While Working From Home We Need to Avoid Engaging in Practices That May Typically Circumvent Controls at Work
In Part 1 of this two-part series, we discussed the concept of “cyber distancing” for employees asked to work from home during the COVID-19 pandemic. Employees that can keep a ‘six foot distance’ between their digital home life and digital work life can go a long way towards safeguarding their company’s most sensitive data. To that end, I provided physical actions professionals could execute harden their home network. In Part 2 of this two-part series, I’ll address cyber distancing from a psychological angle that will complement the physical recommendations I’ve made.
There’s no mistaking that manipulative psychology and social engineering hold many pages in a hacker’s playbook. As such, it’s important to aware of the current opportunity that’s been gifted to cyber attackers. Yes, COVID-19 themed phishing emails have become a successful attack vector for adversaries. They work because we’re emotionally susceptible right now. For some of us, our guards are down and that can lead to us losing focus of protecting something that’s critically important: our employer’s data. While working from home or even while at work for that matter, follow these steps to avoid behaviors that may let the bad guy in.
At Home Recommendations:
• Do not click on email links and attachments. This statement sounds so easy and straight forward, yet a large percentage of individuals still continue to fall for this trap. The primary entrance vector for COVID-19 themed attacks have been via email and we’ve seen a massive uptick in campaigns using this pandemic to their advantage.
• Validate Links: Hover your mouse over links to see what web address they truly go to. Specifically, look at the domain name of the link and not all the garbage after. If you see https://www.youtube.com/watch?v=qwMuMSPW3bU; focus on the beginning of the link: youtube.com. Navigating to the website from your browser is always good practice.
• Validate the Sending Email Account: When you receive an email, check out the full sender’s address and don’t rely just on the name you see. I’ve seen many cases where an email appears to have come from the CEO or CFO of the company but the email is actually coming from a @yahoo or @gmail account, not an internal work account.
• Do Not Reveal Personal Data: The government is not going to send you an email about your stimulus check requesting personal financial information. These emails are crafted to use scare tactics in order to entice you to give up information. Don’t fall for them.
Now that we’ve cyber distanced ourselves from attackers, on the work front, we need to make sure we’re considerate of our company’s data. While working from home we need to avoid engaging in practices that may typically circumvent controls at work. Downloading data from the network, transferring data to local USB devices, and emailing documents to our personal Gmail accounts can all increase the risk of exposing your company’s information.
If possible, stay connected to your work environment via a VPN. Most companies will already have one established for remote work connections but it’s also a good way to add an additional layer of security to your own network. Cyber distancing your devices and ensuring that any data sent between your work and home network is done through an encrypted channel can only further protect your company’s assets while we remain quarantined in our homes for the foreseeable future.
If you’re using your own personal laptop while at home for work, it’s important to make sure its patched and up to date. Installing an anti-virus solution for added protection doesn’t hurt either. If you’re running Windows, the built-in Windows Defender AV is a solid solution, but you can also protect your device with an additional endpoint security tool to detect things that Windows Defender may have missed.
As you’ll see, taking these extra steps of precaution is similar to what we’re all going through with COVID-19. Just like we’re washing our hands to avoid getting the virus, we can follow these measures to ensure our PCs don’t get a virus either.
Cybersecurity doesn’t have to be difficult. Most people rely on their tech geek friends to assist with their IT needs but I’m encouraging everyone to learn a new IT skill while we’re all cooped up instead of just binge watching a new show – even though I still recommend crushing through Tiger King.
With that being said, let’s continue to #StaySafeatHome and practice as much cyber distancing as we can at the same time.