©2020 Manufacturer’s Edge
Spring training and MLB opening day may be postponed due to COVID-19 health concerns for a couple of weeks—or months—but following similar guidelines can keep proprietary business information safe at home when telecommuting.
Disinfect Contact Surfaces
Check your antivirus software (AVS)
- PC Magazine publishes an annual review of AVS products—some free, some for-fee. Products are assessed for how they handle malware (malicious software), spyware, and adware defenses– how well they block known as well as very new 100 malware-hosting URLs (captured by https://www.mrg-effitas.com/). Results vary with respect to performance during lab-based versus hands-on testing. https://www.pcmag.com/picks/the-best-antivirus-protection
- Some computer platforms arrive with default AVS—Windows 10, for example, with its Microsoft Windows Defender Security Center. It operates if no other AVS is installed with options for quick, full, and custom scan options, in addition to the offline scan option for persistent malware. The offline scan mode reboots the system and launches before Windows loads.
Patch your software
- Yes, software updates are not always what I would call upgrades—and some do revert certain settings to “default” rather than the more privacy-forward settings that I prefer. Still, maintaining at-home home computing equipment to at least the same protected level as in-office equipment is acting responsibly.
- Configuration management (CM) is one of the control families in the NIST SP 800-171 guidelines and in the Cybersecurity Maturity Model Certification (CMMC). NIST SP 800-128 focuses on secure configuration management. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-128.pdf
Harden your home (consumer-grade) WiFi router
- Rename your home so that an opportunistic hacker cannot pinpoint your network.
- Change the default password to something difficult to guess and use encryption (at least WPA2).
- Create a guest network—or if too many have shared your only network, create an at-home office network to limit content sharing when working remotely.
- Activate the router’s built-in software firewall and consider purchasing a hardware device to install between your modem and WiFi access point.
- Disconnect your router occasionally to improve performance—or if you did not heed the 2018 FBI warning about a global botnet. https://www.digitaltrends.com/computing/how-to-reset-your-router/.
- Protect communications from interception, misdirection, or eavesdropping by using a virtual private network (VPN) tool to create an encrypted tunnel (think wearing gloves or covering a sneeze with a tissue or sleeve) through which messages can travel securely.
- Segregate and protect confidential business files that contain trade secrets, personally identifiable information, financial transaction data, or other proprietary information using built-in password protection or encryption tools. Another approach is to “air gap” and backup these files by saving them to an external, encrypted hard drive that is not connected to the Internet.
Limit social contact
- Parents joke (?) about the germ factories that our children and grandchildren represent. With schools at all levels extending spring break, it can be tempting to let the restless and bored young people use personal—or business—computers for entertainment. Set boundaries around children’s use of any computing devices (including smart phones) that are also used for transmitting and/or storing business information.
- Beware of fraudulent emails or text messages that purport to carry information about the novel Coronavirus. They may link you to a computer virus! Always check the sender’s complete identity—not a truncated version—when using small format devices. Also, check the URL that is being referenced in an email or text message. Your reply might not be going where you think>
Avoid mass gatherings
- Sadly, there are despicable, technically savvy predators who are taking advantage of the human need for information during this COVID-19 high-alert period. Although it’s tempting to download apps—including apps with maps—to track the virus’ spread, malicious dashboards are circulating that contain AZORult malware for Windows.
- Take the pro-active approach to seeking information updates by logging onto official websites like the US Center for Disease Control at the state or federal level (CDC) https://www.cdc.gov/ or the World Health Organization (WHO) <https://www.who.int/> for daily updates.
- Safe at Home is a 1962 sports comedy film that featured Mickey Mantle and Roger Maris, with appearances by William Frawley (AKA Fred Mertz in I Love Lucy), Whitey Ford, and Ralph Houk.
- Spyware runs the gamut from keystroke loggers to Trojans that mine your personal data. Android banking Trojan toolkits, for example, can be purchased by black-hat (evil) hackers for about $200.
- Truncated message headers use applications like TinyURL or Bitly to abbreviate sender and target website details, often due to message space limitations (e.g., Twitter constraints). They can also be used to disguise suspicious use and redirection to malicious URLs, however. Google shut down its URL-shortening service, Goo.gl, due to misuse.
- Watering hole attacks are characterized by malicious (poisoned, essentially) websites that are built to attract visits from those interested in a certain topic or news items. They often proliferate around sporting events with spoofed websites—think Olympics or NCAA March Madness—or celebrity updates. Our desire for information about COVID-19 developments makes faked virus update websites a useful ploy for bad actors.