During these fateful days, we are all fighting against coronavirus (CoVid-19) by staying at home and extreming precautions. In that sense, lots of employees have started to work remotely. Teleworking has lots of benefits for companies but also some risks.
As you can see, malicious hackers are also teleworking, and have no compassion for humanity: https://www.bloomberg.com/news/articles/2020-03-16/u-s-health-agency-suffers-cyber-attack-during-covid-19-response.
In A2Secure we would like to provide you with some cybersecurity tips and tricks specific for teleworking, to make sure you can work securely from home.
- Change the default password from your WiFi to a strong one. To do so, you have the information on the router. Connect to the portal and change it.
- Through the portal, also ensure there is a secure encryption activated which means make sure WPA is the method used, and not WEP or plain.
- Evaluate restricting your MAC addresses allowed to connect to the network as this helps ensure nobody unauthorized enters your network
- Also, consider shutting down your WiFi network when not using it (for example, at night)
- Don’t broadcast your SSID (WiFi network name), as this is visible to anybody that is near your router and may be a teaser for attacks
- Make sure you have an active and up to date antivirus installed
- Perform periodic scans, if not programmed already to ensure nothing malicious is affecting your computer
- Ensure your workstation is updated, to make sure you are protected against known vulnerabilities. On Windows write “Update” on the search bar and “Check for Updates”. On Mac, go to “System Preferences”, “Software Updates”.
- Also ensure all your applications and browsers are updated and protected
- Don’t install any application that is not needed. Imagine you install something malicious and it breaks your PC during these days!
Lock your screen
- If you work in shared spaces, make sure you lock your screen every time you get off your PC
- Make sure you have a backup of all the important information on your PC. In case of any information loss, without a backup it becomes unrecoverable
- You may connect to your Company internal network through a VPN (Virtual Private Network). Make sure you only make use when needed and disconnect after. If you get infected while connected to the VPN, you may infect your whole internal network!
- Lot’s of malicious emails (and calls) will be ongoing these days using the Covid panic as an excuse. Please be very careful!
- Check always the “from” address, check the domain and check for typo errors. It’s not the same “google.com” than “goog1e.com”
- Review the sender is somebody trustable. In case he says he is from “certain Company” or from “tech support”, validate this is true!
- Lots of phishings are poorly crafted, check for a generic greeting, typographic errors, badly written signatures as indications of a malicious email
- NEVER open any untrusted links or files
- Urgency, need for action, prizes are also indications that something bad is happening
- Also be careful with calls, verify the person calling is the person he/she says!
- In case you receive something suspicious, always report to the person defined in your Company Incident Response Plan
- Here you have a phishing example:
- Deactivate address storage, payment methods and passwords, also clean your browsing data every week or 2 weeks. The least sensitive data stored, the better!
- Dialog boxes: always ensure you have read and understood what you’re clicking, review you are in a trusted website and make sure the links redirect to trustable pages.
- Check the lock next to the URL to ensure the website is secure. Also check it is httpS and not http.
- Don’t download any untrusted files or install untrusted apps
- Don’t browse untrusted websites
- Use your work computer for working and your personal computer for personal things. You will guarantee that if you get infected with your personal PC, you don’t infect your Company, and vice versa!
Incident Response Plan
- Same as coronavirus, make sure you know your Company response procedures in case of a cyber incident.
- Suspect an incident? Always report first to your responsible (check previous point), then you will decide together what to do
- Don’t panic!
And also, remember to take breaks, exercise, speak with your friends, and respect the preventive measures applied in your country! Let’s do it all together!
Author: Guillermo Sánchez