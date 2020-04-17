Millions of people work from home as employers ask only essential workers to show up in offices and retail stores in an attempt to stem the spread of coronavirus.

While some employees were already working from home either part-time or full-time and were set up to do remote jobs, other workers had to adapt very quickly to access corporate servers remotely and discuss projects via video calls or phone calls.

Maintaining privacy and being able to work effectively with colleagues and customers, who are often located in different time zones, can be a challenge.

Cybercriminals are always on the hunt for more unsuspecting victims through phishing, smishing and infecting software with malware.

“Given that companies around the world had to quickly switch to remote work, cybercriminals were equally adept at capitalizing on the world situation and in new business agreements to steal data, divert bank transfers to steal money, contain systems ransom money or just to stop the video conference, “said Randy Pargman, senior director of Binary Defense, a cybersecurity and intelligence company for information security based in Hudson, Ohio, and former FBI senior computer scientist. “Fortunately, many of the proven methods of protecting remote employees and working from the street that have been learned over the years can be applied to help protect the new remote workforce as well.”

Here are 12 tips on how to work from home efficiently and safely while dealing with constant distractions and worries about COVID-19.

1. Buy new equipment / furniture

Jason Brooks, a financial journalist with KCBS Radio in San Francisco covering the stock market, the economy and Silicon Valley and also a business reporter for CBS Radio News, started working from home on March 13th. He had never aired live from his home since making an occasional phone report on the latest news. Brooks needed new tools and purchased a new 27-inch Mac desktop because his old HP were unreliable.

He also updated his home microphone with a new Shure Beta 58A and an iRig Pro audio interface to connect through his work iPad which is used for a live connection on KCBS and for songs recorded via Logic Pro X on Mac.

“After working in radio and television studios for about 30 years, it was rather the adjustment that provided live reports from home,” he said. “It took a couple of weeks to set up a configuration that works and I quickly learned to be my engineer.”

Brooks said he likes to work from home and skip a three-hour round trip to San Francisco, allowing him to spend more time with his wife and dog, Brinkley.

“But I miss the buzz of the editorial team and my colleagues,” he said.

Bryan Clagett spends a lot of time on Webex, Zoom (ZM) – Get reports and other video conferencing platforms and use his office in Williamsburg, Virginia to talk to his colleagues and customers.

“In those cases, I need a” professional “environment and use my home office,” he said. “When I don’t need to be in front of the camera or when I want to get away from the family as much as possible, I retire to my desk standing in the basement.”

During conference calls, Standing Clagett, director of strategic initiatives at StrategyCorps, a banking consulting firm based in Brentwood, Tennessee, who develops reward programs associated with bank checking accounts and lenders, an opportunity to stimulate some hopes that he is burning calories.

“Making sure my WiFi was reaching that corner of the house was an important consideration before construction,” he said. “By the way, the standing desk is made from the top of an old entertainment console that I found, so I recycle it while staying healthier.”

Daren Blonski, CEO of Sonoma Wealth Advisors in California, purchased a permanent desk in March to adapt to work from home.

“Among dogs, children and partners, working from home can be dangerous to health,” he said. In an attempt to preserve my sanity, I purchased an Uplift standing desk. My rule is that I can only sit down when I talk to customers. So when I’m doing busy work, I’m on my feet. This forces me to do less busy work and allows me to help with home management. “

Like many other people, Blonski believes that working from home will become more common and emerge as a new norm.

“Making sure that my workspace is more efficient really helped me – that means getting better monitors, faster computers to trade on, and having a direct line to my home office,” he said. “I don’t think the work will return to normal in the near future, so I have planned and set up my space for the long haul.”

Keeping balance and time away from computer screens is also vital.

“I also take some time after the market closes every day to get some vitamin D and exercise,” said Blonski. “I found that working from home means that I actually work more hours, so I really have to set limits to make sure I don’t do 15 hours a day every day.”

