Cybersecurity in Your Suddenly Remote Workforce

by | May 5, 2020 | Security

  1. Introduction
    • Serve one man bands and organizations with up to 75 staff members
    • All clients have security systems in place
    • We hold cybersecurity classes in our office
    • Our client base went from 87% office based to approximately 20% office based within a week using their work laptops or home computers secured using solutions outlined in this presentation
  2. Most important agenda item: Your staff needs training!
    • Staff should know the primary intrusion vectors used by evildoers
    • Staff should understand what tools are used to protect their systems
    • Inform staff what tricks are employed by the evildoers
    • What staff should do in case of an attack
    • Your IT firm should provide the training
  3. Primary attack vectors
    • Email phishing
    • Fake sites
    • Passwords
    • Out of date software
  4. Email Phishing
    • Email from familiar name
    • Hijacked servers
      – Server hijack – rare
      – Fake servers – much more common
    • Hijacked mail clients
  5. Fake sites
    • Misspelled site loads malware on your computer – for example: goggle.com
    • Text or email sends you to a site using a trusted redirection service like mailchimp or bit.ly
    • Free software download sites
  6. Passwords
    • Sites have been hacked or sold. https://haveibeenpwned.com
    • Using the same password in multiple contexts – banking, social media etc
  7. Out of date software
    • Windows / MacOS / Android / IOS are complicated ecosystems, with lots of hooks
    • Programming languages such as Java, Flash, Net framework etc
  8. Solutions
    • Endpoint protection from a trusted provider: ESET, Trend Micro, Sophos, McAfee
    • Security firewall in front of your mail server
    • Proper configuration of your mail server’s DNS settings
    • Password Manager – Lastpass for families, small business can share company-wide credentials
    • Use clever pass phrases for password manager master passwords, for example: “0 S 233 Church Street”,  Spaces are OK
    • Use the password manager to create unique secure passwords: a^Git!4SF4cK9Iqsq0aalv
    • Professional operating system configuration to ensure operating system & third party utility updates are applied
    • System replacement if you cannot run Windows 10 1909 or MacOS Catalina
    • System backups
    • Multiple layers, for example endpoint protection, protects from harmful websites, you should also employ DNS filtering from another provider to protect your systems
    • TRAINING
  9. When something goes wrong: Alert your IT provider, don’t ask your co-workers to look at a website or email
  10. The suddenly remote workforce needs to be following the same guidelines we follow in our offices every day, all day, your home workers need to be working from devices as carefully protected as your office devices.