CDW is pleased to partner with Cisco on our new podcast, Get IT: Cybersecurity insights for the foreseeable future. This six-episode series features cybersecurity experts from CDW and Cisco discussing trends and hot topics in the security space.
In the series premiere, Endpoint Security Best Practices for Remote Workers, Theo van Wyk and Chris Graziano from CDW and Mike Storm from Cisco share home network security best practices and discuss cybersecurity risks to be aware of when working from home. Here are some of the topics they tackle in Episode 1.
Can working from home be just as secure as working from an office?
It really depends on the technology and the protocols that you’ve put in place. With today’s technology, and a lot of work from home procedures, there’s definitely the capability of being just as secure at home as you would be in an office environment.
With that said, it’s important to understand the security posture of the company that’s hosting the remote access. What security profiles are being used, how communications are occurring, is it being backhauled, is it split tunnel. A lot of those variations can not only put the user at risk, but could potentially risk company assets as well.
Pros and cons of a VPN when it comes to network security
The great thing about a VPN is it provides a secure channel between endpoints, between sites. The problem that you have with VPNs is, depending on how those endpoints actually interact with the VPN, you can actually cause more damage.
You really have to determine what your security posture should be and make sure you’re extending that level of protection all the way down to the end user.
VPN offers secure access from the edge of your laptop to the edge of the network. Anything that’s happening inside of the laptop potentially is not protected by the VPN.
Cybersecurity threats related to videoconferencing
Many threat actors are now using vulnerabilities in videoconferencing tools to infiltrate meetings and listen in to conversations. The best practice is to ensure that all videoconferencing software that you are using at home, both for business and personal, has been updated to the latest supported version.
As long as vendors work on patching these tools as fast as they can and we keep updating them, these platforms will be a lot more secure than even a month or two months ago.
In the meantime, treat your virtual meeting space the same as a physical meeting room. If someone walks into a meeting room, you’d stop and ask who they were. If someone gets up and leaves, you would take note of that. And use passwords to control access, like you would close the door of your meeting room, so people don’t just walk in or can overhear your conversations.
The importance of creating strong, unique passwords
The big mistake people make is they use the same email address and password for different sites. Hackers just have to make sure you’re a user of that site, then they can try not only the password they stole, but in looking at your data, they can understand your password tendencies.
Keeping passwords unique can be cumbersome, but for every site, everything should have a different password and it should be complex. It should be impossible to remember. A password management tool can help you with this.
Also, if any of your accounts offer multifactor authentication (MFA), you should set it up. MFA prevents thieves that have your email address and your password or use a credential stuffing attack to get into your account because that account is set up to ask you for an additional form of verification. This makes it more difficult to get your information than another potential target.
Attackers have a finite amount of resources and time, so they’re trying to find the path of least resistance. If they’ve got 10,000 user accounts, and a bunch of them have MFA, unless they want to specifically target you – which is extremely rare – they’re going to move on to somebody else and find an easier target to compromise.
Email security and how to spot a phishing attack
- Take a look at email headers and see who the message is coming from. If you’re not familiar with the address, there’s a good chance it could be malicious.
- Make sure you don’t click any links within an email. Especially if you’re not sure if the sender might be malicious.
- Beware of embedded graphics – this can be another method of attack.
- Many phishing emails want you to do some kind of urgent action, which could put you at risk; either clicking a link, opening an attachment or sending money somewhere. Take a step back, think twice and really take a good look at the email to make sure it’s coming from the person you believe it’s coming from.
- Don’t forget the human element. If you have any doubt, pick up the phone and call. Call the bank, call your boss, call the person who sent the email. Sometimes a simple phone call can prevent a major security breach!
Security best practices for smart home devices
When it comes to cameras and microphones, think about where you are pointing it. If someone was able to compromise this device, how would you feel about it? If it’s a camera monitoring a storage shed, that might be a different risk profile than a wireless nanny cam that’s pointing at your child or a laptop webcam when you’re working with your children in the room.
Ensure you’re using reputable vendors. There are a lot of third-party vendors being sold online, and the security policies for some of these tools are not as strong as those of the more well-developed technologies.
Read the manuals for all of these devices. Change default passwords. And if you’re using an email account to access your device remotely, use a unique password.
For more insights on endpoint security, listen to Episode 1 now. And keep an eye out for more cybersecurity podcasts in this series!