If you’re like me, the past two weeks seem like five years. For all of us, our routines and habits have been upended – dramatically. And for some people in our communities, very serious health concerns have arisen as we watch the spread of COVID-19.
If there is a silver lining in all of this for those who are able to work remote, we’re at a point where our technological infrastructure can (somewhat) handle this massive influx of remote workers. Things such as the widespread adoption of cloud technologies, mobile devices and increased bandwidth are all contributing to our ability to remain productive in whatever locations we currently find ourselves in. But there’s one catch – security.
Even in times like these, the need for proper security never stops. If anything, we are seeing dramatic increases in security threats as bad actors try to capitalize on the chaos and people’s quest for any information on COVID-19. That, along with the nature of our work being different now put us in a spot where organizations need to re-evaluate their security.
If you’re working from home now, what do you need to be secure? The answer depends on several factors, including how you‘re accessing your systems and what device(s) you are using. While it’s tough to give a comprehensive answer in the space of one blog post, here are the most important things when working from home and considering your cybersecurity needs:
Home/Personal Machines
In some cases, remote users will need to access systems from non-company owned (and un–managed) machines. While this can be a workable solution, there are several security considerations:
- Machine Updates – Is the home machine current with the latest Windows/Apple updates? Is there a mechanism in place to keep the machine up to date as new updates come out? Is the machine running a supported operating system (i.e. not Windows 7 or earlier)?
- Threat Protection Software – Does the machine have antivirus or endpoint detection & response (EDR) software on it? If so, is it current? When was the last time the machine was scanned?
- Sensitive Data Storage – Is the user saving sensitive data to this local machine?
- Sharing – Is the machine shared by multiple people in the household? If so, does each person have a separate user account?
Multi–Factor Authentication (MFA)
ADNET has been preaching about the importance of multi-factor authentication (MFA) for a long time. While there has recently been a mad rush to get folks connected remotely, this is not the time to disable MFA in the name of expediency. This critical layer of security is essential, now more than ever.
Phishing
Sadly, cyber attackers are using the current COVID-19 crisis to send out millions of emails with malicious intent. Users need to be especially cautious now with the emails they receive and vigilant about not clicking on links or attachments from unknown or untrusted senders. If it’s been a while, this might be a good time for a quick security awareness training refresher.
See Something, Say Something
Lastly, if something doesn’t seem right from a security perspective – speak up! The sooner threats can be determined and resolved, the better for all involved. And don’t worry if you bring something up that turns out not to be an issue. Personally, I’d rather have 100 items brought to me that turn out to be nothing than have one issue that someone thinks isn’t a problem but turns out to be real.
As this “new normal” progresses, we will continue to provide updates on working from home cybersecurity threats that you need to be aware of. As always, don’t hesitate to reach out with any questions. Stay safe!