A great deal of business are preparing contingency plans to work remotely during a COVID-19 outbreak, but as a IT professional who spent the better part of the last decade educating users on cyber-security I’m a bit worried.
Back in 2019 it was realized in October that after that winters polar vortex there was a spike in births.
It’s human nature, and that’s what worries me. In a rush to work remotely some people might cut a few corners and those could leave gaping holes in your cyber security and open you up to a hacker and/or ransomware.
Tips to help keep you secure:
- Use MFA for any remote access system, Office 365, VPN, GSuite. All of these systems should be protected against password breaches with a additional layer of security called MFA.
- Use SSO or Azure’s conditional access if possible
- If accessing systems at the office use a VPN protected by MFA.
- If you are using something like TeamViewer, setup the security options to ensure that it has been limited so only your account can use unattended access.
- If your using a personal computer, regularly ensure your browser and windows updates are installed with a reputable antivirus
- Use long passphrases and don’t re-use them across services
nearly 80% of security breaches involve the abuse and misuse of privileged credentialstechradar feb 6/2020
Tips to avoid at all costs
- Do NOT use RDP (Remote Desktop) without a VPN, it’s free but known to be insecure
- Do NOT create a shared generic VPN account that everyone uses
- Do NOT work from shared hotspots like StarBucks without a VPN
- Do NOT work on your friends laptop/shared computer
- Do NOT skip patches and updates!
Most of the cyber security training you receive from work are applicable at home, but keep in mind that your home network likely lacks several safe guards like DNS filtering, IPS, IDS and botnet control. You might even be bypassing web site content filters designed to limit your exposure.
This means, diligence when clinking links or opening attachments from emails must remain at all time high.
Don’t be the weakest link in cyber-security
Most IT departments, as well as several online sources have cyber security training options that can help keep you alert and safe.
A word of caution regarding personal computers
It’s quite possible your work does not have a laptop for you to take home, although this is becoming less common it’s still something that can happen. Has your employer considered the ramifications of having work data being copied to your personal laptop? What about confidential information on a shared family computer? If you are using a personal system, at a minimum I recommend a password and separate user account not shared with your family.
If you keep your computer up to date, avoid falling for phishing attacks and use MFA it’s far less likely that you’ll accidentally introduce ransomware or a hacker to your workplace.