Cybersecurity and Remote Working

As the business world shifts to online collaboration, cybersecurity is more important than ever. I am humble enough to know when a topic is over my head, and it just so happens cybersecurity is one of those topics. That’s why I reached out to an expert in the industry, Randy Pargman, the senior director of threat hunting and counterintelligence at a friend of akhia’s, Binary Defense.
If Randy’s title wasn’t impressive enough, he’s been interviewed by a variety of different media including Reader’s Digest and CNBC, all around the topic of cybersecurity, so I was extremely thankful he took the time to speak with me for a Q&A. He provided so much great information, hopefully you find his tips as useful as I did!
Considering everything that is currently happening in our world, can you give us a brief overview of the current state of cybersecurity?
Randy – “While changes to work arrangements and anxiety about the rapidly changing situation across the world present challenges, some people who wish to profit from others’ troubles have seen opportunities to take advantage of the situation to break into computers and steal private data. This behavior is reprehensible, but fortunately we can all still practice good habits to keep our computers and data safe from those who would try to steal it.  Since criminals are trying to trick those they target into opening dangerous files or installing software, we can be aware of these tricks and not fall for them. These types of attacks are not new; only the pretext stories used to trick people have adapted to world events. Look out for scams that offer work from home, fake applications to receive unemployment or government stimulus checks, and any email that appears to come from the CDC.“
When working from a remote location, we often hear the term VPN. Can you please give us an overview of what exactly this is and why it’s important?
Randy – “VPN stands for “Virtual Private Network” – this can be confusing because there are two types of VPNs that people might encounter, and they have different uses. One kind of VPN you may have heard of is a commercial service for individuals that lets you browse websites without revealing your IP address. That’s not the kind of VPN we’re talking about. The important type of VPN that enables work from remote locations is a software program provided by your company’s IT department that, when you run it and log in using your username and password, establishes a secure connection to your company’s corporate network and allows you to use the internal resources (such as private database applications and other intranet web applications) that are usually only available to computers connected to the network inside the company’s buildings. This is important because there are sensitive or private sources of information available inside the company’s network that should not be exposed to the internet, and the VPN gives remote workers a secure way to access that information. Attackers frequently try to trick company employees into giving up their password to access the VPN, because that gives the attacker a way to steal sensitive information. It is important to only enter your password in the VPN program provided by your IT department, never in a program or a website that someone emailed to you. It is safest to use a VPN that requires not only a password, but also a temporary code sent to your phone. Even if your password is stolen, attackers can’t use it to log in as you without that extra code.”
There are a lot of people currently being forced to work from home. Are there any things to keep in mind from a cybersecurity standpoint?
Randy – “If possible, only use a company-provided computer to log in to your corporate resources. Companies with strong security programs or a third-party security provider will have installed endpoint monitoring software on company-owned computers and will monitor for any suspicious events that happen on those computers to keep them safe and quickly detect attempted attacks before they can cause widespread damage. On whatever computer you use, be sure to have an antivirus program installed and up to date. Install all of the software updates that are available for your software, especially email and web browsers. Most of these updates fix security problems that, if you leave them unfixed, can allow an attacker to take advantage of the security flaws to gain control of your computer and steal information. Check the router (the box from your internet service provider that connects to the outside line) to see if security updates are available and install those.”
Are there any red flags people should be on the lookout for in terms of email, websites, etc.?
Randy – “As always, be cautious with any email sent directly to you that has an attachment or links to download a file. Email is the most common way that attackers target potential victims to compromise computers. Most often, the attacks that we see use a Word or Excel file that will run malware if the “Enable Content” button is pressed. The attacker will try to convince the recipient to click that button, so any message you receive that makes a big effort to convince you to click “Enable Content” should raise red flags. The other most common technique we see is for a malicious executable (.exe) file to be hidden inside a zip file. Be careful not to double-click files inside a zip file, especially if the file extension is .exe, .bat, .vbs, .vbe, or .ps1. All of those files can run harmful code on your computer and give an attacker remote control of your files.”
What are some of the best practices/common mistakes you recommend/see from people working remotely and in the office to ensure strong cybersecurity?
Randy – “One best practice is to use chat or a phone call to verify any strange-sounding instructions received over email before carrying them out. Attackers may send email to employees at a company they are targeting stating that a new procedure is about to be implemented for payroll that requires all employees to reenter their bank information in a new website, or log in to a new website with their corporate account password to set up some new service. If it seems a little strange, use chat or a phone call to quickly bring it to your manager’s attention so that if it is a trick, other employees can be notified not to fall for it. Don’t reply to the suspicious email to check if it is legitimate. Watch out for email messages that come from outside your company but use a display name or similar email address to make it appear that they are from inside your company.
Carefully check the address of any website that appears to have an Office 365 login page. We often see fake login pages that look very convincing, but they are set up on websites that are not operated by Microsoft and a careful check of the website address is the only clue that reveals the trick.
If you have been tricked into giving up a password, inform your IT team right away and ask them to help you reset your password. Attackers can be quick to make use of stolen passwords, so prompt notification is the best way to cut their access short and mitigate any harm that they may have already started.
Don’t install apps on your phone that you downloaded from a website or received links to in an email or text message. Go to the app store (for iPhones) or Google Play (for Android) to find well-reviewed apps. The iPhone won’t even allow you to install apps from other sources (unless it is jailbroken) because they can be so dangerous. Malicious mobile apps can steal passwords, private photos and documents, listen in on conversations and calls, or lock up your phone to demand a ransom.”
Is there anything I didn’t cover that you think people need to know?
Randy – “Cybersecurity can seem confusing and difficult, but you don’t have to understand everything about it to practice safe habits and keep your company’s data safe. Being aware of the tricks that attackers try and thinking twice before opening attachments or clicking links from email go a long way to protecting computers whether they are remote or in the office. If your company has an IT security team or a security service provider that watches over all the company’s computers around the clock, you can feel even more confident that attempted attacks will be quickly detected and stopped.”