As we continue to work from home, employees are reminded to assess home security measures on a weekly basis to update and/or add any defenses accordingly. This practice is especially important as firms and their employees are exposed to an increasing number of Covid-19 phishing scams and cyberattacks that are becoming more and more sophisticated and convincing by the day. To help protect yourself and your company, we’ve compiled several best practices for maintaining a robust security profile when operating from home, as well as shocking Covid-19 phishing scams we’ve come across in the past 30 days.
Beware of Phishing Emails
Cybercriminals are getting creative as they prey on users’ vulnerability during this difficult time. Below are subject titles from real phishing emails Eze Castle Integration has observed over the past 30 days:
- Covid-19 Relief measures: FINANCIAL SUPPORT WITH HSBC
- Supplier-Face Mask/Forehead Thermometer
- Small Business Grant/ Testing Centre Vouchers
- COVID-19 Everything you need to know
- Breaking!!! COVID-19 Solution Announced by WHO At Last As a total control method is discovered
Protecting Yourself from Phishing Scams
Look out for tell-tale signs such as poor spelling and grammar, unrealistic claims, threatening, or urgent language used in the email. And, follow the list of don’ts below to avoid getting hooked:
- Do not open emails from unknown senders
- Do not open unusual emails from known senders
- Do not trust the sender’s address – this can be spoofed very easily
- Do not trust the padlock icon in the search bar – numerous phishing sites now have this displayed!
- Do not open attachments in suspicious emails
When in doubt, check with your IT department or provider, who will be able to help you with determining user authenticity.
Security Essentials Not to be Overlooked
#1 Remote Access
We recommend remote desktop/application virtualization as the most secure enabler of remote access, with an entire environment stored in a datacenter. Additionally, all web traffic is tracked by a corporate firewall and intrusion detection system to ensure complete safety when remote working.
The remote desktop and application virtualization access also eliminates the following risks associated with working from home:
- Lack of control over passwords, screen lock, account lockout etc.
- Malware from unfiltered home network
- Attackers pivoting from home to corporate network
#2 Home Network
Adhere to the following advice and tips from our security experts to keep your home network safe from intruders:
- Keep operating systems and applications up to date
- Use an anti-malware solution on your endpoints, making sure all features are enabled and definitions are up to date
- Use DNS filtering on your machines or set it up at the router level
- Use full disk encryption on all devices if possible
- Ensure wiring closets and ISP hand-off points are secured
- Consider using MAC address filtering
#3 Effective WiFi Management
Here are some pointers on how you can you manage your WiFi for complete protection:
- Change the default username and password on your wireless router
- Disable remote management
- Use WPA2 or WPA3 for wireless traffic encryption
- Use lengthy and complex wireless passwords
- Disable WPS and UPnP
- Keep separate networks for your computers, IoT devices, and guests
- Routinely monitor who is connected to your wireless network
#4 Protecting your IoT Devices
Hints to protect your devices at home:
- Change default passwords on all IoT devices
- Keep your IoT devices on a separate wireless network or VLAN
- Restrict information sharing between IoT devices and 3rd party vendors
- Use a firewall where possible, especially as hackers are seen to be intruding through less strong devices such as external cameras and smart doorbells
To learn more about how to protect yourself and your company from unwanted cyberattacks, watch our recent webinar for MassBio members here.
About the Author:
Kamyar Kojouri
Director of Security Operations at Eze Castle Integration
Kamyar is the Director of Security Operations at Eze Castle Integration. He has over 15 years of experience in IT with a focus on Systems Engineering, Systems Architecture, and Cybersecurity. He started his career as an independent IT consultant for small businesses before transitioning to the financial services industry, working at Moore Capital Management, and Eze Castle Integration. He holds a B.Sc. in Computing and Information Systems from the University of London, and is an Offensive Security certified ethical hacker, Microsoft Certified Systems Administrator, and Cisco Certified Network Associate.