We at Certified CIO want to thank you for your responses and interactions during the COVID-19 outbreak. We are placing health and safety as our number one priority. Additionally, we are happy to be helping you do the same! We are pleased to report that the vast majority of our customers who have decided to work remote have adjusted well to doing so. For those who’ve had some trouble, we’ve helped them get back on track. Now that we’re safely working from home, much of our focus has changed to maintaining proper security in doing so.
Unfortunately, work-from-home presents a unique set of new (to many) security concerns. However, with proper precaution, you can present your best defense against those who wish to exploit these new work arrangements.
Our security experts recommend a few easy first steps to stay safe and productive on home computers:
- Work to ensure every user’s home computer is on a supported operating system. For Windows machines, for example, these are Windows 8 or 10. Windows 7 no longer is supported by Microsoft and is much more likely to be vulnerable to attack.
- Keep all home user computers up to date. Similar to using an older operating system, having an out-of-date machine may present security vulnerabilities. As well, users should be encouraged to update applications that they use on their computers, especially those they use the most.
- Make sure home computers have anti-virus and are password protected upon start-up or waking. Additionally, make sure anti-virus definitions are up-to-date.
- Multifactor (or Modern) authentication adds a layer of protection in the event of a compromised password. It requires at least a second method of authentication, through various means including app sign-in via smart phone or temporary code through text message or authenticator application. Use this whenever possible. If you’re not sure how to enable these, consult an IT professional.
- Virtual Private Networks, commonly called VPNs, create a secure lane of traffic between points A and B, in this case home and work. VPN traffic is encrypted and much more secure than an open connection.
- Avoid use of public or unsecured home WiFi networks. The signals passing on these networks is easily intercepted and may be used to gain access to unauthorized networks. Instead, use wired connections or WiFi networks with at least WPA2 standards of encryption.
- Ask employees to ensure their home router network names are not default and router administrator account information is changed. For example, many home networks will broadcast the manufacturer and model name as the default network name. Armed with this information, a person within signal range can easily lookup the product manual to determine default administrator username and password to grant themselves access.
- Inform those using home computers to turn off “Automatically connect to WiFi” to ensure you are connected exactly where you expect and intend to, rather than a neighborhood coffee shop or the neighbor’s network you used once when your personal router went down.
- Employees with the technical skill and equipment to do so may wish to create a separate network exclusive to work use. Many online/”smart” appliances can be prone to becoming vulnerable, for example. A careless child may inadvertently click an incorrect link. A second network is another layer to help protect your company’s assets.
Don’t just take our word for it! Following are some helpful security links from our partners and governmental agencies:
- ConnectWise –
- “Securing Your Remote Workforce in Time of Emergency”
This short guide outlines and reinforces some important general security tips specific to work-from-home. - “Remote Workforce: Staying Secure in a Remote Workplace” is a 45 minute webinar focused toward small business owners regarding the who, what, where, when, why, and how it is necessary to take the steps required to maintain a secure remote workforce. While it gets a bit deep at times, it provides crucial information for best practices and protection.
- “Securing Your Remote Workforce in Time of Emergency”
- Huntress—
- RDP (Remote Desktop) Compromise displays methods used to penetrate insecure remote desktop protocols, and how frighteningly easy it can be in nefarious hands. (Demonstration begins at the start time in the link and is approximately 6 minutes.)
- US Department of Homeland Security—
- “Defending Against COVID-19 Cyber Scams” is a short advisory regarding IT attacks during the COVID-19 emergency.
- Federal Communications Commission—
- “COVID-19 Consumer Warnings and Safety Tips” is a short list of common phone and text fraud attempts currently occurring.
Have questions? Need a hand with some of this? We can help! Please feel free to communicate with us! We want to help keep you safe and secure during these uncertain times. Stay safe out there!