27-Mar-2020
For everyone, however, this unfamiliar situation also means stress and change, as processes, technologies and behavior patterns are not yet established. In addition, this unusual situation will probably continue to exist.
This article will therefore attempt to provide an overview of how to make teleworking safe and use time and resources in the best possible way to guard against cyberthreats and poorer (broad) perimeter protection.
Now is the time to position yourself strategically and process-wise appropriately in order to be resilient to increased attack scenarios through decentralized working.
A small tip for handling:
If necessary, put a yes – done, a commotion – still open or a "not possible" at the end of each list item to get an overview and thus gain control and self-determination.
1. As bureaucratic as it sounds, binding and clear regulations concerning IT security and data security should be communicated in writing to all persons concerned in organizations at the latest now.
2. Clarify responsibilities and contact persons in the event of any loss of components and reporting channels. These communication channels should be known to all employees – and should be verifiable by them.
3. Employees should be encouraged to take certain safety measures themselves, even while working from home. These include physically securing the workplace against access, i.e. locking doors and locking screens. It is also advisable to cover the webcam on the computer or laptop and to position screens to prevent any outside view.
Decentralized working provides an ideal basis for various attack scenarios, from outdated technical infrastructure that is not secured by the company network, to unsecured routers and WLAN connections to unencrypted data media, to CEO fraud, ransomware and classic phishing mails. Employees have an increased need for information - at the same time; organizations must promote their security awareness.
4. Secure your home WLAN by changing the default administrator password, enabling WPA2 encryption and using a strong password. Instructions on strong passwords follow below.
5. Protect against attacks that aim to obtain information and data that contain references to passwords, bank accounts or access to systems and applications. Especially point out CEO Fraud.
Social engineering is one of the biggest risks in the home office, especially in times of dramatic change.
Attackers deceive and cheat in order to encourage employees to behave incorrectly. Email phishing is a partial aspect, but it is also important to be especially careful with phone calls, SMS, social media content and fake messages distributed via Messenger in corporate applications used for collaboration.
6. Use secure communication channels to access corporate resources. Use so-called Virtual Private Networks (VPN), which act as "intermediaries" to establish connections between the end device and the company network via a "secure tunnel".
7. Secure passwords additionally protect applications from unauthorized access. Establish complex and unique passwords and additionally use multi-factor authentication (MFA or 2FA).
Passphrases are good passwords because they are as long and complex as possible and use random words or phrases. We encrypt data media! or no cells-in-exel-connection are examples for this.
Both are strong, with many characters, easy to remember and type, but difficult to crack. Supplement them with symbols, numbers or capital letters. If a unique password is required for each of your required applications, a password manager is highly recommended, i.e. a program that stores passwords in a kind of safe and retrieves them automatically when needed - and unique passwords are always recommended.
Otherwise, an attacker will only need to successfully compromise one website you use to get all passwords, including yours, and then simply log on to all other accounts successfully. At haveibeenpwned.com you can quickly check whether this has already happened.
If you are using a password manager, it is best to protect it with a strong passphrase and a two-step verification.
8. Updated operating systems, web applications and apps: Make sure that the technologies you use are up to date and that updates carried out regularly. Employees should always work with the latest system version.
Recommended, further information
The Federal Office for Information Security (BSI) has made measures available for download as PDF files.
Alexei Balaganski, Lead Analyst at KuppingerCole, has summarized current developments under the title "Ransomware during the pandemic crisis".