[vc_row][vc_column][vc_column_text]This is part of our ongoing conversation about the worldwide challenges of working remotely. To stay up-to-date on the latest insights, refer to our live page for COVID-19: Cybersecurity Community Resources.
As organizations around the world transition to remote work en masse, cybersecurity professionals are focused on securing their workforces more than ever. Continued business productivity should not come at the expense of data and system protections.
On March 26, VMware Carbon Black hosted an open ask-me-anything webinar on the topic of “Enabling Employees to Work Remotely, Securely”. Cybersecurity experts Tom Kellermann and Rick McElroy discussed the top 10 measures individuals and organizations can take to bolster their resiliency, and then opened the forum to a live Q&A session with attendees.
10 Home Security Tips for Remote Work
Working from your home desk instead of the office? Here are the top ten ways you can sharpen your defenses against cyberattacks when working apart from your usual secure networks and devices.
“We need to practice digital distancing within our home environment. No longer should your work devices be on the same network that your children’s or spouse’s devices are on, nor your smart devices. They should be completely isolated, digitally distant.”
Q&A Session
In the ask-me-anything webinar, audience members raised their major questions for Tom Kellermann and Rick McElroy. Here were a few common concerns addressed.
Q: Are BYOD policies as risky as they once when trying to protect company assets from personal assets, especially when considering that the workday is bleeding beyond the regular 8 hours, and people are on devices – corporate and personal – longer throughout the day?
Tom Kellermann: My concern is specific to the non-state actor who is leveraging phishing or watering hole attacks specific to mobile applications to get into the device, and to activate proximity settings. I’m concerned about the capacity for proximity attacks to increase. It’s not just limited to mobile devices, it’s includes the smart devices in your homes, smart speakers, smart TVs, etc. And these are more likely to be targeted, especially with the absence of security controls on them, and the fact that we are all – literally – on house arrest so we can save our neighbors.
Rick McElroy: Corporations have maybe not allowed some of these devices into certain rooms. “Don’t deploy a listening device while having sensitive conversations.” But now, there is this risk of information loss just by having open discussions in a home instead of one that you would facilitate in a room with maybe five people.
Tom Kellermann: You should have one room in your house that is a digital safe room. And that digital safe room should not have any smart devices in it, with the exception of the mobile phone that you bring into said room to have that serious conversation regarding strategy, crisis management, vis-a-vis your company.
Q: Should SOC teams triage their alert queues more frequently, since users are now outside the normal perimeter protections in place?
Rick McElroy: The short answer to that is yes. I think you should start to triage your alerts differently, as risk has increased in a certain area. The issue that’s really going to come in is: There are a lot of playbooks that have been automated. There are a lot of processes put in place, because if you have done your job as a SOC team over the last three to five years, you’ve matured them. You’ve put practices and processes in place based on your users’ behavior over time.
However, the number of home systems that are already “owned” is massive. So someone might have gone home, and they already have malware on that system, a C2 channel, and now it’s connecting to all things work-related. What I would say is: Keep notes of lessons learned, any new processes you’ve put in place now. There will come another time when we’ll send our constituency of workers home, and you’re going to benefit from those insights later on.
To hear more of the questions and answers covered in the AMA, you can find the full webinar recording here.
Stay in the Loop
Didn’t make it to the AMA in March? Make sure to register for our upcoming webinar on Wednesday, April 22nd: “Working Remotely, Securely: How to Protect Distributed Endpoints.”
With global circumstances around COVID-19 constantly evolving, VMware Carbon Black is committed to keeping you in the loop with open access to resources and tools so that you can keep your organization secure. Check out our live page for recent updates.
[/vc_column_text][/vc_column][/vc_row]