10 Tips to Shrink Attack Surface by Prioritizing Digital Hygiene
Originally published to Toolbox Security on June 4, 2020 by Chris Bowen, Chief Privacy & Security Officer and Founder, ClearDATA
Digital hygiene is as important as physical hygiene. ClearDATA’s founder and Chief Privacy & Security Officer Chris Bowen gives his take on digital threats associated with the pandemic and the risks and mitigation efforts.
By now, we’ve all settled into the life of the remote worker, carving out a quiet (sometimes) space in our homes for daily work and video meetings. It’s been a big shift for a lot of us, but we’ve been able to make much of the work being created from home mirror what we accomplished in the office. Let’s raise a glass for technology keeping us productive.
Now ask yourself how much do the security protocols you’ve put in place at home mirror what you have in the office? For many, the answer is, home is sadly lacking. With most of the U.S. workforce working remotely, hackers have turned their attention to home-based vulnerabilities that we need to shore up.
Here are just a few good housekeeping tips you can do to protect yourself, your organization, and your data while working remotely.
1. Like the separation of church and state, it makes sense to separate your work devices from your personal devices to protect both. Use your work laptop for work. Only. And vice versa for personal devices. Fight the urge to check into your Facebook account or your Gmail from your work laptop.
2. Speaking of social media – no need to pepper Instagram with selfies of your remote workplace. So often people expose something doing this that they had not intended. You can often read what is on a monitor in photographs.
3. Secure your devices. A lot of folks I’m seeing on zoom meetings are sitting outside getting a breath of spring’s fresh air and working at the same time. Don’t leave your laptop sitting on the porch while you go in for lunch. Always secure your laptop. In the healthcare industry alone, millions of patient records have been lost in the last five years because of stolen laptops.
4. Update your software immediately when your system or your helpdesk asks you to and be sure you have vulnerability scanning software in place. The patches in those updates often fix bugs that provide inroads for cybercriminals to access your system.
5. Use a VPN or other secure network to access documents from the office.
6. Use multi-factor authentication (MFA) when accessing shared drives or storage. Many MFA software solutions come with an app that can be loaded to your smartphone and as you login in, it just pushes a second authentication to your phone.
7. Passwords should not be your pet’s name, your phone number, your address, or your name. Use passwords that contain at least 8 letters and numbers with special characters and change them often. Shockingly, the most common password in the world is still 123456.
8. Get smart about phishing attempts because the bad guys are getting smart about you. You will likely receive at least one phishing attempt during this time of remote work. Read the email carefully before clicking any links. Check for misspellings – often a sign of cybercriminals at work. If the email is steering you to a governmental agency with COVID-19 information, for example, don’t click the link. Go directly to that agency via your browser and check there for updates. One very damaging and successful phishing attempt began with “New case of coronavirus near you” in the subject line. Hover over the “sent from” email and make sure it’s authentic. When in doubt, throw it out.
9. Was your modem and router set up with a unique and strong password and then you switched to your phone number? It’s time to switch back to hard passwords. Let’s make it tougher for the bad guys to get in. Switch it now to something less obvious and less available.
10. Zooming? Go to settings and force a password for all meetings. The password is loaded right into the link and meeting attendees only need to click once to enter. Once your meeting attendees are all in you can also toggle over to Manage Participants and click Lock Meeting. This keeps lurkers where they belong: outside of your private meeting.
Obviously certain kinds of work require far greater protection and your IT team can help you configure what you need for extra security protocols, especially if you are interacting with protected health information (PHI) or sensitive personal data. A security risk assessment this summer will help healthcare systems like hospitals and insurance companies put the compliance health of their organization back in order. With technology solutions like ClearDATA Assess, we can create collaboration and accountability in security by identifying where risks may have risen during the WFH stint and then mitigate it together.
We’re all dealing with enough challenges and stress right now. Let’s do our part to reduce the stress on our organization by guarding our data as we work remotely.