Connect with us

Hi, what are you looking for?


Endpoint Security

COVID-19 Is Requiring Us to Implement Cyber Distancing (Part 2)

While Working From Home We Need to Avoid Engaging in Practices That May Typically Circumvent Controls at Work

While Working From Home We Need to Avoid Engaging in Practices That May Typically Circumvent Controls at Work

In Part 1 of this two-part series, we discussed the concept of “cyber distancing” for employees asked to work from home during the COVID-19 pandemic. Employees that can keep a ‘six foot distance’ between their digital home life and digital work life can go a long way towards  safeguarding their company’s most sensitive data. To that end, I provided physical actions professionals could execute harden their home network. In Part 2 of this two-part series, I’ll address cyber distancing from a psychological angle that will complement the physical recommendations I’ve made.  

There’s no mistaking that manipulative psychology and social engineering hold many pages in a hacker’s playbook. As such, it’s important to aware of the current opportunity that’s been gifted to cyber attackers. Yes, COVID-19 themed phishing emails have become a successful attack vector for adversaries. They work because we’re emotionally susceptible right now. For some of us, our guards are down and that can lead to us losing focus of protecting something that’s critically important: our employer’s data. While working from home or even while at work for that matter, follow these steps to avoid behaviors that may let the bad guy in. 

At Home Recommendations:

• Do not click on email links and attachments. This statement sounds so easy and straight forward, yet a large percentage of individuals still continue to fall for this trap. The primary entrance vector for COVID-19 themed attacks have been via email and we’ve seen a massive uptick in campaigns using this pandemic to their advantage.  

• Validate Links: Hover your mouse over links to see what web address they truly go to. Specifically, look at the domain name of the link and not all the garbage after. If you see; focus on the beginning of the link: Navigating to the website from your browser is always good practice. 

• Validate the Sending Email Account: When you receive an email, check out the full sender’s address and don’t rely just on the name you see. I’ve seen many cases where an email appears to have come from the CEO or CFO of the company but the email is actually coming from a @yahoo or @gmail account, not an internal work account. 

Advertisement. Scroll to continue reading.

• Do Not Reveal Personal Data: The government is not going to send you an email about your stimulus check requesting personal financial information. These emails are crafted to use scare tactics in order to entice you to give up information. Don’t fall for them.  

Now that we’ve cyber distanced ourselves from attackers, on the work front, we need to make sure we’re considerate of our company’s data. While working from home we need to avoid engaging in practices that may typically circumvent controls at work. Downloading data from the network, transferring data to local USB devices, and emailing documents to our personal Gmail accounts can all increase the risk of exposing your company’s information. 

If possible, stay connected to your work environment via a VPN. Most companies will already have one established for remote work connections but it’s also a good way to add an additional layer of security to your own network. Cyber distancing your devices and ensuring that any data sent between your work and home network is done through an encrypted channel can only further protect your company’s assets while we remain quarantined in our homes for the foreseeable future. 

If you’re using your own personal laptop while at home for work, it’s important to make sure its patched and up to date. Installing an anti-virus solution for added protection doesn’t hurt either. If you’re running Windows, the built-in Windows Defender AV is a solid solution, but you can also protect your device with an additional endpoint security tool to detect things that Windows Defender may have missed. 

As you’ll see, taking these extra steps of precaution is similar to what we’re all going through with COVID-19. Just like we’re washing our hands to avoid getting the virus, we can follow these measures to ensure our PCs don’t get a virus either. 

Cybersecurity doesn’t have to be difficult. Most people rely on their tech geek friends to assist with their IT needs but I’m encouraging everyone to learn a new IT skill while we’re all cooped up instead of just binge watching a new show – even though I still recommend crushing through Tiger King.

With that being said, let’s continue to #StaySafeatHome and practice as much cyber distancing as we can at the same time.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

The Zero Day Dilemma

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...