In light of the growing Coronavirus (COVID-19) pandemic, in our previous blog, we highlighted some of the numerous remote working solutions that are available to those who are forced to work from home during this worrying time. However, even now at the time of writing, we are hearing warnings and reports from several government agencies on how malicious actors are taking advantage of the crisis to push malware, ransomware, and phishing campaigns into even higher gear. Those who are working from home are especially at risk for a variety of reasons. Today we’re going to outline some of these vulnerabilities that DHS, NIST and other agencies are cautioning on, and what each person can do to secure themselves as much as possible on their end in their own home.
Keep your virtual meetings secure.
With more federal employees working from home, the National Institute of Standards and Technology (NIST) gave advice on how to keep virtual meetings secure. They recommend limiting the reuse of access codes, especially if you’ve been using that code for a long time. Recording the meetings is also a big concern, so unless it is necessary, try not to record your web meetings and conference calls. Enabling the use of “waiting rooms” can help you see who is waiting to join and is a suggested feature to use. The agency also recommends using multi-factor authentication for meetings when sensitive issues are the main topic.
Make use of these free enhanced licenses.
To assist this new wave of remote workers, software developers and service providers including Google, Microsoft, Adobe, Zoom, LogMeIn, and many more are offering free licenses or enhanced versions of their software and services during the COVID-19 outbreak. Bleeping Computer recently published a lengthy and extremely handy list of each program that is currently allowing everyone to use free of charge during this emergency. We strongly encourage you to take a look at it and call us if you have any questions about any of these services.
Secure your VPN.
Because remote work options require the use of enterprise virtual private network (VPN) solutions, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency is urging organizations to adopt heightened best-practice cybersecurity. Hackers have been targeting VPN vulnerabilities in the U.S. (and other countries) since the initial alert. Those attacks have continued through January, but many organizations have still failed to patch those known vulnerabilities. It is absolutely imperative that whatever VPN you’re using is updated and fully patched. Additionally, CISA recommended implementing multi-factor authentication (MFA) on VPN connections or requiring users to use strong passwords as a defense measure against attacks. Testing of VPN infrastructure in advance to assess its capability to support an increased number of users is also strongly encouraged.
Everyone needs to be made aware of the heightened risk of phishing and malware attacks during the COVID-19 pandemic. Being sure to follow NIST guidance on telework, remote access, and bring your own device (BYOD) security during this period, as doing so can be especially helpful. If you have any questions or concerns regarding the security of your remote workforce, please call us at (703) 396-6120. We’re here to help you in any way we can.
As always, let us worry about the technology. Just focus on staying healthy and keeping your organization’s goals in sight.
Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!
