Threat Matrix: November Edition
Threat Matrix: New Wi-Fi Attack Methods, Audible Scams, and More
As organizations of all shapes and sizes across America move to virtual operations to address risks posed by recent challenges, many realize they need to take steps to engage and motivate employees. At the same time, they need to sharpen their focus on managing their increased vulnerabilities to cyber-threats by having employees work from home.
Here are six keys for organizations that are expanding their work-from-home options for employees as remote work becomes the new norm for many:
1. Help employees choose the appropriate home wi-fi security. Modern routers come with a plethora of wireless security options. If you navigate through your home router’s security settings, you may see keywords such as WEP, WPA, WPA2 Personal and WPA2 Enterprise. For most at-home setup, the right balance between security and ease of use is Wi-Fi Protected Access 2 (WPA2) Personal. This mode of wireless security only requires a single passphrase for access and uses as of yet unbroken encryption, so you can be confident neighbors and passersby are not encroaching on your traffic.
2. Beware of using public hotspots. Now that Comcast has opened its nationwide hotspots for free, the chance of an employee accessing a public hotspot has dramatically increased. Because most public hotspots are not WPA2 secured, there is a risk your traffic can be seen by others sharing the same network. While there are some system-level data that can be leaked on a public hotspot, the most important information resides in your browser. Thus it is key to use at least a browser-level VPN to ensure all traffic leaves your browser encrypted.
3. Help employees preserve the social bonds they have in the workplace. When working remotely, social bonds established by employees may become disrupted. Certainly, it’s challenging to empathize with a username or to get motivation from reading through an elongated email thread.
To combat this, try to leave time at the end of a weekly all-hands meeting to have team members share their life experiences. Firms in which employees frequently work remotely use video conferencing to share details on personal milestones, such as engagements, weddings, births, birthdays, as well as weekend and holiday plans to maintain social bonding and team camaraderie.
4. Defend your inbox. Phishing was the most dangerous attack vector in 2019. That’s unlikely to change in the new reality of the pandemic. Indeed, 2020 has already seen a rash of coronavirus themed phishing attacks. Employees generally can’t verify emails with coworkers in the next cubicle, let alone in a neighboring town or city. Thus, businesses need to deploy an inbox defense solution that can handle remote access by employees who may be using personal computers. Be sure your inbox defense solution operates on email links, language, attachments and metadata and it integrates well with your preferred web client (GSuite or Outlook Web App).
5. Post an employee task list.A key challenge of managing a virtual work environment is for managers to understand what each of their team members is doing at any point in time. Having a robust task management system such as JIRA can help. You can also have all team members post their list of tasks on Slack each day. At the end of the day, they can indicate what they accomplished and the status of what’s still in process. The daily list fosters an atmosphere of accountability and makes it easy for team members to ask for help with any tasks that require additional support or input.
6. Strengthen your internet security by bringing the firewall to your employees. In the office, corporate workstations hide behind an enterprise firewall, which handles both proxying and content filtering. The firewall stops wayward employees from wandering into malicious and questionable websites and helps anonymize their presence on the internet. Unfortunately, remote workers can’t depend on enterprise firewalls for protection. So, it’s important to push enterprise firewall capabilities down to the laptop level. When selecting a host-based firewall, look for a feature set that matches the enterprise firewall it replaces. Recommended capabilities include blocking malicious domains, realtime threat updates, and content filtering. Finally, with the proliferation of HTTPS, choose a firewall with Layer 7 capabilities so it can inspect traffic within encryption. Layer 7 simply refers to software and programs the employee will actually see while proceeding with their daily work.
It’s certainly overwhelming to move from a hub-centric model to a distributed workforce. The good news is that, while most professionals are accustomed to a more traditional setup, many other businesses have already made these adjustments and the various technical challenges associated with a remote workforce have been addressed.
While we continue to encounter unprecedented hurdles for all businesses, remote work and security should not be among them.