Technology has increased our ability to work from remote facilities, cafes, restaurants, hotels, public or private transportation, and our homes – both nationally and internationally. As the demand to work remotely increases, the need for security also increases. The potential for the loss of information or system compromises substantially increases the moment a system or device leaves a Laboratory facility.
We are frequently reminded about the ever-increasing cyber and physical threats throughout the world. However, it is very easy to forget about those dangers when we are focused on a task or in a comfortable environment. We have to keep our guards up at all times, because criminals are always looking for their next target.
Here’s an example of a potential threat to personnel working remotely.
On nice day, you decide to leave the office early and take your assigned laptop with you. As you are driving down the road, you notice your favorite café has its outdoor seating open for service. You decide that you just cannot pass up the opportunity to enjoy the nice weather, have a latte and pastry, and catch up on some of your work in a relaxing atmosphere.
After you place your order, you decide to connect to café’s free Wi-Fi. You have used it many times and know they have great service. As you attempt to connect, you notice multiple access points. Some of the access points are obviously not managed by the café, but there are several that use the café’s name. You select the first one from the list, believing it is the correct one, but it’s actually a rogue Wi-Fi hotspot.
A rogue Wi-Fi hotspot is a common way that hackers or other criminals take advantage of open Wi-Fi networks. This is often done near high traffic Wi-Fi networks. The individual creates their own public Wi-Fi network that appears to be safe to use and often give it a legitimate name to trick you. The criminal can view your traffic and see the information that you send, while you are connected to the Wi-Fi, such as credit card numbers, passwords, emails, or other sensitive information.
During a recent Cyber Security Conference, Kevin Mitnick, a well-known hacker turned security consultant, author, and public speaker, demonstrated how easy it is for a hacker to tap into your network, read email, steal your passwords, and review anything sent through unencrypted email or posted online.
With today’s readily available technology and tools, it doesn’t require the skills of a hacker to gain access to information. Although sometimes it could be as simple as someone shoulder surfing you at the airport, airplane, café, or hotel lobby. They can easily obtain your login credentials and other confidential information, without your knowledge, by simply sitting behind or beside you and watching everything you do.
The following guidelines should be followed, when you are working remotely:
· Updates and patches – Always verify that your computer and devices are maintained with the latest software updates, including applications, operating systems, and antivirus software.
· Password usage and safeguards – Protect your PINs, pass codes, and passwords from unauthorized access. No one, other than you, should use your credentials, passwords, and devices. Avoid using autocomplete features that remember credentials.
Secure connections and web browsing – When working remotely using your workstation, you should use a VPN connection, prior to accessing sites on the Internet and validate that the VPN function is activated.
· Shoulder surfing – Methods to prevent unwanted onlookers, including family and friends, from seeing work or personal information, includes:
– Tilting your screen away from any potential shoulder surfers
– Utilizing a privacy screen for electronic devices and cover sheets for printed materials
– Creating a physical barrier using something you may have with you, such as a notebook, to block your screen
– Working with your back to a wall to prevent anyone from standing behind you
– Waiting until you reach a more private location to access your systems or devices
Comments