Working remotely makes cybersecurity more critical than ever
by Dan Booth
Mobile devices and technology have virtually saturated our everyday lives as general consumers. Sure, we all probably have that one friend who still uses a flip phone just to cooly be ironic, but most of us find our lives inextricably intertwined with our mobile devices.
As the wave of the novel coronavirus washed over the world’s economies, business travel slowed to a trickle, leaving companies scrambling to find ways to survive in the midst of a flagging global economy. Only now are we seeing some signs of life returning, slowly and in fits and starts, grounding business travelers who would normally be hitting the road, leaving them to plug into work-from-home schemes instead.
Fortunately, over the past several decades developments in connectivity and computing solutions have become more widespread. And since the capabilities have been there for some time, a significant and growing proportion of the workforce is already on board with this mode of work.
However there can be a dark side to work-at-home; as the numbers surge, it opens the door to cyber risks that may be well controlled by a large company’s IT security measures, but not in a vulnerable home office environment.
The latest headline-making example is so-called ‘zoom bombing,’ a word play on the ever-popular prank of photobombing (except a lot worse) combined with the name Zoom, the free video conferencing software – although any video conference can be hijacked, regardless of platform. The interruptions often take the form of the unwanted participants posting lewd or offensive content.
Zoom founder and CEO Eric S. Yuan says Zoom is “shifting all our engineering resources to focus on our biggest trust, safety, and privacy issues.” In the meantime, Yuan recommends Zoom’s security features already in place, including: • Avoid sharing privatemeeting links on social media orother public forums because anyone with the link can join themeeting. • Use the host controls in Share Screen settings and then Advanced Sharing Options to keep control of the screen. Under “Who can share?” choose “Only Host.” • Allow only signed-in users to join and lock the meeting after it starts. Turn off file transfer and annotation to keep out unsolicited content. • Try the Waiting Room to keep guests from joining until the meeting is ready to start.
Mind the Gaps Critical and costly problems with video conferencing platforms have captured the headlines, and drawn the attention of state attorneys general and even the FBI. In a statement, the Bureau warned, “As individuals continue the transition to online lessonsand meetings, the FBI recommends exercising due diligence and caution in your cybersecurity efforts.”
That’s sound advice coming from the experts, and not only for video conferences but for all manner of online remote work, especially wide-open home office portals tapping sensitive corporate IT systems. In fact, the upsurge in employees working from home – lacking the more sophisticated cyber countermeasures in place back at the office – has made enterprises large and small more susceptible to attack.
The good news is, technology solutions are available that can control the risks. However even though there are a variety of cost-effective digital tools and security systems on the market, the key to effectively countering these threats, according to many cybersecurity experts, is adopting the right mindset to safeguard our remote working environment against attacks, whether we’re working from home or out on the road.
Cybersecurity Pointers To Live By PASSWORDS Most people wind up using the same passwords for different accounts and changing them infrequently, if at all. Weak and reused passwords are easy to hack; strong passwords still need to be changed from periodically and shouldn’t be shared; better yet, get into the habit of using password managers – applications that generate unique, complex passwords for different online accounts and store them securely.
FIREWALL Home office devices need firewalls – they are the first line of cyber defense. Experts advise making sure router and modem firewalls are enabled and property configured. Change default administrator usernames and passwords on routers/modems, and don’t forget any connected devices like video doorbells and garage door openers.
FRAUDULENT E-MAIL Phishing scams and other attacks carried out via e-mail are the most common means of exploiting employee vulnerabilities. Cybersecurity training should include strong warnings about fake e-mails. Always double-check the validity of links – or better yet, don’t click on them at all. Clicking on a phishing link or downloading an infected attachment from home can compromise a company’s entire IT system.
VPN Connecting to unsecured networks can make business data more vulnerable to hacks. The best way to keep online traffic private is by using a virtual private network. A VPN creates a secure encrypted tunnel that protects the connection from bad actors trying to breach the system. It allows employees to safely access their work accounts while working from home or using public WiFi – or even when we eventually get back to traveling.