Are we there yet? Not so much.
Does anyone else feel like an extra on the set of Groundhog Day? Governor Polis just announced today an executive order for mandatory face masks in Colorado. The new requirement is for any Coloradan older than 10 years old and goes into effect at midnight, July 16. Our state’s case data have started to show the rate of increase that we experienced in April. We’re not home safely yet.
The cybersecurity implication is that those of us who can will likely continue to work from home—outside the information protection commonly offered by commercial technology installations: robust wireless routers, monitored firewalls, regular file scanning when a device logs onto the network. At the same time, those with bad intentions continue to step up their activity level. We’re on an interesting journey. Here are some recommendations from the US Cybersecurity and Infrastructure Security Agency (CISA) and the US Department of Homeland Security to make the trip safer.
VIDEOCONFERENCING BEST CONFERENCES[i]
- Only use approved software and tools (including video conferencing tools).
- Restrict invitations and send passwords individually.
- Maintain control over attendee microphones, screen sharing, recording, file sharing.
- Require a single-use meeting password and “waiting room” feature.
- For meetings initiated by third parties, use browser connection (don’t download software)—and don’t use work email to sign up for free tools.
- Verify the accuracy of links sent via email.
- Protect the confidentiality of proprietary content. Check your background surroundings for proprietary information (e.g., whiteboards with component diagrams).
- Move, mute, or disable virtual assistants and security cameras that may be voice-activated.
- Consider using headphones.
- Change default settings for your broadband router and WiFi network; update router software and use robust passwords and generic names.
- Only use organization-approved collaboration tools (including but not limited to chat and video conferencing platforms).
- Use your organization’s approved methods and guidelines for sharing files and copying individuals on messages.
- Do not forward work emails to a personal email account.
- Log off your remote connection at the end of the workday.
- Only connect work devices to a network you are in complete control of (e.g., home network). Do not connect to a network you do not own and control (e.g., public Wi-Fi).
- Use devices owned, managed, and protected by your agency, such as laptops or smartphones whenever possible.
PERSONAL DEVICE BEST PRACTICES[iii]
- Require passwords to log into the device, use strong passwords, and use unique passwords for different accounts. If family members must share the device, create a separate account for them.
- Close all work-related windows, applications, files, and documents when not in use.
- Clear browser cache when switching from work to personal use Only use non-privileged profiles for daily activities and only use elevated privileges when administering the device.
- Close nonwork-related windows and applications before and during work-related use of the personal equipment.
- Keep the operating systems and all relevant applications up-to-date and fully patched.
- Activate automatic patching and running of anti-virus software.
TELEWORK WORST PRACTICES[iv]–DO NOT DO THE FOLLOWING!
- Use your company’s desktop session for non-work-related activity (e.g., social networking, audio, and video streaming, personal shopping).
- Leave company proprietary printed materials unprotected at home.
- Send unencrypted, sensitive content (e.g,. PII or PHI).
- Dial into phone or video conferences uninvited; always announce your name/affiliation
- Share devices (e.g. with family or other household members) that are used for work.
- Forward work emails to a personal email account.
- Leave your computer unlocked when unattended.
- Connect to a network that you do not own and control (e.g., public Wi-Fi)