Mar 21 2020 03:54 PM
Mar 21 2020 03:54 PM
As many of us transition to working from home for the first time, or for a prolonged time due to the COVID-19 epidemic, it can be easy to forget some of the basics when it comes to working from home. So I figured I'd write down some of them I had in mind. Feel free to contribute your thoughts or other idea's that can be added to this!
Stay Vigilant. Scammers are doing what they can to try and trick us during these uncertain times. These scams can come through emails, through messages, or even mobile applications. So be sure to vet your incoming requests to make sure they are coming from legitimate senders and the request doesn't seem unusual. It never hurts to verify a request through other methods to be safe.
As we increase in the use of teleworking tools, be sure to check any web addresses you type before browsing to them. Many web meeting and similar remote tools often have domain mis-spellings registered that could be malicious and if you aren't careful enough, you could get tricked.
Help your IT department or provider by reporting malicious or suspicious emails so that it helps protect your organization. I know you may think "They have this, I don't need to report it" but that leads to these attacks being successful since IT isn't immediately aware of them to take action. It's always best to report, even if it's something we've seen before.
For information regarding COVID-19, be sure to stick to sites like CDC.gov in the US or your countries official Disease / Health service, official news organizations, or your local health department. If you are looking for the infection map, be sure you're searching for the "John Hopkins COVID-19 Tracker" to avoid fake sites. Their official COVID-19 site is at https://coronavirus.jhu.edu/ .
Unplug or block webcams when not in use. In case you may be doing work in less than usual attire, it's probably a good idea to have a blocker on your webcam so you don't accidently appear as many tools turn it on without notice. Another reason to do so is to avoid anyone malicious who may tap into your webcam to get information.
Avoid overworking. You may be thinking, why is a security person talking about overworking? We know from a risk management standpoint that the longer someone works can lead to mistakes which can make themselves or their organizations vulnerable. It's also not good for physical or mental health. It can be far easier to work earlier and later without realizing it or to forget to take a break when working from home, so make sure you take breaks, and specify start / stop times if you can.
Shore up your personal security. Use this time as an opportunity to change your passwords, update any security settings, and setting up 2FA on any accounts you don't have it on yet. If your employer offers 2FA functionality, enable it! Microsoft Authenticator can be a useful tool on your mobile device to register and maintain 2FA tokens, and it can be backed up to your OneDrive.
Avoid untrusted networks or open networks. Be sure you are not performing sensitive work on an untrusted or open network such as the ones you find in coffee shops or the unsecured one from your neighbor. You never know who may be listening into that traffic.
If you are working in public, on sensitive data, or sharing the same work area with someone else who may not work the same employer or job, then invest in a privacy screen. This helps avoid unintentional sharing of confidential or private information no matter where you are.
Specifically for the IT Administrator or Security Engineer…
Keep watch on your edge devices. We're talking your firewalls and routers. Depending on how your users are connecting, they can be putting pressure on the performance of your equipment, and all the extra connections may be drowning out your security tools. If your SIEM product limits you in events / sec, you may want to seek a different solution so you don't miss any malicious activity. If your equipment is running high on CPU or memory, you may want to determine if you can reduce the connection requirements until you can upgrade your gear.
Review your remote access strategies. Users who are reliant on VPN or remote firewalls can take significant resources that you may not be able to support long term to maintain performance of your systems. Consider if some of your users can perform their work with limited access or able to connect for a few minutes each day versus a full day. As always, consider your security tools and ensure they can support being disconnected and still receive updates.
Limiting those who have to be connected their entire work day can help reduce any performance impact but can also reduce your risk of malware propagation in cases where employees are connecting non-reviewed or unprotected devices.
Consider the Queries. What I mean by this, is how is DNS being handled on your remote worker's devices? Whether they are using their own or a corporate device, if it does not auto-connect to VPN services, it may be a good idea to deploy new DNS settings to help avoid users accidently accessing malicious websites. There are both paid and free services that do this. Providers like Google DNS and Quad9 can provide some layer of protection. If you have a security solution that offers web filtering, use this as well for a more multi-layered approach to your protection.
Jared Spataro, CVP for Microsoft 365 also recently wrote the Top 9 ways Microsoft IT is enabling remote work for its employees, which also has some good points, some of which align with what I mentioned. Check that out here: https://www.microsoft.com/en-us/microsoft-365/blog/2020/03/12/top-9-ways-microsoft-it-enabling-remot...
Ann Johnson, CVP for the Cybersecurity Solutions Group in Microsoft also wrote some guidance for those who are CISOs or directors which I also recommend as great reading for senior IT level and directors: https://www.microsoft.com/security/blog/2020/03/12/support-working-from-home-securely/
So what are your thoughts? Anything you'd do different? Any security challenges you've found since increasing WFH as a frontline worker, knowledge worker, or IT professional? Sound off!