2. Avoid free public WiFi

Employees should avoid connecting a work computer to any free public WiFi access point, especially a password-free network, Pargman said.

“Not only can malware on other people’s computers attempt to penetrate your computer, but people with malicious intentions in the vicinity may try to spy on your computer’s network traffic and steal sensitive information or redirect your web browsing to websites controlled by the attacker, “he said.

3. Use a virtual private network (VPN)

Instead, use a VPN to encrypt all network traffic and protect it from interception or manipulation.

“When using a VPN, all network traffic is encrypted and cannot be seen by other computers on the local network,” said Pargman.

All VPNs are not created the same way. The best practice is to ask the employer for advice on which one to use.

If the VPN is managed by your company, ask if all your network traffic goes through the VPN or if it is split, he said.

“Many companies have configured their corporate VPN to send direct network traffic to the company’s internal servers through the VPN, leaving the rest of the connections to other websites unprotected,” said Pargman. “This helps ease the load on the company’s VPN server, but it’s an important point for remote employees to understand.”

4. Determine the security features of the video conferencing platforms

Using the right security settings for your video conferencing software is critical. While Zoom has been under closer scrutiny recently due to its rapid rise in popularity, the company has also been “ready to respond to recent criticisms and offer software updates, changes to defaults and recommendations to protect meetings from attendees. unwanted, “said Pargman.

Managers must set a password and use unique meeting IDs for employees to join video calls and limit the audience’s ability to share videos or their screen for public meetings. This strategy does a lot to prevent video conferencing from becoming a source of problems.

“Keep webcam coverage on your computer’s camera when you don’t use it to prevent over-sharing of images if you accidentally join a video call,” he said.

Protection against software vulnerabilities requires vendor patches and user due diligence, said Chris Morales, security analysis manager of Vectra, a San Jose, California-based technology provider that applies AI to detect and hunt cyber attacks.

“Restricting access to a video session is based on the quality of user authentication checks such as strong passwords and user validation,” he said.

The simple fix, which Zoom has now made standard, is to impose default passwords for all video conferencing.

“How strong that password will still affect someone’s ability to log in to a current session, but it’s much better than no password,” said Morales.

By default, moderators can also mute all participants and disable screen sharing features.

“The biggest risk was the ability for an outside party to join a session and stop or intercept,” said Morales. “Listening to ears allows you to hear what could be a valuable conversation with interesting data, depending on who is involved and the ongoing discussion. The other risk is the interruption of a session with shared images and sounds. Think of it as a digital graffiti. “

Companies can avoid being hacked during video conferencing by identifying attendees, said Chris Hazelton, director of security solutions at Lookout, a San Francisco-based mobile phishing solution provider. Larger companies must use corporate directory integration where any user in the organization is identified by their real name.

“Allowing strangers to participate means that they can create false identities by allowing them to behave or listen or interrupt meetings with few risks or consequences,” he said.

Avoid using a waiting room because this allows anyone to join without giving the meeting host a chance to check in on the attendees before they join, said Hazelton.

“With mass migration to work from home, any perimeter-based security comes out the window and with it comes a shift in attention for cybercriminals,” he said. “Cybercriminals, who are also stuck at home, quickly realized that they had a large untrained target audience for malicious social engineering attacks through phishing, as well as opportunity targets as users post links to online meetings that include Meeting ID and password. ”

A large number of traditional in-person meetings went online and while Zoom implemented security mechanisms, including support for single sign-on and multi-factor authentication, the company had to focus on the real problem: users poorly trained, said Hazelton.

“Zoombombing is caused by a lack of cyber security awareness and internal threats,” he said. “In addition, users share meeting details and some attendees want meetings to be listened to or stopped.”

Zoom meetings can be end-to-end encrypted as long as all attendees use a Zoom desktop app or a mobile client app, Hazelton said.

