Kevin Hayes, CISO
I won’t lie: COVID-19 has forced onto us a gigantic shift in how our organizations operate for both our employees and the people we serve. With much of our workforce now operating out of their homes, our security posture and risks have in many cases been flipped upside down. While we quickly adapt to this new situation, the following six points can greatly help keep security in place and our data secure:
Keep that antivirus running. Your computer is now on the battlefield front lines for cyber attacks, as you likely will not have the same kinds of firewalls and security protections you had when working physically at your organization’s office. Keep your antivirus and antimalware programs running and performing real-time scanning and protection.
Enable two factor authentication for personal and work systems. It can be easier for attackers to obtain your credentials with such a distributed workforce, and by linking your phone to your login you can thwart attacks even if your password is stolen.
Update your software on the computers you are using remotely. This includes your base operating system as well as any other applications such as Chrome, Firefox, Java and Adobe. Set a weekly calendar reminder to go through these apps and check to make sure you are best protected against emerging threats.
Keep others off. While you may be working to keep your computer secure when working from home, others in your household may not! The last thing you need is for someone else to click malicious links or unintentionally install malware when you least expect it. Where at all possible, keep spouses, children, and family from using your computer recreationally.
Beware email scams. Because of both pandemic fears and the lack of regular in-person contact, you may be more susceptible to click on unknown links in email messages. Always be skeptical of any message, trusting your gut if things do not feel right. If there is ever a doubt, always ask someone else (such as your IT team) to confirm a message.
Open up your communication. Utilize instant messaging and video conferencing services to remain connected to your teammates and peers. WebEx and Zoom are offering free versions of their service during the pandemic, with Google Hangouts and Skype being additional great choices. Seeing and hearing our colleagues is crucial to identifying other potential fraudulent attacks (such as phishing) if you encounter them.
We are all in this together, and by following guides like these and others by our community, we will come through this stronger than we ever thought possible.
Stay safe and healthy,
Kevin Hayes, CISSP, CISM
Chief Information Security Officer