Remote Working: 10 Steps To Making It More Secure

Author: Monique Magalhaes

Across the globe, we are all working remotely — from our homes. Being able to work remotely is one thing, but doing it securely is another and has become more critical than ever during the ongoing coronavirus (COVID-19) crisis. In the past several weeks, there have been several reports of remote working applications having security flaws and growing concerns from businesses and people about the security of remote working. Businesses need to continue to work during the crisis. Meetings must happen, and documents must be shared. The lines of communication need to be maintained, but the process is now very different. As a society, we have been forced to enhance and adapt at speed, if we are to keep our businesses functioning and our people working.

Employees are using what they can to work remotely. Due to the fast-paced nature of the crisis companies and employees have rushed to get operational remotely, with little consideration of cybersecurity in many cases. This means that some employees are working on home computers or computers that are not the property of the company. Additionally, computers are not updated to the current version of the software. They are unpatched as the machines are not being maintained in a corporate managed structure.

1. Get your remote working tools from the right place

When obtaining your tools, get the tools from the vendors’ trusted website — only! It’s important to only use the trusted website, do not use any other websites. If you download these tools from another source, you are very likely to be infected with a Trojan.

2. Always log in securely

Always only log in with an account that you have created for your remote working system. Do not log in by an alternate means. Do not be tempted to log in using the likes of Facebook, Google, or any other account other than the one that you’ve created. If you are using the tool for corporate reasons — use a corporate account. This is important because if you choose to use your personal account and it gets compromised, you will be exposing your company and the corporate environment.

3. Account login and credentials

Make sure that the account is set up with a unique password and that the password is not used for any of your other accounts.

4. Setting up a meeting

Make sure that your unique meeting password protects all the meetings. By doing this, it inhibits anyone without the meeting password from joining. So, you have improved control over your meetings and who can join.

5. Using a remote access tool

Be careful of the links that you click on when using remote working and meeting tools. As with emails, these tools can be phished. So, if you don’t know all of the people on the call, be cautious as automatic links can be sent by other users’ infected machines.

Ensure that you don’t click UNC links. These are links with\\network\path\etc. These links can be dangerous.

When downloading a document from within these tools, users should only do so when receiving files shared by other corporate users, within the company. As downloading files to your PC could infect the PC if your computer does not have corporate-grade anti-malware. Most home computers do not have this level of enterprise protection.

6. Installing remote working tools (RWTs)

If you install remote working tools on a computer, you need to keep it updated —every day! There is currently no other choice than to keep updated to the latest version if you want to be secure.

Most vendors have aggressive updating cycles and are working on these tools during the pandemic and releasing new versions often.

If you are unsure, uninstall the tool once you have used the product. This is a reason to use these tools on a mobile device as the mobile devices typically keep the apps up to date automatically.

If you install these tools on your mobile device, do it by visiting the official vendor’s website and then pressing on the AppStore link. If you do it from a meeting invite or an email, it could be a phish. Even the AppStore is known to have had fake applications floating about, so installing it from the vendor’s website is the safest option.

Keep track of where you have installed RWTs as you will need to update them over the next few weeks repeatedly as vendors continue to improve and maintain their tools.

7. Sharing data

When using RWTs, try not to share data using these tools. Your company is likely to have a shared drive, and emails can be used for sharing data too. We should be mindful not to exfiltrate data using RWTs. The more data and links you share using platforms, the more challenging it is to control the data. If you must share data in this way, encrypt the data first and then share it using your chosen RWT. As a host, you can also disable file transfer so that in your meetings, file transfers are prohibited, if the RWT allows for this.

8. The social side

Don’t take print screens of meetings, don’t share your RWT calls on social media or to any untrusted external parties. Often there are details like meeting IDs and business topics that are confidential, and this practice should be discouraged as not to leak any information. Also, be mindful of what is in the background when in a conference call, there could be customer documents and other confidential information lurking in clear sight.

9. Inform your IT team

We are all using products to facilitate remote working, to enable us to function in efficient ways. Especially at this time. We will also use a myriad of products, so we must do what we can to work remotely in a more secure way.

We are adapting and improving. We need to keep IT in the loop. It’s good practice to inform the operations team, so the IT team can support employees that are working remotely and maintain secure working from home.

Are you relying on end users to raise incidents that should have been spotted by more pro-active and improved mean-time-to-detect (MTTD)?

10. Use waiting rooms

If you are hosting an RWT meeting and have invited many people to the meeting, you may want to screen the attendees by using waiting rooms. This measure will ensure you curate the meeting and that no one uninvited can join.

A silver lining

It’s incredible how many businesses (of all sizes and types) have managed to get up and running and continue their business function with their employees scattered and working from home. The global coronavirus crisis has forced us to work in a way that many would not even have considered an option before. We’ve been forced to enhance our business functioning and adapt to keep our businesses running and employees working. It’s amazing … so many of us are doing it and making it work!

However, there is a concern for security. Working in this way and scale, perhaps a novelty for many businesses a couple of weeks back is now the norm across the globe. With this speed of change, mistakes and security gaps are heightened.

When working remotely — from our homes — using RWTs, it’s important to ensure that we are doing what we can to work as securely as possible. Especially since personal and sensitive data is being communicated in this way and on such a large scale.

Source: TechGenix

Supply Chain Threat Detection

Cyber criminals have upped their game, so should you. We never underestimate or ignore your supply chain's security threats.

Security Operations Center

Financial losses, intellectual property theft, and reputational damage due to security breaches can be prevented.

SOC Assurance Service

Despite a mature Security Operations Center, you're still under threat. Our SOC Assurance mitigates the risk of unnoticed breaches.

Emergency Cyber Response

Regain immediate control, contain the damage, and eradicate the threat. Your bullet-proof, SOS rapid response.

Agentless Network Segmentation

Rely less on vulnerability management and rest assured that the threat won’t spread across your network.

Cyber Risk Assessment

Understand how vulnerable you are. We identify your threat sources and calculate your risks – likelihood and impact.

Endpoint Detection and Response

This solution is for customers that do not have extensive security budgets or staffing to implement and monitor an endpoint security solution.

Irregular Behavior Detection

Companies focus heavily on malicious outsider mitigation, while the biggest threat lies with those who already have access.

Penetration Testing Services

A penetration test is arguably the most important part of any cybersecurity journey, it tests an organization’s ‘final line of defense’ against attackers.

Security Awareness Training & Testing

With cybersecurity awareness training, the risk of human error can be reduced, turning human error into a human firewall.

Insights

360 Security
Must Know Cyber
Security Services

Resources

WEBINARS
MEDIA
SON OF A BREACH
CASE STUDIES
USE CASES

Cyber Security Services

Supply Chain Thread Detection
Security Operations Center
SOC Assurance Service
Emergency Cyber Response
Agentless Network Segmentation
Cyber Risk Assessment

Supporting Cyber Security Services

Endpoint Detection and Response
Irregular Behavior Detection
Penetration Testing
Security Awareness Training and Testing

Related Posts

Cyberattack alerts
Must Know Cyber

Cyberattack Response Checklist

In the high-stakes chess game of digital security, a single misstep can lead to checkmate by cyber adversaries. As we

Cyberattack Emergency

Are you experiencing an active cyberattack?

Get rapid response.

Call ENHALO’s International SOS no:
For Other Inquiries: