It seems like the world spun around and turned upside down in the blink of an eye. While some businesses are going to struggle in the coming months, others will pivot and find creative ways to get work done successfully and maintain cybersecurity best practices.
Technology can ensure the continuity of businesses, no matter where its employees are working.
How to Securely Work From Home
As the novel coronavirus (COVID-19) continues to spread, businesses are assessing how they can prioritize their employee safety and still maintain regular business operations.
Many businesses are having employees work from home where possible. Microsoft, Google, LogMeIn, Cisco Webex, and Zoom are providing free remote working tools.
With the increase in remote work, companies need to be ever-vigilant to avoid cybersecurity risks and interruptions to business.
CISA's VPN Guidance
The Cybersecurity and Infrastructure Security Agency (CISA) released an alert to encourage organizations to adopt a heightened state of cybersecurity. According to the CISA, remote work options require a VPN solution to connect employees to an organization's network.
The CISA offers the following recommendations:
- Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations. See CISA Security Tip "Understanding Patches and Securing Network Infrastructure Devices."
- Alert employees to an expected increase in phishing attempts. See CISA Security Tip "Avoiding Social Engineering and Phishing Attacks".
- Ensure IT security personnel are prepared to ramp up the following remote access cybersecurity tasks: log review, attack detection, and incident response and recovery. Per the National Institute of Standards and Technology (NIST) Special Publication 800-44 v.2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security, these tasks should be documented in the configuration management policy.
- Implement MFA on all VPN connections to increase security. If MFA is not implemented, require teleworkers to use strong passwords. (For more information, see CISA Security Tip "Choosing and Protecting Passwords" and "Supplementing Passwords.")
- Ensure IT security personnel test VPN limitations to prepare for mass usage and, if possible, implement modifications - such as rate limiting - to prioritize users that will require higher bandwidths.
- Contact CISA to report incidents, phishing, malware, and other cybersecurity concerns.
CDC Best Practices
The CDC has released best practices for a disease outbreak plan:
- Review human resources policies to make sure that policies and practices are consistent with public health recommendations and are consistent with existing state and federal workplace laws. For more information on employer responsibilities, visit the Department of Labor website and the Equal Employment Opportunity Commission website.)
- Explore whether you can establish policies and practices, such as flexible worksites (for example, telecommuting) and flexible work hours (for example, staggered shifts) to increase the physical distance among employees and between employees and others when state and local health authorities recommend the use of social distancing strategies. For employees who are able to telework, supervisors should encourage employees to telework instead of coming into the workplace until symptoms are completely resolved. Ensure that you have the information technology and infrastructure needed to support multiple employees who may be able to work from home.
Work From Home (WFH) Technology Best Practices
To remain secure during remote work scenarios:
Use a Secure WiFi Network
If possible, employees should work on secure, private home networks instead of relying on public WiFi. If you send your data through an unsecured WiFi connection, you lose the power of privacy, making it possible for cybercriminals to intercept your data. Employees may be putting personal information at risk if they access their email accounts or send sensitive data over a public WiFi network. It's essential to ensure your network is secure through the use of a VPN and a strong password that isn't easily cracked.
Secure Home Workstations
Ensure employees are using fully patched and updated anti-virus and anti-malware software. It's important to follow the same best practices you would as if you were in the office. Employees should report any suspicious activity or concerns to internal IT staff or your MSP.
Coordinate With Internal IT Staff or MSP
When working remotely, it's crucial to continue your typical cybersecurity best practices and reach out with any questions or concerns.
Cybercriminals are counting on you to be distracted during the Coronavirus crisis. It might feel as if everyone around you is slowing down and almost paralyzed to inaction due to fear. But bad actors are looking for ways to take advantage of these uncertain times. It's more important than ever for employees to be extra suspicious of all incoming messages.
By taking steps to keep employees working productively, you help protect future profits for the company.
Social Engineering Red Flags
20 Ways to Block Mobile Attacks
Cybersecurity Announcement from the FBI
As people across the world are dealing with various aspects of the pandemic, the
onslaught of cybersecurity threats has, unfortunately, continued in some cases.
