Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/13/2020
10:00 AM
Andrew Weaver
Andrew Weaver
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

More Tips for Staying Safe While Working from Home

While some users are up to speed with the WFH protocol, it's worth adding a few more items to your security checklist.

There's good news and bad news as we adjust to our newly altered work- and lifestyles. The good news is that IT has long been accustomed to working remote. Problems occur at all times of the night, on holidays, and during vacations, so the capability has been developed over time. As well, with the rise of offshoring, managing remote teams with language and time barriers has become standard within the IT population. Many companies have large numbers of IT employees who work full-time from home.

With the tools and methodologies already established, the real question is to how to apply these to populations that have not typically worked from home and are suddenly having to adjust. The fact is, those who are not used to working remotely may not fully understand the security threats that go along with working from home. And the bad news is that bad actors are attempting to use the fear and uncertainty around the COVID-19 pandemic to try to get computer users to fall for their scams.

Security teams should remind all employees about the basic best practices to avoid being a victim of online scams. 

See Something, Say Something
If you receive an odd email that you don't recognize, or notification that someone is trying to access your account, don't assume that someone else sees it before you. If you have any question on an email, don't hesitate to forward it to your IT or security team or use the Phish Alert button in Outlook. 

Never reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email. Pay attention to the website's URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net, or even .co – no "m").

And always remember, when in doubt, throw it out. If the email looks like trouble, it probably is.

Caution with Webex, Teams 
A team communication technology, such as Microsoft Teams, Cisco Webex, and Slack, is a must-have for remote working. Ensuring these are licensed for unlimited use and available to all team members is key.  

But these platforms come with their own security risks as well. When you send an invite for a meeting on the Web, by default anyone with the link (internal or external to your company) may join the meeting. If you are leading a meeting of a confidential nature, you should schedule a regular Webex meeting that also includes a password. 

Try to Separate Work and Home Life
If you need to leave your home for supplies or other reasons, make sure your work devices are either shut down or locked, including any mobile phones you might use to check email or make work phone calls. If you live with a roommate or young children, be sure to lock your computer even when you step away for just a bit. Don't tempt your roommates or family members by leaving your work open. This is true even for the workplace, but extra imperative when working from home.

If you can't carve out a separate workspace in your home, be sure to collect your devices at the end of your workday and store them someplace out of sight. This will not only keep them from being accidentally opened or stolen but will also help create a boundary between work and home life.

During these uncertain times, technology has been, and will continue to be, critical in keeping us all connected — both personally and professionally. As long as it is used smartly and safely, it helps people to keep some sense of connection and normalcy in what is otherwise an anything but normal time.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Cybersecurity Home School: Garfield Teaches Security."

Andrew is an experienced information security and technology professional currently leading the information security program at Park Place Technologies, the premier Third Party Maintenance provider in the world. Over his 25+ years in the industry, he has lead teams in ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5991
PUBLISHED: 2020-10-30
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
CVE-2020-15273
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can ac...
CVE-2020-15276
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
CVE-2020-15277
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.
CVE-2020-7373
PUBLISHED: 2020-10-30
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is ...