The COVID-19 pandemic has resulted in many people working from home for the first time. Working from home has specific cybersecurity risks, including targeted cyber-crime. When compromised, unauthorized access to your stored information can have a devastating effect on your emotional, financial, working life and the organization you work in. To ensure your business, personal data, and work data is safe from hackers, Mitiget has enumerated some cybersecurity tips to help you.
Guide to Employers
- As an organization, you have duty of care to protect your information asset and your stakeholders. Hence, ensure that the corporate Virtual Private Network (VPN) solution scales and is able to sustain a large number of simultaneous connections.
- Provide secure video conferencing for corporate clients (both audio/video capabilities). If you are using the subscription based platforms like zoom meeting, goto meeting and so on, configure the security settings and ensure proper authorization is established for any attendee to each meeting.
- All the corporate business applications must be accessible only via encrypted communication channels such as SSL VPN, IPSec VPN. You may need to find out from the IT or security team what is in place and ensure it give some assurance of encryption for all data transmissions or communication.
- Access to application portals should be safeguarded using multi-factor authentication mechanisms.
- Prevent the direct Internet exposure of remote system access interfaces (e.g. RDP).
- Mutual authentication should be preferred when accessing corporate systems (e.g. client to server and server to client).
- Provide where possible corporate computers/devices to staff while on teleworking; ensure that these computers/devices have up-to-date security software and security patch levels and that users are regularly reminded to check patch levels. It is advisable that a replacement scheme for failing devices is also in place.
- BYOD (Bring your own device) such as personal laptops or mobile devices must be vetted from the security standpoint using NAC, NAP platforms. For example, there should be periodic patch checks, configuration checks, AV checks, etc.
- Ensure that adequate IT resources are in place to support staff in case of technical issues while teleworking; provide relevant information, such as on contact points, to staff.
- Ensure policies for responding to security incidents and personal data breaches are in place and that staff is appropriately informed of them.
Guide to Employees
- Use corporate (rather than personal) computers where possible – unless BYOD has been vetted confirming you don’t have vulnerabilities. As far as possible, do not mix work and leisure activities on the same device and be particularly careful with any mails referencing the corona virus.
- Secure your home office – Physical security shouldn’t go out the window when you’re working from home. Just as you lock them up the office when you leave for the day, do the same when working from home. Laptops can be stolen from your backyard, living room or home office. Take your laptop inside when you go and make lunch and lock the door to your home office. Keep your home workspace as secure as you keep your normal office.
- Connect to the internet via secure networks; avoid open/free WiFi or hotspot. Most WiFi systems at home these days are correctly secured, but some older installations might not be. With an insecure connection, people in the near vicinity can snoop your traffic (more technical people might be able to hijack the connection). Cyber-criminals look to exploit default passwords on home routers because of not many people bother to change it, leaving their home network vulnerable. Changing your router’s password from the default to something unique is a simple step you can take to protect your home network from malicious actors who want access to your devices. The solution is to activate the encryption if it hasn’t been done already and/or to adopt a recent implementation.
- Avoid the exchange of sensitive corporate information (e.g. via email) through possibly insecure connections.
- Avoid oversharing your screen – During online meetings, be cautious when sharing your screen. If possible, don’t leave any windows open that you don’t want to share. Accidents do happen, and sometimes you might share something that you didn’t mean to. While it can be awkward, it’s also a privacy issue. You might be oversharing content that is not meant to be viewed by others.
- As far as possible use corporate Intranet resources to share working files. On the one hand, this ensures that working files are up-to-date and at the same time, sharing of sensitive information across local devices is avoided.
- Be particularly careful with any emails referencing the corona virus, as these may be phishing attempts or scams (see below). In case of doubt regarding the legitimacy of an email, contact the institution’s security officer.
- Data at rest, e.g. local drives, should be encrypted (this will protect against theft / loss of the device).
- Antivirus / Anti-malware must be installed and be fully updated daily.
- The system (operating system and applications used, as well as anti-virus system) needs to be up to date.
- Lock your screen if you work in a shared space you should really avoid co-working or shared spaces at this moment.
- Do not share the virtual meeting URLs on social media or other public channels. (Unauthorized 3rd parties could access private meetings in this way.
Mitiget recommends cybersecurity tips for teleworking.