Cybercriminals targeted the U.S. Health Department, and victims in the UK have been scammed out of nearly $1 million. Now, more than ever, you must remain vigilant and continue to follow cybersecurity best practices.
On March 20, 2020, the FBI issued a public service announcement in response to the rise in fraud schemes related to the COVID-19 pandemic. According to the PSA, cybercriminals are sending fake CDC emails, phishing emails, and selling counterfeit products/treatments.
Here are ways to help stop criminal activity:
- Do not open attachments or click links within emails from senders you don't recognize.
- Do not provide your username, password, date of birth, social security number, financial data, or other personal information in response to an email or robocall.
- Always verify the web address of legitimate websites and manually type them into your browser.
- Check for misspellings or wrong domains within a link (for example, an address that should end in a ".gov" ends in ".com" instead).
The Risk of Ransomware for a Remote Workforce
In this new work from home world, we’ve increased susceptibility to data loss nearly overnight. Hackers and cybercriminals alike are exploiting businesses with sophisticated ransomware tactics, leveraging the uncertainty of the times. Transitioning to remote work and BYOD (bring your own device) policies makes it more difficult than ever to keep data secured.
Here’s a few things to keep in mind when securing remote workers:
- Conduct an audit on all technology
- Limit network access
- Patch all software
- Protect local and/or cloud backups
Staying Connected When Working Remotely
Here are some tips and suggestions for how your company can stay productive and foster communication during your time working from home.
1. Leverage communication tools
Video conferencing systems, such as Zoom or Google Hangouts, can be your best friend. Whenever possible, use your video conferencing system for a face-to-face meeting instead of email or a messaging tool. Now's the time to leverage tools that mimic the in-office experience.
Messaging tools, such as Slack or Microsoft Teams, are a great way to continue moving projects along and communicating with team members. This is a rapid way to get answers and to communicate small requests or changes with the group.
Don't be afraid to pick up the phone and call someone. You can even use a Google Voice number if you don't want to share a home landline or personal mobile number.
2. Block off "Do Not Disturb" time on your calendar each day
If you're not careful, you can spend your entire day using all your various communication tools, especially when working remote. You need to manage your time appropriately. Establishing blocks of time where you request to not be interrupted so you can concentrate on project work is crucial.
Use the "Do Not Disturb" feature to limit your notification overload. Getting constantly pinged can be overwhelming for anyone. Reduce distractions when you need to go heads down on problem-solving for an hour.
3. When you're in a video meeting, turn on your camera and pay attention
It's easy to get distracted by other inquiries you're receiving when you're on a video meeting, especially when you can't just close your laptop the way you might when meeting in a conference room. The only way to avoid this is to turn off notifications and focus on the content in the meeting.
Turning on your camera allows people to read your expressions and interact with you more effectively. Additionally, it helps you to focus on the meeting and ignore distractions.
Corserva Can Help
The need to quickly enable remote employees has caused a surge in the implementation of Office 365 and G Suite. For example, Microsoft Teams chat and conferencing alone gained more than 12 million daily users (up 37.5 percent) in the second week of March due to work-from-home mandates.
This presents new challenges for businesses in the new work-from-home reality such as:
- Home networks and connected devices that are not secure, opening the network to attack
- A workforce that quickly assimilated new, unfamiliar tools, making them more susceptible to user error and unintended data loss
- Cyber attackers who are seeking to capitalize on new security vulnerabilities with phishing emails, viruses, and ransomware
Corserva can help you keep your employees working productively and stay secure in a WFH environment. We can remotely support all your IT needs, including:
- Install vital business software, like Office 365 and file sync/share, to a distributed, remote workforce
- Set up Virtual Private Network (VPN) software for secure access behind the corporate firewall
- Provision corporate laptops for remote employees
- Deploy VoIP “softphones” to protect the exposure of end-users’ personal phone numbers
- Ensure critical patches are in place to reduce vulnerable attack surfaces
- Receive instant support requests from you when trouble is encountered
If you have questions about how to keep employees working securely while working remotely, contact us.