There's good news and bad news as we adjust to our newly altered work- and lifestyles. The good news is that IT has long been accustomed to working remote. Problems occur at all times of the night, on holidays, and during vacations, so the capability has been developed over time. As well, with the rise of offshoring, managing remote teams with language and time barriers has become standard within the IT population. Many companies have large numbers of IT employees who work full-time from home.
With the tools and methodologies already established, the real question is to how to apply these to populations that have not typically worked from home and are suddenly having to adjust. The fact is, those who are not used to working remotely may not fully understand the security threats that go along with working from home. And the bad news is that bad actors are attempting to use the fear and uncertainty around the COVID-19 pandemic to try to get computer users to fall for their scams.
Security teams should remind all employees about the basic best practices to avoid being a victim of online scams.
See Something, Say Something
If you receive an odd email that you don't recognize, or notification that someone is trying to access your account, don't assume that someone else sees it before you. If you have any question on an email, don't hesitate to forward it to your IT or security team or use the Phish Alert button in Outlook.
Never reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email. Pay attention to the website's URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net, or even .co – no "m").
And always remember, when in doubt, throw it out. If the email looks like trouble, it probably is.
Caution with Webex, Teams
A team communication technology, such as Microsoft Teams, Cisco Webex, and Slack, is a must-have for remote working. Ensuring these are licensed for unlimited use and available to all team members is key.
But these platforms come with their own security risks as well. When you send an invite for a meeting on the Web, by default anyone with the link (internal or external to your company) may join the meeting. If you are leading a meeting of a confidential nature, you should schedule a regular Webex meeting that also includes a password.
Try to Separate Work and Home Life
If you need to leave your home for supplies or other reasons, make sure your work devices are either shut down or locked, including any mobile phones you might use to check email or make work phone calls. If you live with a roommate or young children, be sure to lock your computer even when you step away for just a bit. Don't tempt your roommates or family members by leaving your work open. This is true even for the workplace, but extra imperative when working from home.
If you can't carve out a separate workspace in your home, be sure to collect your devices at the end of your workday and store them someplace out of sight. This will not only keep them from being accidentally opened or stolen but will also help create a boundary between work and home life.
During these uncertain times, technology has been, and will continue to be, critical in keeping us all connected — both personally and professionally. As long as it is used smartly and safely, it helps people to keep some sense of connection and normalcy in what is otherwise an anything but normal time.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Cybersecurity Home School: Garfield Teaches Security."