Admins and Users: How to Stay Secure Working from Home

March 24, 2020 | News

As days progress into weeks and the duration of how long we will be working from home (WFH) is unknown, I would say cybersecurity should be our focus as users and IT Administrators.

We are moving faster and more involved in online and remote connections, in some cases, most of the workforce moved to their home office in a matter of days, introducing a new culture. For some of us, it may sound “just like another day in the office” but for others, this is a new experience and they are just starting to learn and adapt to it.

As a Solution Architect, I’ve been engaged with many large companies from medical, financial, and energy industries, therefore it is always exciting to me to observe their cybersecurity posture and policies. In the past few years, there was an exponential introduction of online solutions making us more and more connected to the internet. IoT took off and many homes and business adopted these sometimes-useful gadgets and in some cases creating their own for specific purposes.

With many years of experience WFH, there were a few times that our internet backbone got stressed, but never like this. Utility companies and the power grid will be stressed as well, especially with the spring and summer hot days coming up. The increase in homes with their AC running all day could result in some challenges to keep performance uninterrupted. I would suggest investing on a reliable uninterruptible power source (UPS) unit to protect you from sudden power loss and let you save your work before an unscheduled shutdown.

In the midst of everything happening with COVID-19, there is a new ransomware strategy, stealing the data before encrypting, therefore increasing victim’s damage. In another words, a victim may not only lose their data but also face embarrassment and have private data exposed and may have serious impact.

Please take the following into consideration to protect your personal digital presence and enterprise intellectual property as well.

IT Administrators:

  • It’s time to be in hypervigilant mode.
  • If you have been postponing that security solution patching, now is the time to prioritize it.
  • Review and update your e-mail filtering strategy. I suggest an external e-mail tag, enable SPF, DKIM and DMARC.
  • Enable MFA when possible.
  • If introducing strong password policies, include a password manager to help users to adapt to the change.
  • Educate your employees on cybersecurity practices. When filters and protection mechanisms fail, your educated users are your best line of defense.

Users:

  • Avoid scams – If it sounds too good to be true, it is a scam.
    • Think before your click.
    • Filter your calls.
    • Be cautious replying to unknown text messages.
  • WFH users also need to protect their digital ID as you are a trusted persona to others and that could be used as a scam source.
  • Don’t use the same password for more than one site, if it seems difficult to remember multiple passwords use a password manager.
  • Be aware, more than ever you will be targeted and don’t underestimate the crooks. They can be very creative, this includes luring people to try new software, app or gadgets. Now it is not the time to play around.
  • Before downloading company documents on personal computer, check with your IT for policies or regulations.
  • WFH users should also start constructive dialog with family members and share good practices about cybersecurity strategy as most likely you are sharing the same network.
  • You are your home IT Administrator, check for network appliances updates and patches as they resolve identified vulnerabilities. As a reminder, change the default password if you have not done yet.
  • Sign up for news and or podcasts for cybersecurity tips or consult with the experts. If you have suggested sites for trusted info, please share with me.

Stay safe! Please let me know if you have questions.

Felipe Neto
Senior Solutions Architect
felipen@mobiuspartners.com
https://www.linkedin.com/in/lfneto/