Cybersecurity Tips for Working Remotely Steve LaPha, Vice President, Dytech Group With the global health crisis forcing people worldwide to work from home, there is increasing evidence that malicious actors are using peoples’ fear to prey on remote workers. Home networks, actions of family members and the security of workstations can impact your company’s security. There are some simple steps companies can take to keep safe. First, you must increase your awareness of current attacker activities and tactics to avoid falling victim to their schemes. Second, you must use secure workstations when working remotely. Attackers are already taking advantage of the current crisis and our strong desire for information and answers. They are using a variety of tactics, but the most common attacks observed are: ■ Phishing Emails – Bad actors are sending emails impersonating trusted sources of information, such as the World Health Organization (WHO) or the Centers for Disease Control (CDC), health organizations, universities, government entities or other official sources to trick recipients into clicking links or opening attachments that can compromise credentials or infect devices with malware. ■ COVID-19 Website and Interactive Map – Bad actors have registered domains and launched sites that host information about COVID-19 or show interactive maps detailing the spread of the virus. Attackers have laced many of these unofficial sites with malware, which commonly leads to ransomware, credential theft or persistent remote access to workstations. ■ Malicious Apps – Attackers are creating malicious mobile device apps and deploying them to different app stores, mostly Android.
FLORIDA ROOFING | June 2020
Minimum Standards for Securely Working from Hone
To ensure your new work environment is secure when accessing company systems, data and networks, follow the guidelines below: ■ Modern Operating System – you should use a company-managed workstation or personal device with a supported operating system (OS) ■ Patched Operating Systems – be current on OS upgrades and patches (no more than 30 days since last patch application) for any workstation from which you conduct business ■ Patched Browser – use a vendor-supported and fully patched browser ■ Current and Enable Antivirus – have Antivirus software installed and operational on any workstation.
Additional Guidance for Securely Working from Home
Remain vigilant while reading emails and messages or web browsing; and be aware of common phishing techniques. Exercise heightened caution while engaging with COVID-19 based content. In these challenging times, please view information on COVID-19 from wellknown, reputable websites such as WHO or CDC or other government websites. Stay connected to a VPN Client when working from any laptop or desktop, because additional security protections have been added to prevent malicious attacks. Avoid public network access points (shared Wi-Fi spots like coffee shops) and stay on your home network anytime possible. Confirm in your wireless router or cable modem that your home Wi-Fi is secured with WPA2 or WPA3. Ensure insecure features like UPnP are disabled and default logins to Internet of Things (loT) devices (smart doorbells, wireless cameras, robot vacuums, thermostats, etc.)