5. Suppose you are registered

Determine if your conversations and videos are recorded. Since many employees may not know it, they should “always take on the worst,” said Alex Hamerstone, GRC practice manager at TrustedSec, a cybersecurity and hacker company based in Strongsville, Ohio.

“Any technology can be registered, so you should always assume it is and act accordingly,” he said. “Any conference platform can be set up to record calls.”

Remote workers should also be wary of fake Zoom invitations, as well as other invitations to video conferencing or teleconferencing that can be sent via email in order to hijack the work account or infect the employee’s device with malware, he said. Hamerstone.

“The researchers noted an increase in Zoom’s domain name registrations in March, which hackers are likely using to trick people into fake login pages.”

6. Use the Mute button

The zoom is used constantly at Forward Networks, a provider based in Palo Alto, California, which provides network insurance and purpose-based network verification services, as it is the common thread of external suppliers, job candidates and existing customers. .

“It’s not just critical for teamwork and collective decision making within and between internal teams and we have the Zoom app installed on our phones and we even use Zoom Room video conferencing systems in our office meeting rooms.” said Charlie Elliott, digital marketing manager of Forward Networks.

Use best practices while using Zoom or another video conferencing platform with your colleagues. Mute unless it is necessary not to silence, he said.

“This is especially important when working from home with a full house, even if you don’t have talkative children in the house, dogs and birds will interrupt the conversation without warning,” said Elliott. “Keep a camera cover on your laptop’s webcam that can open when you really want to be seen. When you want to be seen, but you don’t want your messy shelves, the hand-down sofa or the basket full of laundry on the camera, use a virtual Zoom background to digitally erase everything around you. ”

Sheltering home with working parents and schoolchildren using virtual classrooms can strain physical space in a home, especially in the Bay Area where houses are small, he said.

“When one of the key members of our technical team needed to hold a Zoom meeting, he was forced to occupy his garage as a home office,” said Elliott. “Fortunately, we had a library of virtual backgrounds loaded into our Zoom app so that when he conducted a webinar, it could be seen on the camera, but his socket wrenches couldn’t.”

7. Beware of fake emails

Watch out for emails that appear to be important or urgent information about the COVID-19 situation, especially if the email contains a Zip file, a Word document or an Excel spreadsheet as an attachment or a link to download one of those file, Pargman said.

“I have seen a steady stream of malware in recent weeks disguised as urgent information that supposedly needs a quick response,” he said. “If you download one of these files and open them, stop and think twice about clicking on any security message. Many of these malicious documents require the recipient to click “Enable content” or double-click an executable file within a Zip file to run. “

If you have no doubts or suspicions about the sender, send the email to your company’s IT team.

“They would rather spend a few minutes checking a suspicious email than spending hours repairing the computer and repairing damage caused by malware,” said Pargman.

Companies must foster a strong sense of safety culture, said Alex Guirakhoo, strategy and research analyst at Digital Shadows, a San Francisco-based digital risk protection provider. Companies should make sure their employees are aware of some of the most common phishing calls.

“Emails claiming to offer COVID-19 infection maps contain important government alerts or offers on medical equipment that appear too good to be true should raise suspicions, especially if sent from unknown external sources,” he said. “People should never disclose their personal or sensitive information to an unwanted email and should always be wary of emails that contain suspicious documents or URLs.”

8. Malware exists on other connected devices

Remote workers must be aware of the potential dangers arising from other devices on the network on which their work computer operates. Pargman said that many home computers and WiFi-connected security cameras or smart TVs can be infected with malware.

“When a working computer is joined to the same home network, those infected computers now have more opportunities to attempt to compromise the working computer because they are on the same local area network, which can be considered more reliable,” he said.

Employees must set up work laptops to treat the home network as untrusted. This means allowing a Windows firewall to block connections from other computers on the same network and not to use the same password to access a work computer that is used on the home computer and on other websites, Pargman said.

