Making Remote Work Secure: Five “Must Do” Steps

Jun 2, 2020 | Blog

Since COVID-19 became a global pandemic and steps were put in place to contain its spread, more and more
people have been forced to work from home. This transition requires many changes in how individuals and
organizations operate and communicate, especially in terms of using computers, personal devices, and
specific software that enables remote work.

 

At the same time, cybercriminals recognize that attacking home users is much easier as they are typically less
secured outside their office, where security policies and measures are enforced (at least at some level). Yet to do
their jobs, these remote workers need to connect to various servers and access and create confidential, sensitive
documents and data from their less-secure home office environment.

The risk of losing important data or being compromised becomes much greater at home. That is why every remote
worker should be prepared to secure his remote workspace. Here are five recommendations for securing a home
office.

1. Use a VPN
Whether you are connecting remotely to company resources and services, or you are just browsing web resources
and using telecommunication tools, use a Virtual Private Network (VPN). VPNs encrypt all of your online traffic to
prevent hackers from capturing your data in transit.
If your company has a VPN practice, you most likely will get instructions from your admin or MSP technician. If you
have to secure your working place yourself, use a well-known, recommended VPN app and service – they are
widely available in different software marketplaces or directly from vendors.

2. Be wary of phishing attempts
As a topic, COVID-19 is already being widely used in all types of phishing attempts – and the number of such
malicious activities will only grow. Every remote worker needs to prepare for the increase in phishing attempts by
understanding and recognizing the threat.
Themed phishing and malicious websites appear in large numbers every single day. These typically can be filtered
out on a browser level, but if you have a cyber protection solution installed on your work laptop or your company’s
MSP delivers that protection with a solution like ACDS Cyber Protect Cloud, you are also secured by dedicated URL
filtering. The same functionality is also available in endpoint protection solutions, although in ACDS Cyber Protect
we have a special category related to public health which is updated with higher priority.
Of course, those malicious links have to come from somewhere, and they are typically delivered in instant
messages, emails, forum posts, etc. Do not click any links you don’t need to click on, and always avoid those that
you did not expect to receive.
These attacks also use malicious attachments to emails, so always check where an email really comes from and ask
yourself are you expecting it or not. Before you open any attachment, be sure to scan it with your anti-malware
solution, such as ACDS Cyber Protect Cloud.

To be sure that all phishing and malicious websites are blocked by security solution with embedded Web/URL
filtering functionality like ACDS Cyber Protect Cloud

It also helps to remember that the information you really want regarding COVID-19 or similar pandemics can be
found from official sources like the World Health Organization (WHO), your national ministry of health, and
state/local government agencies. Refer to those official agencies rather than opening links or emails from unknown
sources.

3. Be sure to have good anti-malware up and running properly
Having a good anti-malware solution installed is a must nowadays. With Windows, where the majority of threats are
targeted, the built-in Windows Defender makes it easier. It does a good job of stopping threats, although it still
cannot match the top anti-malware products from security vendors. ACDS Cyber Protect Cloud delivers many
well-balanced and finely tuned security technologies, including several detection engines, so we would
recommend it to use instead of an embedded Windows solution.
Simply having an anti-malware defense in place is not enough, however. It should be configured properly, which
means:

  • A full scan should be performed at least once a day
  • A product should be connected to its cloud
    detection mechanisms, in the case of ACDS Cyber
    Protect to ACDS Cloud Brain. It is active by default
    but you need to be sure that the internet is available
    and not accidentally blocked by anti-malware
    software.
  • A product need to get updates daily or hourly, depends
    how often they are available
  • On-demand and on-access (real-time) scans should be
    enabled and adjusted for every new software installed or
    executed.It is also important that you do not ignore
    messages coming from your anti-malware solution. Read
    these carefully and, if you use a paid version from a
    security vendor, be sure that license is active.

4. Patch your OS and apps
Keeping your operating system (OS) up to date is crucial, as a lot of attacks succeed due to unpatched
vulnerabilities. With ACDS Cyber Protect, you’re covered with embedded vulnerability assessment and patch
management functionality. We track all identified vulnerabilities and released patches, which allows an admin or
technician to easily patch all their endpoints with a flexible configuration and detailed reporting.
ACDS Cyber Protect not only supports all embedded Windows apps, but also more than 40 third-party key popular
apps including all telecommunications tools like Zoom or Slack, and a lot of popular VPN clients that are used to
work remotely. Be sure to patch high-risk vulnerabilities first and use success reports to confirm that patches were
applied properly.
If you don’t have ACDS Cyber Protect and do not use any patch management software, it is much harder. At a
minimum, you need to be sure that Windows gets all the updates it needs and they are quickly installed – users
tend to ignore system messages, especially when Windows asks for a restart. Ignoring these requests is a big
mistake.
Also, be sure that auto-updates to popular software vendors like Adobe are enabled and such apps like PDF
Reader are also updated promptly.

ACDS Cyber Protect Patch Management supports all the popular collaboration, conferencing and messaging tools

5. Keep your passwords and workspace to yourself
While this step has been mentioned many times as the top piece of security advice, during the response to
COVID-19 it is doubly important to ensure your passwords are strong and known only to you. Never share
passwords with anyone, and use different and long passwords for every service you use. Password management
software makes this easier. Otherwise, an effective approach is to create a set of long phrases you can remember.
And when we say long, we mean long, since the old eight-character passwords are easily opened by brute-force
attacks now.
Also, even working from home, do not forget to lock your laptop or desktop and limit access to it. There are many
cases when people can access sensitive information on a non-locked PC from a distance. Don’t assume you are
protected simply because you are not inviting anyone you don’t know or trust into your home oce.