The Coronavirus is not bad for everyone. VPN providers and products, internet service providers, SaaS video-conferencing and two-factor providers and products companies must be booming currently.
And for many adults, working at home some of the time is a dream, but for the foreseeable future - with the potential of homeschooling children at the same time - the novelty will soon wear off.
Remote working has its cyber security dangers, so here are some useful tips to keep you secure remotely at this time.
1. VPN capacity
Virtual private networks and video-conferencing are in hot demand and this demand will only increase. As we saw in the news, Microsoft Teams and Cisco’s WebEx, to name a few, struggled last week.
Make sure your VPN or UTM (unified threat management) device has enough capacity in two parts:
enough CPU/RAM (model size), and
2. Internet lines
Internet service providers are struggling and will continue to struggle, and Netflix already released a press release saying they are going to reduce streaming quality by 25%.
If you have a 10, 100 or 1000 MBPS line, you may wish to increase it - and get a second line from another provider in case the main one fails.
3. Two-factor authentication
With so many people at home outside of the working environment, some may switch off and stop questioning rogue calls or emails. Coronavirus-themed phishing emails have already started doing the rounds.
Ensure 2FA is set up on all internet-facing services. Further still, increase antiphishing, antispoofing and antimalware capabilities.
4. Clean-desk policy
Your kitchen table, lounge or home office is now the equivalent of your real office and it should be treated the same. Family or friends (assuming you let people into your house) or flatmates can wander around and see what you’re working on.
Lock your screen when stepping away from your desk for a minute. Power off the laptop and put it back in its bag, a safe or locked cabinet when you're done. The same goes for papers, which should be shredded or burnt once finished with.
5. Is the dog or cat security cleared?
Even without national or global problems, dogs and cats (especially) have a habit of wandering next to PC screens, laptops or sitting on keyboards! This begs an important question: does the pet have suitable vetting or clearance?
Jokes aside, does your boyfriend, girlfriend, wife, husband, family member or child? Be aware who can hear your sensitive calls.
6. Home Wi-Fi
If attackers normally go for Wi-Fi networks or devices, then there is little point an attacker hovering around the office with no or few staff.
Advise your staff members and colleagues to change their SSID (the network name in plain English) and select a decent Pre-Shared Key (password). Setting five random words is easier and more secure than a 10-character password.
7. Use a VPN
Traffic is no longer traversing the internal network which is not visible or attackable (easily) from the outside world. Internet traffic can be intercepted or recorded in many zones.
Do not rely on TLS (that is the padlock on web pages) to protect your endpoint (user) to server traffic. Run a VPN that creates a tunnel-encrypted bubble over your remote traffic.
8. Patch VPN servers
Your VPN box or server is now mission critical and likely stressed. It needs all the help it can get to secure it and keep it stable.
As you would a server or endpoint, patch your VPN server or device to ensure bugs are fixed. Bugs can be stability or security related.
9. Encryption at rest
We all remember constant stories like Ealing and Hounslow councils fined after losing unencrypted laptops or Council loses USB stick used to store security codes.
Now everyone is at home, criminals know there are extra laptops, tablets and smartphones to steal. Make sure all devices have full disc encryption enabled.
The Covid-19 pandemic is the first time people have been sent home to work for long periods in recent years. This means there are unknowns for both employer and employee.
AUP (acceptable usage policy) has existed for years. Companies should now be writing and distributing remote working policies. Run training sessions too.
11. Control your data
The days of data living within the four walls died years ago with cloud computing, and this further kills the concept of perimeters.
Organisations need to issue company devices, yet it is surprising how many places still have USB ports open and allow Office365 email and OneDrive to be accessed from non-work devices. Do not allow data to leave company-issued kit – once it has left, there is zero control.
Graeme joined QA in 2017 and has worked in security on and off for 15 years. His last role was as a Senior Technical Security consultant at Capgemini covering the public and private sector.
From the age of 17, he was running investigations into online scams and phishing. Today he teaches and/or has written: CEH, OSINT, CTF (conventional or OSINT), CyberFirst, practical encryption and Security+. Graeme is an avid writer with 130+ articles to his name and a chapter in a published book.
He loves thinking like a hacker to review and tweak settings with a fine-tooth comb.
More articles by Graeme
Shadow IT during Covid-19: Do not let your employees decide which apps and tools to use
Hostile reconnaissance: What is it and how do we stay safe?
My partner is a landscape gardener – who would want to hack me?
7 cybersecurity tips for wedding photographers – or anyone, really
Cyber Security for everyone - what we all should know
Cyber Attacks - Most of them are not as high-tech as you'd think
Cyber risks are too often ignored by management
Rise and Fall of Bitcoin
Endpoint and network firewalling needs to change
The perils of single-factor authentication