With the majority of the corporate world moving from working in the office to working remotely, cyber criminals are prepping to take advantage of individuals who employ lax security practices on their home network. In this post, we’ll provide our readers with basic measures that they can take in order to strengthen their security posture and protect their personal and business related data from compromise.
The first security measure that we recommend is to Think Before You Click. Let’s face it, we’re all interested in hearing about the latest breaking news associated with COVID-19. It’s human nature to be curious about the unknown especially when a pandemic such as the Coronavirus comes out of nowhere and completely up rails your life.
Unfortunately attackers know this and are weaponizing fear, uncertainty, and doubt; allowing them to distribute malicious software and steal sensitive information via fake email campaigns where they’ll impersonate a legitimate organization and malicious websites that may seems to be legitimate sources of information however, the attacker just wants you to navigate to their site where they can get you to download a “file” that shows the latest statistics associated with the Coronavirus outbreak. If you’re looking for a legitimate source of information regarding COVID-19, we recommend that you visit Johns Hopkins Coronavirus Resource Center. The official URL for the site is: https://coronavirus.jhu.edu/map.html.
It’s important for us to highlight this fact as attackers have tried to lure individuals to visit malicious versions of the site which use a similar URL. Remember to slowdown, take a good look, and Think Before You Click.
Our next recommendation is that you Work Remotely From A Secure Location That Has A Secure Wireless Network (A password protected access point that leverages Wi-Fi Protected Access 2 (WPA-2) at the very least) and to Use Your Company Issued Virtual Private Network (VPN) when engaging in business related activities. Connecting to a wireless access point that utilizes WPA-2 or better is extremely important as WPA-2 introduces many security enhancements which provide greater data protection, network access control, and increases the time and complexity required to crack your access point password via a brute force attack where an attacker tries a large list of password combinations to crack your access point password. WPA-3 introduces several improvements over WPA-3 however, wide scale adoption of WPA-3 is years away as this would require a significant infrastructure upgrade in the corporate world and not all devices support WPA-3 at this time.
Using your company issued VPN is also important even if the websites and applications that you use for work are publicly accessible (can be viewed without having to be on the corporate network) as VPNs encrypt your communications making is practically impossible for an attacker to ease drop on your activities.
Last but not least, we recommend that you only Use Company Sanctioned Devices And Applications For Remote Collaboration. With a large percentage of the work force moving to remote work, collaboration tools are necessary in order to share information in real time with colleagues and partners. Unfortunately, not all collaboration tools are built equally. While the devices and applications approved for use by your employer have been properly vetted for corporate use, this isn’t the case for other devices or third party applications that you may find in your app store.
While the collaboration app that you may use for personal use is easy to use and comes equipped with every feature under the sun, often times these apps collect data which may either breach a corporate contract in place with your employer and or one of their partners or include a provision which states that data obtained from the app is owned in part or in whole by the app development team; ultimately putting corporate trade secrets and sensitive information at risk. Just make it easier for your organizations legal team, Chief Information (and or Security) Officer, and yourself and use approved devices and applications for collaboration.
At the end of the day the following measures will greatly improve your security posture when working remotely:
- Think Before You Click
- Work Remotely From A Secure Location That Has A Secure Wireless Network And Use Your Company Issued Virtual Private Network (VPN)
- Use Company Sanctioned Devices And Applications For Remote Collaboration
As always, let us know if you have any questions regarding security measures that you can take to improve your teleworking experience and to stay safe and secure!