Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/13/2020
10:00 AM
Andrew Weaver
Andrew Weaver
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

More Tips for Staying Safe While Working from Home

While some users are up to speed with the WFH protocol, it's worth adding a few more items to your security checklist.

There's good news and bad news as we adjust to our newly altered work- and lifestyles. The good news is that IT has long been accustomed to working remote. Problems occur at all times of the night, on holidays, and during vacations, so the capability has been developed over time. As well, with the rise of offshoring, managing remote teams with language and time barriers has become standard within the IT population. Many companies have large numbers of IT employees who work full-time from home.

With the tools and methodologies already established, the real question is to how to apply these to populations that have not typically worked from home and are suddenly having to adjust. The fact is, those who are not used to working remotely may not fully understand the security threats that go along with working from home. And the bad news is that bad actors are attempting to use the fear and uncertainty around the COVID-19 pandemic to try to get computer users to fall for their scams.

Security teams should remind all employees about the basic best practices to avoid being a victim of online scams. 

See Something, Say Something
If you receive an odd email that you don't recognize, or notification that someone is trying to access your account, don't assume that someone else sees it before you. If you have any question on an email, don't hesitate to forward it to your IT or security team or use the Phish Alert button in Outlook. 

Never reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email. Pay attention to the website's URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net, or even .co – no "m").

And always remember, when in doubt, throw it out. If the email looks like trouble, it probably is.

Caution with Webex, Teams 
A team communication technology, such as Microsoft Teams, Cisco Webex, and Slack, is a must-have for remote working. Ensuring these are licensed for unlimited use and available to all team members is key.  

But these platforms come with their own security risks as well. When you send an invite for a meeting on the Web, by default anyone with the link (internal or external to your company) may join the meeting. If you are leading a meeting of a confidential nature, you should schedule a regular Webex meeting that also includes a password. 

Try to Separate Work and Home Life
If you need to leave your home for supplies or other reasons, make sure your work devices are either shut down or locked, including any mobile phones you might use to check email or make work phone calls. If you live with a roommate or young children, be sure to lock your computer even when you step away for just a bit. Don't tempt your roommates or family members by leaving your work open. This is true even for the workplace, but extra imperative when working from home.

If you can't carve out a separate workspace in your home, be sure to collect your devices at the end of your workday and store them someplace out of sight. This will not only keep them from being accidentally opened or stolen but will also help create a boundary between work and home life.

During these uncertain times, technology has been, and will continue to be, critical in keeping us all connected — both personally and professionally. As long as it is used smartly and safely, it helps people to keep some sense of connection and normalcy in what is otherwise an anything but normal time.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Cybersecurity Home School: Garfield Teaches Security."

Andrew is an experienced information security and technology professional currently leading the information security program at Park Place Technologies, the premier Third Party Maintenance provider in the world. Over his 25+ years in the industry, he has lead teams in ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/4/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13768
PUBLISHED: 2020-06-04
In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued.
CVE-2020-13849
PUBLISHED: 2020-06-04
The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe.
CVE-2020-13848
PUBLISHED: 2020-06-04
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
CVE-2020-11682
PUBLISHED: 2020-06-04
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request ...
CVE-2020-12847
PUBLISHED: 2020-06-04
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console� that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the applicat...