The novel coronavirus (COVID-19) has impacted nearly every facet of our daily lives. Our physical health and that of our loved ones is of the upmost importance as this disease spreads. As such, for many of us, our work arrangements have changed dramatically. As millions across the world adjust to working from home, cyber criminals are attempting to take advantage of the situation. It is an unfortunate reality, but a reality that we can hopefully protect ourselves from. Here are a few tips focused on protecting your cyber health during the COVID-19 pandemic.

Check Your VPN Configurations

Numerous companies have moved their employees to work-from-home arrangements over the last few weeks. For many, this shift had to be done without much time to prepare. As such, we strongly recommend reviewing your VPN configurations to ensure you are not potentially leaving an opportunity open for a criminal to exploit the situation.

Companies: Now would be a great time to review your perimeter firewall rulesets, check VPN client configurations, and take a look at network traffic logs periodically for suspicious activity. As always, we recommend that multi-factor authentication is used for authenticating remote access to corporate networks and that connections leverage strong cryptography to protect data transmission.

Employees: Make sure that you are using a strong and unique password to authenticate to your work's network. It is imperative that you do not share VPN authentication credentials to anyone. Additionally, we recommend making sure that if you are handling sensitive data (confidential documents, PII, HIPAA PHI, PCI DSS CHD), that you take care to only do so while connected to the appropriate and secured networks.

Keep Software and Devices Updated

Millions of employees are remotely connecting to workplace networks all over the world. These networks and the devices that facilitate them are significant targets for bad actors. As noted above, many companies shifted to remote work rapidly with little time to prepare.

As employees continue to work from home, we strongly encourage everyone to be diligent in updating software, operating systems, and devices — this is key to protecting your cyber health during COVID-19. Now more than ever, essential systems such as edge network devices, DMZ servers, and employee workstations are critical to protect.

Consider signing up for automatic notifications from vendors when updates are released and establishing a routine patching and update process if one is not already in place.

Look Out for Phishing

Emails, phone calls, texts, and IMs – in order to stay in touch with colleagues and clients, communication technologies are essential tools during quarantine. Equally, criminals have been leveraging weaknesses in these tools to launch phishing campaigns against employees.

We highly recommend continuing to remind employees to be on the lookout for phishing attempts. This is especially true as employees begin to utilize new communication technologies that they may not be as familiar with in the workplace.

As a reminder, never click on links or files that you don't recognize and/or did not request. When in doubt, it is always best to check with the other party through a different communication channel to confirm the legitimacy of the contents. It never hurts to be extra careful!

Protect Web Conferencing Information

As workplaces adapt to the changing work environment, the use of web conferencing tools such as Zoom, Webex, GoToMeeting, and Microsoft Teams has skyrocketed. However, at the same time, scammers have intensified their efforts to disrupt and cause chaos on these services. These attacks, coined "Zoombombing" by the media, can be incredibly embarrassing, inappropriate, and are often offensive.

Help prevent potential embarrassment and protect your web conferencing tools!

The easiest and most effective way to prevent "Zoombombing" is to protect key meeting details such as invite links, phone lines, and credentials. Meeting invites and URLs should never be shared via public channels such as social media or company websites.

Additionally, consider turning on a "Waiting Room" feature if your service offers one so that you can screen who is attempting to join the meeting.

Some of these services have the ability to "lock down" the meeting once it has begun. This prevents additional attendees from subsequently joining and may help prevent a malicious person from joining the call. If your web conferencing tool offers this ability, consider using this feature for the most important and sensitive meetings.

Have a Remote Technology Use Policy

With employees working from home, the lines between work and personal lives are easily blurred. As such, now is a great time to either review your Technology Use Policy if you already have one or establish one if you do not have one in place.

A Technology Use Policy that clearly defines what behavior is acceptable and who is approved to use your company's technology is highly recommended. In a work-from-home situation, even if employees have been trained in proper cybersecurity best practices, it is likely there are other individuals in the household who have not. Having clear policies established that prohibit employees from allowing others in their household to use their work computers may help keep workstations and the networks they are connected to secure.

We at Delap wish everyone the best with both your physical and your cybersecurity health! We hope you find these tips useful for protecting your cyber health during the COVID-19 pandemic and beyond. Check out our covid resources page for more free insight and information:

About Delap Cyber

For over 25 years, Delap has provided cybersecurity expertise to organizations across the world, ranging from small businesses to Fortune 100 corporations. We leverage our collective experience to craft a comprehensive service with the goal of significantly reducing your company’s risk of attack or breach.

Delap Cyber provides consulting, assurance services, forensic investigations, breach response, and managed cybersecurity services to businesses throughout the United States. Our solutions are designed to provide peace of mind by implementing multiple layers of controls through specifically selected, implemented, managed, and monitored tools by security professionals.

You’ve spent your life building your business. Let us help you protect it.