[nexa] Top Tips for Cybersecurity when Working Remotely — ENISA

Alberto Cammozzo ac+nexa at zeromx.net
Sat Mar 21 11:00:32 CET 2020


One of the key preventative measures for the spread of Covid-19 is
social distancing. Luckily, in this increasingly connected world we can
continue our professional and private lives virtually.  However, with
huge increases in the number of people working remotely, it is vital
that we also take care of our cyber hygiene.

Awareness and preparedness are both vital - use the CERT-EU News Monitor
to stay updated on the latest threats and check the following basics:

    Secure wifi connection. Most wifi systems at home these days are
correctly secured, but some older installations might not be. With an
insecure connection, people in the near vicinity can snoop your traffic.

    Fully updated anti-virus system in place.

    Up to date security software. Security tools such as privacy tools,
add-ons for browsers etc need to be up to date. Patch levels should be
regularly checked.

    Remember to back up periodically. All important files should be
backed up regularly. In a worst case scenario, staff could fall foul of
ransomware for instance. Then all is lost without a backup.

    Lock your screen if you work in a shared space. (you should really
avoid co-working or shared spaces at this moment. Remember, social
distancing is extremely important to slow down the spread of the virus).

    Make sure you are using a secure connection to your work environment.

    Check if you have encryption tools installed.

Things employers can do:

    Provide initial and then regular feedback to staff on how to react
in case of problems. Who to call, hours of service, emergency procedures
and how they evolve.

    Give suitable priority to the support of remote access solutions.
Employers should provide at least authentication and secure session
capabilities (essentially encryption).

    Provide virtual solutions. At the EU Agency for Cybersecurity, we
use electronic signatures and virtual approval workflows to ensure
continuous functionality.

    Ensure adequate support in case of problems. This may require
setting up special rotas for staff.

    Define a clear procedure to follow in case of a security incident.

    Consider restricting access to sensitive systems where it makes sense.

Covid-19 Phishing Attacks

It is important to step up awareness of digital security during this
time as we have already seen an increase in phishing attacks. We
recommend, as far as possible, to not mix work and leisure activities on
the same device and be particularly careful with any mails referencing
the corona-virus. Attackers are exploiting the situation, so look out
for phishing emails and scams.

In the current situation, one should be suspicious of any e-mails asking
to check or renew your credentials even if it seems to comes from a
trusted source. Please try to verify the authenticity of the request
through other means, do not click on suspicious links or open any
suspicious attachments.

    Be very suspicious of mails from people you don't know- especially
if they ask to connect to links or open files (if in doubt phone your
security officer).

    Mails that create an image of urgency or severe consequences are key
candidates for phishing - in these cases always verify via an external
channel before complying.

    Mails sent from people you know, but asking for unusual things are
also suspect - verify by phone if possible.

More information about the nexa mailing list