02 Once upon a time…
03 Preparing for business change
04 The elephant in the room
05 Home is where the datacenter is
06 What security risks have we avoided?
07 Can we not use a ‘normal’ VPN? Dogfooding.
08 Security measures check list
09 A typical day, as seen by Xperience
10 Questions & answers
Agenda – “The avoidable security risks of remote working”
WE LOVE THE DIFFICULT ONES – SO YOU CAN ASK A QUESTION AT ANY TIME
THROUGHOUT TODAYS SESSION. TO GET STARTED, USE THE ‘QUESTION’
OPTION ON YOUR GOTOWEBINAR CONTROL PANEL.
“It seems like an age ago now, but it was only five months ago
that people across the nation were at each other's throats over
whether the UK should leave the EU. Society seemed more
divided than ever.
And then came the greatest crisis for at least a generation and
potentially since the war, as people were forced to self-isolate or
face the risk of death, serious illness or at least passing it to
someone else who could become seriously ill.”
Once upon a time…
Like a majority of businesses, Xperience moved to remote
working on March 18th. In 24 hours, we transitioned our
staff in Lisburn, Peterborough & Glasgow to 103 remote
offices across the United Kingdom & Ireland.
Here’s our story, on the avoidable risks of remote working.
It’s a long story, but we’ll keep it short…
People are the greatest risk within an organisation, because users
are the entry point for any successful attack, whether it’s through
user error (misconfiguration), user behavior (clicking on phishing
emails) or installing third party applications which may have
We needed to ask ourselves, how do we…
- Enforce internet, email & social media policies
- Manage & report on adherence to our security policies
- Secure and manage the use of personal devices
- Detect, respond to & address security threats
- Educate our users on any potential changes
- Ensure that our staff have access to their normal line of business
applications - regardless of their device, internet connection and
their level of IT knowledge.
Technologies & Systems
Managing 3 physical locations (Lisburn, Peterborough & Glasgow) for 100+ users can be
challenging on the best of days, so how are we going to successfully manage 100+
locations – which have none of the necessary security measures in place. Whilst we have
detailed business continuity plans in place to enable remote working for a short period
of time, a sudden long-term change will introduce significant risks.
We needed to ask ourselves, how do we…
- Mitigate the additional security risks that home working may introduce
- Extend on our premise security systems to the homes of every employee
- Monitor the threats to our business, in real time, so we can take immediate action
- Continuously improve our detection, response & management capabilities
- Produce detailed but conscience security threat briefings to the board
- Address non-compliance through the use of technology
- Maintain uptime and performance
Preparing for business change
FOR THOSE OF YOU THAT HAVE TRANSITIONED TO REMOTE
WORKING – DO YOU BELIEVE THAT YOUR BUSINESS IS AT A GREATER
Preparing for business change – focus areas
Challenge/Focus Areas ‘What keeps me up at night…’
Anti-Virus/Anti-Malware Are we protected? Do we have enough licenses? Is it working as expected? Do we have the right product?
Backups Are we protected? Are they working? Have they been tested? Are we backing up everything?
Internet Connectivity Do our employees have suitable internet connections? If they’re connecting into the office, do we have the capabilities?
Can our network cope with the additional internet traffic? Do we have enough VPN licenses?
On-Premise/Datacenter Hardware Are we monitoring our on-premise hardware? Has anything failed? Are they under warranty? Is it fit for purpose?
Office 365 Productivity/Collaboration Are we backing up OneDrive, SharePoint & Emails? Are we backing up everyone/everything? Are they working?
Physical Premises Is the building secure? Is the air conditioning functioning? Is the server room secure?
Insurance Do we have adequate and valid insurance, such as Cyber Insurance?
Our Data Where are we storing our data? Are we duplicating files on Dropbox, OneDrive, network shares or local devices?
Web Browsing How are we monitoring internet use? Are we enforcing internet policies?
Home Security Are the devices within our employees homes secure? Have any of their smart devices (cameras) or their wireless accounts
points/routers been exploited? Is their network secure? Do they share their wireless connection?
HOME IS WHERE THE DATACENTER IS
With the potential of 100 new remote offices, our number one priority was to protect the
business, it’s employees and our customers. To help achieve this, we implemented a unique
solution - we re-routed our employee's internet traffic (home and office) through our London
Datacenter, to provide real time threat protection. Whilst we protected the business in less
than 24 hours, these measures will provide long-term benefits to the organisation when we
return to normality or should a second wave strike.
01 Real Time Attack Detection & Mitigation
Through the implementation of an intrusion prevention & detection
complimented by Cisco Talos/Snort rule sets (which are updated every 6
hours), internet traffic from each employee, is analysed in real time,
protecting the business from known and emerging threats.
02 Big Data – Real Time Monitoring & Analysis
Through the use of real time analytics, our platform processes millions of
firewall event logs each day, ensuring that our network operations and
information security management teams have access to live attack data
whilst also allowing us to produce detailed executive reports.
