Posted by Chris Ripkey on May 12, 2020 10:00:00 AM
By now, you are in the midst of working from home and trying to define what the “new normal” looks like for you and your family. Reflecting on what that has looked like for me over the course of the past month, I noticed some details that raised my level of concern.
I recently noticed a post my son made on Instagram regarding his top four influential albums coupled with a picture of Bill Clinton. Even though I didn’t know any of the albums he listed, it made for a great conversation piece. The interesting part is what I noticed in my Cisco Umbrella logs the next day:
What I noticed was that Umbrella had blocked the domain, as it was newly seen. Newly seen domains are a first step for bad actors in releasing malware. Umbrella always blocks newly seen domains until Cisco Talos (Cisco’s Threat Intelligence Team) can analyze them. Upon further investigation, you can see the output of the intelligence of the domain. The one glaring piece that stuck out to me was that the site shares information with malware domains.
The next day, I received a ransomware-type email to my personal account stating that if I failed to pay a ransom to the website included in the email, they would release my password information to the public. Upon looking into the data in the email, I noticed that the password included in the email was one that I had not used in three years. According to SpyCloud, I noticed that the username/password combination was included in a security breach from back in 2012. Bad actors recently have been using old breach data to lure you into new malware attacks.
So, what is the point of all this?
Like most of you, I have been working from home since mid-March and have established a new level of comfort with my work environment—but that comfort can come at a cost if we forget that we are accessing company data and working from a company-owned device. If I had opened that email or decided to share my own top four albums with an image I found online, who knows what would have happened? This would be especially concerning if I had done that from my corporate device. With that in mind, here are some things to remember when working from home:
- Bad actors are using the COVID-19 pandemic to ramp up their attacks. Email phishing attacks remain the number-one method for delivering viruses to end users. 94% of all cyber-attacks start with email. Always inspect emails, attachments, and their links before clicking on them. If you feel the email is unsafe, then it most likely is, and you should treat it as such. Examples of current campaigns include:
- Fake updated corporate policy emails
- Links to purchase testing kits
- Posing as a State/Local Government entity
- Ransom for outdated username/password combinations (old password ransom emails)
- Understand your surroundings. Remember your corporate device is now primarily connected to the same network as your family’s devices and all the non-work-related traffic that comes with it. Most likely, you are not connected to the same level of corporate security controls that exist when you are in the office, so keep that in mind when conducting non-work-related activities on your device. Your home network is a bridge to the corporate network when accessing company data from a corporate device.
- If your company has not provided enhanced security tools, such as Cisco Umbrella’s Roaming Client or any next-generation Anti-Malware product, consider using OpenDNS to protect your home network. OpenDNS is Cisco Umbrella’s free service that provides name resolution protection against malware and includes category-based content filtering. You can find more information here.
- Consider using a tool like SpyCloud. SpyCloud keeps you up-to-date on where your email address, password, and personal identifying information may have been compromised in a security breach. SpyCloud has a free personal option for use at home, as well as an enterprise-grade option for businesses to identify where their data has been exposed.
- Most importantly, if your device has been infected with ransomware or malware when working from home, contact your IT Helpdesk immediately. It is very important that you maintain your composure. The sooner you report it, the better the chances of controlling the incident.
- And lastly, enjoy the time with your family and be safe!
For more information on ConvergeOne’s security offerings, including our Secure Remote Workspace solution, please contact firstname.lastname@example.org.
WITH CONVERGEONE, NOW YOU SECURE YOUR REMOTE NETWORKS
Special offers are now available to help you develop your remote worker and mobility strategy!