“Most malware includes the ability to steal passwords stored or typed on infected computers,” he said. “Some malware uses those stolen passwords to try and access all other computers on the same network.”

9. Disconnect Home Assistant devices

Alexa and Echo, two popular domestic helpers, could spy on you and everyone in the house. This is extremely problematic if your job includes sensitive information, such as financial, medical or legal data.

Some experts recommend disconnecting the home assistant while making phone or video conference calls, especially during confidential calls.

“It’s not entirely clear how dangerous it is,” said Hamerstone. “For most people, especially those who work for small businesses, this is probably not a risk you need to worry about beyond normal privacy issues.”

Corporate and government workers should give higher priority to the fact that these smart speakers are increasing their risk.

“It’s not entirely clear how much of what we say around these devices will actually be captured and recorded, so for safety, you should assume that the device is always” on “,” he said. “We know these devices can be turned on unintentionally by the user when he says the activation keyword (like” Alexa “). If you share highly sensitive information, you may want to disconnect the smart speaker.”

10. Update with security patch

Keep the software on your computer up to date with the official security patches provided through the software itself, Pargman said.

Avoid downloading updates from websites, especially if the link to download the software is sent to you via an email.

“Attackers love to disguise malware as an” important security update “and try to trick people into installing it,” he said. “These fake updates usually come in pop-up form from an unrelated website or from an email message.”

11. Follow the guidelines of your company

The most important thing for anyone working from home to understand is that they should follow company guidelines. If your company provides a VPN, use it and install only approved software, Hamerstone said.

“It is essential to follow all company guidelines,” said Hamerstone.

When working from home, you are tempted to install things that seem to increase productivity.

“Just last week, a friend asked me how they could install their remote access software for use on their work computer,” he said. “This sort of thing could easily compromise your safety or create other problems.”

Remote connectivity security is the responsibility of both IT departments and employees, said Heather Paunet, vice president of product management at Untangle, a supplier based in San Jose, California, which offers global network security for small and medium-sized businesses. companies.

“IT departments need to fully understand the programs used by each department, how it can vary from finance to sales and how employees will be able to connect to these programs remotely,” he said. “The IT department should coordinate with department managers to train employees to connect remotely via a VPN. This training should be ongoing, with documentation, detailed guides and possibly video instructions to make sure it is accessible offline and online for employees to follow it. “

Companies are rapidly deploying VPN and authentication technologies, such as multi-factor authentication, allowing employees to be able to connect to mission-critical resources from their remote workstations, said Arun Kothanath, chief security strategist at Clango, an independent IAM / cybersecurity consulting firm.

The result is that employees often end up with “too much access” or “too little access”, which could lead to a significant security breach or loss of productivity.

“We like to advise IT security directors to focus on ways to increase visibility and accountability by increasing audit frequency and access certification activities to ensure that the organization is not harmed by an employee who has” inappropriate access “.” , he has declared.

12. Use virtual coffee breaks

Technology has allowed many people to stay in touch and stay safe in light of the current situation, said Joseph Carson, chief security scientist and CISO consultant at Thycotic, a Washington DC-based provider of privileged access management solutions. (PAM):

“Technologies that can help make life a little normal have seen a renaissance,” he said.

“Video conferencing solutions that allow employees to stay in touch and have virtual coffee breaks with colleagues are back in fashion. Facebook Live has seen entertainers find new ways to entertain citizens at home with digital concerts, comedy shows and theater. “

Suzanne Hero, Gensler’s public relations manager in San Francisco, said that departmental and office level social hours help ensure that employees feel supported and connected.

Many employees work from home, although some are found in smaller apartments and confined spaces.

“I sat at my kitchen counter in my small San Francisco apartment working on a laptop,” he said. “It’s the only floor we have, apart from a coffee table, so my husband works from the bed.”

Hero conducts daily video calls with his team. His company always had Microsoft Teams available and installed on all computers, but his team has not actively used it so far.

“It actually proved very useful,” said Hero.

