With the semester coming to a close, we’re all anticipating some relaxation for the summer. For many, that means going on a much-deserved vacation. With the ability to work remotely, you may also have some work pending with deadlines while traveling. While working remotely can offer many benefits, such as flexibility, convenience, and more family time, it can also pose many risks for business network security. Unsecured networks, devices, and applications, along with a lack of awareness, compliance, and support are all risks with remote work. Network security is a crucial aspect of any organization’s IT infrastructure, but there are enhanced risks and challenges when employees work remotely. In this article, we will explore some of the main challenges and risks of network security for remote work and how to mitigate them with best practices and policies in preparation for the summer.
First, let’s look at some of the stats to understand the seriousness of the impact on business and our daily lives.
Fig. 1: Estimated cost of Cybercrime. Fig. 2: Work culture stats in the U.S.
Consider the intersection of these two charts. Fig. 1 shows that the cost of cybercrime is increasing at an alarming rate every year worldwide. Fig. 2 indicates that businesses are adapting to hybrid work culture which means more employees will be working remotely – maybe even you! You are a greater target than ever before.
- Why should we protect our work network ?
Educational institutions and medical services are the top targets of cybercriminals (Source: hstoday.com) and it’s important for us to keep our network secure.
With the COVID-19 pandemic, remote work and the hybrid work model have become more common for employees, but also allowed for more cyberattacks to occur. While there is a cost to the institution when a cyberattack occurs, there is also a cost to your personal life.
Threat actors can leak your private information on the dark web (such as your bank account information, card numbers, SSN number, personal information) through a cyberattack on your work or personal network. They can also install malware and viruses on your work or personal devices, allowing them to freeload off your internet and slow down the devices’ performance. Threat actors can even use your network to commit cybercrimes such as DDoS attacks.
- How can we protect the University network ?
Fig. 3: Three ways to protect your organization while working remotely. (Source:warrenaverett.com)
- Use one of the University-provided VPNs (see the next section) to create a secure link between you and the University before logging into your UDel work portal. This is especially important when using public WiFi!
- Install recommended antivirus software to protect your personal system from malware and other viruses.
- Keep your systems and mobile devices up-to-date by installing the latest updates.
- Do not download any untrusted software or email attachments on your system.
- Always enable two-factor authentication for new accounts while registering.
- Do not use your UDel email for personal purposes on third party websites.
- Never share confidential information over an unsecured network.
When in doubt, contact your unit’s IT Professional for any questions or assistance. If your unit does not have an IT Professional, send a message to askit@udel.edu.
For any suspected phishing emails, forward the emails to reportaphish@udel.edu.
➢ Free tools and recommendations from UD (UDeploy):
- Free VPNs: Cisco AnyConnect & Palo Alto Global Protect for Faculty-Staff & Students.
- For personally-owned devices only: The University recommends staff and students use Windows Defender on Windows Computers and install antivirus software (such as Avast) on macOS systems. Use the UD UDeploy website for installing trusted software that complies with UD policy.
- You may also use the University’s remote UD Lab computers (www.udel.edu/remote-labs) from anywhere to access licensed versions of software.
- For University-owned desktops and laptops, be sure CrowdStrike is installed. If you have questions, check with your IT Pro.
➢ Thieves are getting more advanced in gaining access to your phone to steal data and make fraudulent transactions. Do you know what to watch out for?
Fig. 4: Image depicts thief looking into an iPhone. (Source:The wall street journal)
As we approach the summer holiday season, thieves and hackers will be more active than before. In recent news, a report highlighted that thieves watch iPhone owners enter their passcodes, then steal the target’s iPhone. In fact, 99% of the cellphones that are stolen have been iPhones, as per the Minnesota Police Department. Once the thieves have the phone PIN, they have full control to change the PIN and set a new recovery key, which will lock you out from your Apple account. You will not be able to track your iPhone using Find my Phone as it can be disabled in settings.
The recovery key is an optional security key which can protect you from online hackers. It is disabled by default, but you may enable it in settings to give additional security protection to your Apple account. By doing that, you must provide a 28-digit key to change your Apple account password.
Although the recovery key is set up, it’s still not enough to protect you from thieves as it can be reset with your iPhone login passcode. So what should we do to protect ourselves and the UD network? Before that, let’s understand the consequences of losing your iPhone.
➢ What are the consequences of losing your iPhone?
Threat actors may attempt to:
- Change the password of your Apple ID which provides access to all your photos, videos, Apple Wallet, Find My Phone settings, iCloud, etc.
- Gain access to all of your saved usernames and passwords, including your UD credentials, Multi-Factor Authentication app, bank login credentials, etc.
- Gain access to your bank account to make fraudulent transactions.
- Obtain PHI/PII information that is saved in your phone or iCloud.
➢ What precautions should you take to prevent this from happening?
- Use facial authentication to unlock your iPhone when you are in a public place to avoid disclosing your PIN.
- Use Anti-Spy Privacy Screen Protector and always make sure that no one is spying into your phone while typing the PIN.
- Make your passcode at least 6 digits long.
- Remove any saved credit or debit cards information in the saved username and password list from the iPhone and move them to a trusted third party password manager.
- Use App Lock apps as a second layer of PIN authentication to protect your sensitive apps from unauthorized logins.
- Use parental controls on yourself and set the screen time—this will limit use of your accounts. Note: keep a unique passcode for screen time.
- Use an antivirus app to protect yourself from threat actors uninstalling the antivirus app itself by enabling the anti-theft feature. Note: keep a unique passkey with the antivirus app.
- Immediately report suspicious activity to your bank and block your cards. Also, report it to the UDIT team (askit@udel.edu) to lock your account or change the password for any UD phone that is assigned to you.
By keeping these points in mind, we can defeat the hackers and enjoy a secure remote work environment.