Security in Uncertain Times - How we Handle the COVID-19 Situation at X41

The current crisis hits all parts of society and economy and X41 is no exception. We are in close contact with our customers and until now we worked on-site in many cases. Naturally, this is currently not possible so we have to find alternatives.

virus image

COVID-19 Situation and Changes

  • We are still available at full capacity
  • All on-site work is currently postponed until the situation allows it again
  • We offer all secure-coding and fuzzing trainings remotely via e-learning and video calls
  • You can send us your products and hardware and we will test them on our premises
  • We offer consultancy over end-to-end encrypted video calls and other secure channels for all questions related to security

Safety

While some projects require certain secured environments due to security requirements, many security audits can be done remotely or in a lab that we are operating with minimal staff where necessary. For many of our security researchers and experts, home office is an established option which is now the default mode of working at X41 unless security requirements demand lab presence and the safety of our employees can be accounted for. We are constantly re-evaluating the situation regarding travel restrictions and local curfews.

Help

For companies and individuals that have never operated a remote working infrastructure or worked remotely, the changed situations poses several challenges:

  • How can we enable efficient work from home?
  • How can they share data securely?
  • Is the performance / capacity of IT infrastructure such as VPNs sufficient?
  • How to keep data safe?
  • How to prevent phishing using fake COVID-19 warnings or advice?
  • What products and solutions to choose to solve the above problems?
  • How can you monitor all the new infrastructure and activities?

Solutions have to be developed on the fly, and we can only strongly recommend to not make the status quo permanent. That means right now, you should be evaluating the increased security risks you are exposed to. Is the file sharing service you are using exposing all the documents that are shared? Or is the VPN solution you implemented an open gateway into your internal networks?

If you want answers about such topics, we are still there to help you!

Recommendations

  • Use end to end encrypted communication channels (E2EE) such as for example Wire or Signal.
  • Make sure to use modern VPN technologies such as WireGuard.
  • Do NOT reactivate old devices that are End-of-Life!
  • Derive Safety Guidelines for your users that work from home
  • Raise awareness about COVID-19 related phishing attacks
  • Trust established services with a proven security track record over temporary self rolled solutions.

About X41 D-Sec GmbH

X41 D-Sec GmbH is an expert provider of application security services. With extensive experience and expertise in the information security industry and a strong core security team of world-class experts, X41 can provide premium security services. Their fields of expertise in the area of application security are security-centered code reviews, binary reverse engineering, and vulnerability discovery. Custom research and IT security consulting and support services are the core competencies of X41.

Author: Markus Vervier
Date: March 24, 2020