Author: Monique Magalhaes
Across the globe, we are all working remotely — from our homes. Being able to work remotely is one thing, but doing it securely is another and has become more critical than ever during the ongoing coronavirus (COVID-19) crisis. In the past several weeks, there have been several reports of remote working applications having security flaws and growing concerns from businesses and people about the security of remote working. Businesses need to continue to work during the crisis. Meetings must happen, and documents must be shared. The lines of communication need to be maintained, but the process is now very different. As a society, we have been forced to enhance and adapt at speed, if we are to keep our businesses functioning and our people working.
Employees are using what they can to work remotely. Due to the fast-paced nature of the crisis companies and employees have rushed to get operational remotely, with little consideration of cybersecurity in many cases. This means that some employees are working on home computers or computers that are not the property of the company. Additionally, computers are not updated to the current version of the software. They are unpatched as the machines are not being maintained in a corporate managed structure.
10 Steps to secure your remote working
1. Get your remote working tools from the right place
When obtaining your tools, get the tools from the vendors’ trusted website — only! It’s important to only use the trusted website, do not use any other websites. If you download these tools from another source, you are very likely to be infected with a Trojan.
2. Always log in securely
Always only log in with an account that you have created for your remote working system. Do not log in by an alternate means. Do not be tempted to log in using the likes of Facebook, Google, or any other account other than the one that you’ve created. If you are using the tool for corporate reasons — use a corporate account. This is important because if you choose to use your personal account and it gets compromised, you will be exposing your company and the corporate environment.
3. Account login and credentials
Make sure that the account is set up with a unique password and that the password is not used for any of your other accounts.
4. Setting up a meeting
Make sure that your unique meeting password protects all the meetings. By doing this, it inhibits anyone without the meeting password from joining. So, you have improved control over your meetings and who can join.
5. Using a remote access tool
Be careful of the links that you click on when using remote working and meeting tools. As with emails, these tools can be phished. So, if you don’t know all of the people on the call, be cautious as automatic links can be sent by other users’ infected machines.
Ensure that you don’t click UNC links. These are links with\\network\path\etc. These links can be dangerous.
When downloading a document from within these tools, users should only do so when receiving files shared by other corporate users, within the company. As downloading files to your PC could infect the PC if your computer does not have corporate-grade anti-malware. Most home computers do not have this level of enterprise protection.
6. Installing remote working tools (RWTs)
If you install remote working tools on a computer, you need to keep it updated —every day! There is currently no other choice than to keep updated to the latest version if you want to be secure.
Most vendors have aggressive updating cycles and are working on these tools during the pandemic and releasing new versions often.
If you are unsure, uninstall the tool once you have used the product. This is a reason to use these tools on a mobile device as the mobile devices typically keep the apps up to date automatically.
If you install these tools on your mobile device, do it by visiting the official vendor’s website and then pressing on the AppStore link. If you do it from a meeting invite or an email, it could be a phish. Even the AppStore is known to have had fake applications floating about, so installing it from the vendor’s website is the safest option.
Keep track of where you have installed RWTs as you will need to update them over the next few weeks repeatedly as vendors continue to improve and maintain their tools.
7. Sharing data
When using RWTs, try not to share data using these tools. Your company is likely to have a shared drive, and emails can be used for sharing data too. We should be mindful not to exfiltrate data using RWTs. The more data and links you share using platforms, the more challenging it is to control the data. If you must share data in this way, encrypt the data first and then share it using your chosen RWT. As a host, you can also disable file transfer so that in your meetings, file transfers are prohibited, if the RWT allows for this.
8. The social side
Don’t take print screens of meetings, don’t share your RWT calls on social media or to any untrusted external parties. Often there are details like meeting IDs and business topics that are confidential, and this practice should be discouraged as not to leak any information. Also, be mindful of what is in the background when in a conference call, there could be customer documents and other confidential information lurking in clear sight.
9. Inform your IT team
We are all using products to facilitate remote working, to enable us to function in efficient ways. Especially at this time. We will also use a myriad of products, so we must do what we can to work remotely in a more secure way.
We are adapting and improving. We need to keep IT in the loop. It’s good practice to inform the operations team, so the IT team can support employees that are working remotely and maintain secure working from home.
Are you relying on end users to raise incidents that should have been spotted by more pro-active and improved mean-time-to-detect (MTTD)?
10. Use waiting rooms
If you are hosting an RWT meeting and have invited many people to the meeting, you may want to screen the attendees by using waiting rooms. This measure will ensure you curate the meeting and that no one uninvited can join.
A silver lining
It’s incredible how many businesses (of all sizes and types) have managed to get up and running and continue their business function with their employees scattered and working from home. The global coronavirus crisis has forced us to work in a way that many would not even have considered an option before. We’ve been forced to enhance our business functioning and adapt to keep our businesses running and employees working. It’s amazing … so many of us are doing it and making it work!
However, there is a concern for security. Working in this way and scale, perhaps a novelty for many businesses a couple of weeks back is now the norm across the globe. With this speed of change, mistakes and security gaps are heightened.
When working remotely — from our homes — using RWTs, it’s important to ensure that we are doing what we can to work as securely as possible. Especially since personal and sensitive data is being communicated in this way and on such a large scale.
Disclaimer Insights and press releases are provided for historical purposes only. The information contained in each is accurate only as of the date material was originally published.