[vc_row][vc_column][vc_column_text]It’s no secret that the way the world works has shifted since COVID-19 came on the scene. Operations are going remote and, for many government and federal agencies, this is new territory. This novelty is compounded by the fact that nation-state attacks are—and have been—on the rise for quite some time. These nefarious actors are taking advantage of the current upheaval of processes to launch novel attacks against government agencies and remote personnel. Federal employees are now on the frontlines of a long simmering cyber-insurgency.
Bryan S. Ware, Assistant Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA) stated:
“Network infrastructure devices, such as virtual private network solutions, have been a frequent target of interest by a diverse group of malicious actors who can initiate attacks from anywhere in the world. With many businesses choosing remote or alternate work options to limit disease spread related to COVID-19, it is imperative they make risk-informed decisions on how to implement virtual private network solutions with a heightened level of security. One of the foremost responsibilities of CISA is to focus on the greatest threats and vulnerabilities facing the nation and help organizations manage their own risk. We cannot effectively achieve this mission without successful collaboration with our industry and government partners.”
Federal employees must take responsibility for ensuring the security of government agencies. This requires that, as an employee, you adapt how you work to ensure continuity of operations and protect the mission of your institution.
Here are the best practices for staying secure as your workspace shifts to your home:
- Leverage a VPN. With so many employees working remotely now, using a virtual private network (VPN) can help better secure internet connection and keep private information private via encryption. Public WiFi can be a gamble as it only takes one malicious actor to cause damage. See CISA recommendations on VPN security.
- Install and Update Security Software. It’s important to install security software on every device you use and stay abreast of the latest updates. You should update all your software weekly—this includes applications. Per regulations, these updates should go out every Tuesday evening.
- Separate networks. Every router has two networks. When working from home, make sure that you put your laptop on one network, and all other devices on the second. Additionally, you should be the only systems administrator on your network and all devices that connect to it.
- Update passwords frequently. You should be changing your passwords every few months—a practice that becomes more important when you leave the agency network. You should also update your router password—use a full sentence for maximum security.
- Two Factor Authentication (2FA). 2FA adds an additional step to the process of accessing critical data. The first step being a username and password, and the second step being additional verification (like a pin or a push). Enabling 2FA ensures that the user logging in as an employee is truly who they say they are.
- Use Firefox for web browsing. Because Firefox is open sourced, it is constantly being updated and perfected to ensure privacy. Other browsers are less airtight more vulnerable to attack. Think of Firefox as your bullet-proof suburban, and the rest of the browsers are being motorcycles…which one would you ride to work?
- Turn on a firewall and use encryption. Firewalls exist on the perimeter of your network and ensure only authorized traffic has access to it. Encryption provides you with increased confidentiality—by scrambling information it makes it harder for an third party to get their hands on it.
- Have a safe room—no smart devices allowed. Use this room to protect your critical assets. When you’re going to have a call about confidential operations/strategy, do it here. This makes it less likely that your devices can be tapped and used to access operations critical information.
Cyberspace is has become increasingly hostile, we all have a role to play to protect national security by protecting our home’s digital environment.
And, for more resources about working remotely, and how VMware can help, check out our Cybersecurity Community Resources page.
For more resources around COVID-19, working remotely, and how VMware can help, check out our COIVD-19 Cybersecurity Community Resources page.
[/vc_column_text][/vc_column][/vc_row]