The coronavirus has given businesses and organizations little to no choice but to adopt telecommuting on a bigger scale than many probably would have been happy with. Telecommuting securely during Covid 19 is a must.
The massive shift in working arrangement has changed the way employees interact with company systems and data, and the transition is giving malicious actors a window to carry out their attacks. Among the risks introduced by telecommuting are vulnerabilities in remote access tools or infrastructure such as VPN, reliance on insecure communication tools, and even supply-chain risks.
The Public Service Announcement issued by the Federal Bureau of Investigation last April identifies telecommuting vulnerabilities as one of the target areas that malicious cyber actors will zero in on to gain access to critical or sensitive information, steal funds, or wreak havoc on
organizational systems for political or personal reasons.
How can you be attacked?
To exploit your telecommuting software and applications, cybercriminals may use any of the following means:
Software from untrusted sources
- Legitimate-looking telework software—which may be offered for free or at a reduced price—is one way to gain access to sensitive data or to eavesdrop on online conversations.
- Phishing links or malicious mobile applications that appear to come from legitimate telework software vendors are also another way your organization can be attacked.
Communication tools
- Your communication tools (VOIP phones, video conferencing equipment, and cloud-based communications systems) may be targeted and used to overload services and take them offline, or eavesdrop on conference calls.
- Video-teleconferencing (VTC) hijacking will disrupt conferences with pornographic images, hate images, or threatening language.
Remote desktop access
While the remote desktop sharing features of some telecommuting software no doubt facilitate collaboration and presentations, they have a history of being compromised by malicious actors and used to compromise systems to move into other shared applications.
Supply chain
The increased demand for laptops to enable telecommuting inevitably leads some companies to foreign sources for laptop rentals, and the urgency in keeping business operations and services on schedule can result in overlooking the threat of preinstalled malware in previously used and improperly sanitized equipment.
Telecommute securely during Covid 19 dos and don’ts
The FBI’s PSA includes a list of what to do and what not to do to mitigate any vulnerabilities in your company’s telecommuting.
Do’s
- Select trusted and reputable telework software vendors. Perform additional due diligence when choosing foreign-sourced vendors.
- Restrict access to remote meetings, conference calls, or virtual classrooms, including the use of passwords if possible.
If using Zoom, for example:
- Make your meetings private. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature to control the admittance of guests.
- Provide teleconference links directly to specific people rather than share them on an unrestricted publicly available social media post.
- Manage screensharing options; change screensharing to “Host Only.”
- Ensure that users are using the updated version of remote access/meeting applications. (In January 2020, Zoom updated their software, and in their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.)
- Be alert to social engineering tactics aimed at revealing sensitive information. Use tools that block suspected phishing emails or allow users to report and quarantine them.
- Be wary of advertisements or emails purporting to be from telecommuting software vendors.
- Always verify the web address of legitimate websites, or manually type it into the browser.
- Ensure that your organization’s telecommuting policy or guide addresses requirements for physical and information security.
Don’ts
- Refrain from sharing links to remote meetings, conference calls, or virtual classrooms on open websites or open social media profiles.
- Avoid opening attachments or clicking links within emails from senders you do not recognize.
- Don’t enable remote desktop access functions like Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC).
Protecting yourself and your organization from cybercrime
In addition to ensuring that your telecommuting setup is secure. Being extra careful in general when working with and sharing your company’s data online or remotely.
The FBI’s safety tips for businesses and individuals to avoid being a victim of cybercrime include the above dos and don’ts as well as the following:
Do’s
- Change passwords for routers and smart devices from the default setting to unique passwords.
- Check for misspelled domain names within a link (for example, confirm that addresses for government websites end in .gov).
- Report suspicious activity on work computers to your employer.
- Use multifactor authentication (MFA) when accessing organizational sites, resources, and files.
- Practice good cyber security when accessing Wi-Fi networks, including use of strong passwords. As well as Wi-Fi Protected Access (WPA) or WPA2 protocols.
- Ensure desktops, laptops, and mobile devices have antivirus software installed and routine security updates are applied. Including regular updates for web browsers, browser plugins, and document readers.
Don’ts
- Refrain from providing usernames, passwords, birth dates, social security numbers, financial data, or other personal information in response to an email or phone call.
- Avoid using public or nonsecure Wi-Fi access points to access sensitive information.
- Refrain from using the same password for multiple accounts.
Put cybersecurity front and center of your telecommuting setup. Explore how TraitWare’s enterprise-level solutions can help keep your data secure as ever.