Financial Services
COVID-19 | Securing the Extended Corporate Perimeter: Work from Home Security Tips
The corporate perimeter has grown with many employees performing their daily responsibilities from their homes. We must consider the risks associated with accessing corporate resources remotely. The following are basic security tips for those that are working from home and what they can do to strengthen their security posture.
Protect Your Video Meetings
The COVID-19 crisis has led to a surge of users utilizing video conferencing platforms like Zoom, Webex and Lifesize. We have witnessed an increase in social engineering with video conferencing focused content, fraudulent installation files and direct attacks like “Zoom-bombing” where uninvited guests crash unsecured meetings. Thrive has put together a few items to consider when you are using video conferencing.
Be Cautious When Using Video Conferencing
-
- Do not click links in chat windows unless from a trusted source.
- Only download the video conferencing client directly from the legitimate platform’s website and not from anywhere else.
- Do not take or post pictures of your video meetings on Social Media or elsewhere.
- Do not post public links to your meetings.
- Do not share your meeting ID.
Securing Your Meetings
-
- Add a password to all meetings by automatically generating a meeting password.
- Use waiting rooms to prevent users from entering the meeting without being admitted by the host.
- Disable participant screen sharing to prevent your meeting from being hijacked by others.
Privacy Considerations
-
- A host can record a Zoom session, including the video and audio, to their computer. Be careful saying or physically revealing anything that you would not want someone else to see or know.
- Meeting participants will know when a meeting is being recorded as there will be a ‘Recording…’ indicator displayed.
Secure Your WiFi and Home Modem
Confirm your Wi-Fi routers have a strong password. Most wireless routers come pre-set with a default password. This default password is easy to guess by hackers, especially if they know the router manufacturer. When selecting a good password for your wireless network, make sure it is at least 20 characters long and includes numbers, letters, and various symbols.
Check that the admin access of your modem also has a strong password and is not using the default credentials provided by the manufacturer. If the device is internet facing, a default password is an invitation for hackers onto your home network.
Use Corporate Issue Devices for Work Only
Don’t use corporate issued devices for personal communications or web browsing. If you don’t have an extra device, ask your Manager for one or if you can be provided with a virtual desktop to log into work. This will reduce the risk of potential infections spreading from your personal email or web browsing habits to corporate resources.
Use Your Corporate VPN
An important way to secure corporate data as it moves between employees and corporate systems is to use a corporate VPN. VPNs provide an additional layer of security that encrypts data transfers in transit.
Use MFA Multi-Factor Authentication
Individuals should enable MFA to authenticate to all resources (Banking Websites, Cloud Apps, Corporate VPN, etc.) that support MFA integration. The primary benefit of Multi-Factor Authentication is that it provides additional security by adding another layer of identity verification by requiring multiple credentials. The more layers and factors in place, the more the risk of an intruder gaining access to critical and sensitive systems and data is reduced.
Operating System and AV Updates
Run the latest Operating System updates and ensure all machines on your home network have an updated AntiVirus program running. This is the first layer of defense for many personal machines and should be updated regularly.
Internet of Things (IoT) Home Devices
Update the firmware of your IoT devices if available and take any devices offline that are not regularly updated and patched. Attackers may use these as a pivot point to capture your home network traffic and then use to leverage access to corporate networks.
Phishing Campaigns
Only download and open expected files from known senders. Exercise extreme caution if a file or URL is received from an unknown party. Offerings are already available on the dark web to help criminals perform COVID-19 content focused Phishing campaigns.
Web Browsing for Coronavirus Information
We have noticed an increase in websites and domains that use COVID-19 and coronavirus themes in an attempt to distribute malware. Only view trusted websites to get the latest news and information such as those below.
Official John’s Hopkins University Live Threat Map
An interactive map outlining confirmed cases worldwide
https://coronavirus.jhu.edu/map.html
CDC: Coronavirus Situation Summary
Center for Disease Control and Prevention
https://covid.cdc.gov/covid-data-tracker/#trends_weeklycases_select_00
WHO: Coronavirus Information
World Health Organization
https://www.who.int/health-topics/coronavirus
This is a big adjustment for many people. Remember, that by working from home we are helping to slow the spread of the Coronavirus. Stay safe and healthy.