[ALERT] ADVISORY ON STAYING CYBER SAFE WHEN WORKING FROM HOME

Submitted by irteam on Fri, 04/03/2020 - 21:32

Background

With the ongoing COVID-19 outbreak and in view of Brunei's Ministry of Health advisory to implement social distancing measures, many organizations are encouraging or requiring staff to work from home for an indeterminate amount of time.

However, remote working creates additional opportunities for cyber threat actors to perform malicious cyber activities by exploring open vulnerabilities in less secured networks, thus gaining access to users’ data or the organization's network.

Below are some security measures that can be applied:

  • Use a corporate laptop for work
    • Avoid using your personal computer as it may have limited security controls in place. But if you have to, then manage the control settings as securely as possible. Make sure it is password-protected and never leave it unattended.
  • Manage your activities
    • Do not mix work and leisure activities on the same device, and never allow other members of your household to have access to your dedicated work equipment.
  • Use secure connections
    • Use organization-designated VPNs and avoid free, public Wi-Fi. If VPN is not available, make sure all communications are done via encrypted email or PGP encryption.
  • Protect your home network
    • Secure your router. Change the default name and password, update the firmware and turn on encryption (WPA2 or WPA3).
  • Update all software
    • Update and install patches for your operating system and software/programs immediately to reduce malware infection. Set it to update automatically. Remove unnecessary or seldom used programs if possible.
  • Strengthen passwords
    • Make sure your passwords are long, strong and unique. Use at least 12 characters with a combination of numbers, symbols, upper and lowercase letters, and never reuse your password for multiple accounts.
  • Secure files
    • Remember to periodically back up your data. Store files in two different storage locations, with at least one copy located off-site i.e external hard disk. Having data backups will help prepare you in case of a ransomware attack. Make sure to securely store paper-based files and documents too.
  • Mute the microphone and cover your webcam
    • After teleconferencing, make sure to mute the microphone and cover the webcam.
  • Secure your device
    • Lock the screen or enable screensaver mode if you are taking a break, and don’t forget to shut down your machine at the end of the day.
  • Be vigilant to COVID-19 themed cyber threats
    • Always be very suspicious of emails from people you don't recognize, especially if it requires you to download a file or click a link. If you receive an email sent from someone you know but asking for something unusual, verify it with that person over the phone. Make a habit of verifying via other channels if you receive an email with an image of urgency.