03 Remote Device/Endpoint Protection - Review
Our employees are accessing internal systems, located within our offices
(on-premise hardware) and our cloud platforms in Belfast & London. To
enforce compliance whilst allowing employees to obtain the same level of
protection that they would get in the office on any device, from any
– we implemented a new Endpoint VPN service.
04 Geo-Location Restrictions
To reduce the attack surface, we enforced geographical restrictions,
ensuring that our staff could only connect to our systems and VPN if they
were physically located within the United Kingdom.
05 DNS Filtering & Advertisement Blocking
We implemented DNS filtering & advertisement blocking to reduce
bandwidth consumption (especially important for home workers with poor
internet connectivity), improve website loading times, prevent information
leaks and to protect our users from malicious websites.
06 Encrypted DNS (DNS over HTTPS)
The Domain Name System (DNS) is the phonebook of the Internet,
users to access domain names such as bbc.co.uk by translating these
common names to the IP addresses of the servers that host the files and
folders. To further protect our employees we introduced DNS over
to encrypt those queries.
What security risks have we avoided?
“Why can’t we use a ‘normal’ VPN?”
A Virtual Private Network (VPN) allows you to connect to a
remote location (or server) using a VPN client such as Cisco
AnyConnect or OpenVPN. In most cases a ‘split tunnel’ is used,
which routes business traffic through the VPN whilst general
internet traffic is routed through your home broadband
connection. By routing all internet traffic through our Security as
a Service platform, we can inspect, analyse and block malicious
traffic, protecting every user within the organisation, regardless
of what they are doing or where they are located.
“Dogfooding is short for “Eating your own dog food,” which represents the
practice of using your own products. For Xperience, we utilised a number of our
product and service offerings, to overcome a number of security challenges as
part of our transition to remote working.”
Security Measures - Checklist
Requirement Description Solution
Anti-Spam Blocks malicious attachments, spam & phishing emails Proofpoint Business/Enterprise
Anti-Virus/Malware Virus/Malware and Crypto protection for servers, desktops & laptops Undisclosed – Examples: Sophos, GFI or ESET
Backups Office 365, Server, Desktop & Laptop backups
Veeam Backup & Replication
Veeam Backup for Microsoft Office 365
Patch & Asset Management Cloud based automated patch scanning, deployment & reporting Patch Management as a Service (Xperience)
Micro Patch Management Zero-Day patch management protection 0Patch Micro-Patch Management
Intrusion Prevention & Detection Attack detection, migration, DNS over HTTPS etc Security as a Service (Xperience)
Remote VPN Services Secure, reliable, high performance & highly resilient remote access Security as a Service (Xperience)
Policy Enforcement Windows 10 Toast notifications, email reminders, automated logging Security as a Service (Xperience)
Real Time Threat Analysis Real time dashboards for threat analysis & reporting Security as a Service (Xperience)
Vulnerability Management Daily vulnerability scans (switches, firewalls, servers etc) Vulnerability Management as a Service (XP)
Monitoring, Alerting & Analysis Real time monitoring of all hardware & software Undisclosed
Security Measures - Checklist
Requirement Description Solution
Multi Factor Authentication
Two factor authentication for key systems (Office 365, Datacenter
YubiKeys (Physical authentication tokens)
RSA (Physical & software tokens)
Encryption Encryption for endpoint devices (Laptops & desktops) Bit locker
..and then some
“An increasing number of malicious cyber actors are
exploiting the current COVID-19 pandemic for their own
objectives. In the UK, the NCSC has detected more UK
government branded scams relating to COVID-19 than
any other subject. At the same time, the surge in home
working has increased the use of potentially vulnerable
services, such as Virtual Private Networks (VPNs),
amplifying the threat to individuals and organisations.”
COVID-19 exploited by malicious cyber actors
A typical day, as seen by Xperience…
Above: A snapshot of our Security as a Service dashboard from April 27th, showing that 100,275
requests from 7,887 unique sources were blocked. The top attacking country was the United
States, followed by Russia, Netherlands, China, France, United Kingdom & Bulgaria.
Our Key Pillars
Benefits of our products for our customer
Increase control, protect margins, improve visibility of your cash
flow, access insight to help make futureproof business decisions
and streamline operations with our innovative software designed
specifically for the construction market.
Streamline, revolutionise and improve utilisation of your field
service activities with our fully Integrated ERP, Service Management
and HR Software Solution.
Shorten your sales cycle, respond faster to customer issues, create
a seamless customer experience, resolve service issues and
connect your entire business.
4. Own Cloud Platform
Our platform designed, deployed and managed by Xperience. We
don’t resell or outsource.
Own IP (Microsoft ERP add-ons):
Holding screen – Richard
Good Morning Everyone, firstly I hope you’re all keeping well and thank you for joining us on today’s session, with myself and Patrick Leggett to discuss the avoidable security risks of remote working.