers achieve this in a speedy manner, by providing a quick-to-deploy cloud solution that also allows for legacy migration, as well as the right set of productivity tools to close the circle in terms of requirements – so just let us know.
Want to know more?
The coronavirus has become a pandemic.
This has put a lot of companies and employees at a huge health risk.
This means that, in order to assure that your employees are safe, healthy, and ready for work, you need to switch the workflow up a bit by going remote.
Remote work means that the employees can do their tasks wherever they are, in this case, as many governments recommend, from the comfort of their home.
If you or your organization does not feel like it is prepared for a large-scale remote work overhaul, you should not, because there are tools that make this process easy.
In many countries, governments recommend that if employees can work from home, they definitely should in order to avoid further spread of the Coronavirus, also known as COVID-19.
Carefully analyse all of the tasks and roles a set of employees has and determine if it can be transferred into a remote model.
It All Starts With Trust
Many managers think that employees will not be as productive working from home, without observation, as they would working in an office.
Workers who work from home tend to manage their time effectively, and work when they feel they are most productive.
Another advantage they have is the fact that they do not have any unnecessary interruptions like they would within the office.
Have trust in the team you selected to work with you and you’ll steadily accept remote work as a viable option.
Now Comes the Technology
Through a combination of IT infrastructure and productivity tools, you gain access to a solution that can help the transition to remote work tremendously.
In other words, you gain access to a remote set-up that is secured, where you can store all of your documents and files securely.
You can also schedule virtual conferences and meetings and even make recordings so other employees can view them when they get online and catch up to what’s happening with a given project they are working on within the company.
If you still feel like your business is not prepared to make this leap, BMIT Technologies can help your business and enable remote working.
This includes the migration of the line of business on the cloud and ensure business continuity while maintaining a high level of security to all of your files and data.
Want to know more?
On the 2nd September 2019, the Otters Under 15 waterpolo team won its Category in the National League, and thus became the first Gozitan junior waterpolo team to win an honour at National Level. They managed to gain 24 points out of a maximum 27 points to win this Under 15 Division. The team was Coached by Jean-Luc Zahra and assisted by Paul Dimech and team manager George Azzopardi. The players and officials were presented with the trophy by ASA Vice President Mr Karl Galea, Assistant National Team Coach Mr Anthony Farrugia was also present. The players and supporters thoroughly enjoyed this success !
All this promising bunch of players graduated to this successful team from the BMIT Waterpolo and Swimming School. A School which has been growing rapidly over the past few years and last summer attracted around 150 girls and boys to the Otters pitch in Marsalforn. 3 members of this team, Lara Camilleri, Isaac Azzopardi and Luigi Dimech have also been selected for the Under 15 Girls National Team and the Under 14 Boys National Team respectively.
Date - 19th February 2020
If you're a dog owner, you probably already know just how awesome dogs are. Dogs fill your life with love, loyalty, fur and plenty to smile about. Undeniably, they make our world a better place. BMIT Technologies, one of Malta’s leading IT services providers, is continuously promoting animal welfare and have lately donated funds to four different dog sanctuaries, namely: Gozo SPCA, Noah’s Ark, AAA and Malta SPCA.
Without a doubt, such organizations are
always excited to receive donations in any shape or form since most animal
welfare organisations rely on donations from the public and local business,
such as BMIT Technologies.
“We are aware that frequently, the number
of resources these organisations have don’t even come close to what they need.
Volunteering is another gift that is equally, if not more important than
material gifts. At BMIT Technologies, we are sensitive to these challenges and
we have animal welfare at heart. We fully comprehend the fact that these
sanctuaries are indispensable, as they specifically care for abandoned animals
and are capable of providing temporary homes for animals that need it” said Ramona
Mifsud, Marketing Executive at BMIT Technologies.
BMIT Technologies is committed to keep
assisting these animal sanctuaries as part of its central philosophy of helping
the community and environment in which it operates. Moreover, the company
through its strong business network, encourages other firms in Malta to embark
on this initiative and to support NGOs that are directly linked to animal
welfare and helping those who have no voice.
