decrypting myths
patches in a
timely manner,
including on
mobile devices
and any other noncorporate
devices they
might use for work.
Secure your Wi-Fi access point.
People should change their
default settings and passwords
in order to reduce the potential
impact on their work of an attack
via other connected devices.
Use a Virtual Private Network
(VPN). VPNs can help create
a trusted connection between
employees and their organisations
and ensure ongoing access to
corporate tools. Corporate VPNs
provide additional protection
against phishing and malware
attacks, the same way corporate
firewalls do in the office.
extending the same network security
best practices that exist within the
enterprise to all remote environments.
These critical capabilities include:
• An ability to securely connect users
to their business-critical cloud and
on-premises applications, such as
video teleconferencing applications
increasingly relevant for remote
work environments.
• Endpoint protection on all laptops
and mobile devices, including VPN
tools with encryption.
• An ability to enforce multi-factor
authentication (MFA).
• An ability to block exploits, malware
and command-and-control (C2)
traffic using real-time, automated
threat intelligence.
• An ability to filter malicious domain
URLs and perform DNS sinkholing to
thwart common phishing attacks.
How individuals can respond
Individual users must be empowered
to follow the guidance provided to
them by organisations and take
preventative measures.
Maintain good password hygiene.
Employees should use complex
passwords and multifactor authentication
where possible and change these
passwords frequently.
Update systems and software.
Individuals should install updates and
Be wary of COVID-19 scams.
We’ve seen phishing emails,
malicious domains and fake
apps out in the wild already.
Threat actors love to exploit real
world tragedies and COVID-19 is
no different.
Don’t mix personal and work.
Employees should use their work
devices to do work and their personal
devices for personal matters. If you
wouldn’t install or use a service while
you’re at the office, don’t do it while at
home on your work device.
Taking these relatively straightforward
steps at both an enterprise and
individual level should help address
some of the most common security risks
facing our home-working environments.
We should also recognise that our threat
environment is not static, which means
it’s important to keep a close eye on
evolving threats to avoid unnecessary
additional costs and disruptions in a
time when we can least afford them. u
www.intelligentciso.com | Issue 28
69