Posted by Stephen Palamara, TCC Director of Business Development

The Coronavirus outbreak has added to an already plentiful array of cybersecurity threats. Employers are responding to the outbreak by allowing or mandating remote working. I recently read an article on the Security Magazine website that outlines the top ten threats and the recommended solutions. https://www.securitymagazine.com/articles/91999-the-top-10-employer-cybersecurity-concerns-for-employees-regarding-remote-work

We looked at the first five in a previous blog post. Here are the last five:

  • Patch Frequently – “the IT department should be patching often. While this is a good general practice, it is particularly critical at a time when attackers are aware of a unique window of opportunity presented by remote work. They will be using commandeered machines to scan traffic for opportunities. Ironically, opportunities are often identified by reverse-engineering software patches released by the major vendors. For this reason, IT departments have to be particularly vigilant while business is being conducted remotely.”
  • Monitor Electronic Traffic – “the IT department should be monitoring traffic continually. Like vehicular traffic, electronic traffic exhibits typical patterns over time. Occasional deviations from the norm are expected. But IT staffers have the experience to appreciate which deviations may signal a security concern. For instance, a programmer who had “outsourced” his own job overseas was identified when IT noticed that his login tended to exhibit maximum activity late at night Eastern Standard Time. It is to deny observers such clues that the Pentagon reportedly generates “white noise traffic” to camouflage activity fluctuations. Unless an employer is in a particularly sensitive business, such measures are not required. But the IT department must be vigilant to phenomena such as the exfiltration of large data files.”
  • Secure a Private Space for Work Discussions – “not all damage comes from electronic attacks. Humans are social. Employees like to talk. And jobs tend to be a favorite subject of discussion. In the office environment, this is rarely an issue. But remote employees need to adjust to their new environment. They must remember that loose lips sink ships. Work talk should be limited to private spaces.”
  • Be Sure Vendors Adhere to Security Standards – “virtually every employer depends on vendors and contractors. Even the Central Intelligence Agency and the National Security Agency use “green badges” (contractors). Contractors and vendors have access to the same data and networks that employees do. Employers should ensure that vendors are contractually obligated to adhere to the same security standards as full-time employees. This would include everything from not using public WiFi to limiting their access to relevant silos.”
  • Train on Security Fundamentals – “security is a people business. Most breaches can be attributed to human error. From an NSA employee leaving highly classified hacking tools on an open server, to a helpful Apple employee resetting a password for an imposter, the best-intentioned people make mistakes. The opportunities for such mistakes rise exponentially when employees are working remotely. The only cures are simple. Employees must be trained, and periodically retrained, in the fundamentals. And they must rely on checklists. After all, the Commander of Air Force One uses one while landing the President of the United States. Employees should use one before shutting down for the day. The job they save could be their own.”

To find out more about TCC Security Services please visit our website https://www.e-tcc.com/security-services.

 

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s