{"id":2527,"date":"2020-07-28T08:59:57","date_gmt":"2020-07-28T12:59:57","guid":{"rendered":"https:\/\/zzzptm.com\/wordpress\/?p=2527"},"modified":"2020-07-28T08:59:57","modified_gmt":"2020-07-28T12:59:57","slug":"5-ways-coronavirus-remote-work-can-compromise-your-security","status":"publish","type":"post","link":"https:\/\/zzzptm.com\/wordpress\/?p=2527","title":{"rendered":"5 Ways Coronavirus Remote Work Can Compromise Your Security"},"content":{"rendered":"\n<p>Can&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/coronavirus\">coronavirus<\/a>&nbsp;COVID-19 impact your network? The short answer is &#8220;yes&#8221;, if your firm hastily adopts a&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/remote\">remote<\/a>&nbsp;work&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/policy\">policy<\/a>&nbsp;without considering some&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/common-sense\">common sense<\/a>&nbsp;security precautions.<\/p>\n\n\n\n<p><strong>1. No personal&nbsp;<\/strong><strong>email<\/strong>. The only exception for this would be to contact helpdesk about being unable to&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/access\">access<\/a>&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/corporate\">corporate<\/a>&nbsp;email. Personal email is not typically set up to properly archive and retain messages that could later be subject to a&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/legal\">legal<\/a>&nbsp;hold. The very use of personal email for&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/business\">business<\/a>&nbsp;purposes can potentially expose your firm to&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/liability\">liability<\/a>&nbsp;costs that would exceed the value of whatever business you planned to get done.<\/p>\n\n\n\n<p><strong>2. No personal file sharing<\/strong>. This is right up there with personal email. Personal anything is not allowed for business use, mmmkay?<\/p>\n\n\n\n<p><strong>3. No Remote Desktop Protocol (RDP) use over unsecured Internet<\/strong>. If I had a nickel for every person that told the&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/network-team\">network team<\/a>&nbsp;to open up port 3389 on the&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/firewall\">firewall<\/a>&nbsp;so that they could work from home, I&#8217;d be comfortably well off. Yes,&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/rdp\">RDP<\/a>&nbsp;means you can access your&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/desktop\">desktop<\/a>&nbsp;or&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/server-2009\">server<\/a>&nbsp;from home. It also opens up great work from home capabilities for attackers. They&nbsp;<em>will&nbsp;<\/em>guess your&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/username\">username<\/a>&nbsp;and password. It&#8217;s only a matter of&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/brute-force\">brute force<\/a>&nbsp;time.<\/p>\n\n\n\n<p><strong>4. No low-security options on the VPN configuration<\/strong>. While I&#8217;ll allow you to use RDP through a&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/vpn-connection\">VPN connection<\/a>, I&#8217;ll only allow it if your&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/vpn\">VPN<\/a>&nbsp;is not just&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/secure\">secure<\/a>, not just really secure, but only if it is&nbsp;<em>really really&nbsp;<\/em>secure. That means not just IKEv2 and the best&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/aes\">AES<\/a>&nbsp;that your system will support, but also secured&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/authentication\">authentication<\/a>&nbsp;that uses more than a username\/password combo. Let there be a&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/certificate\">certificate<\/a>&nbsp;or software&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/token\">token<\/a>&nbsp;as part of 2-factor authentication.<\/p>\n\n\n\n<p><strong>5. No split tunnels<\/strong>. It&#8217;s tempting to let a local&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/isp\">ISP<\/a>&nbsp;handle all the&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/facebook\">Facebook<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/youtube\">YouTube<\/a>&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/traffic\">traffic<\/a>&nbsp;that&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/users\">users<\/a>&nbsp;consume in between&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/productivity\">productivity<\/a>&nbsp;spurts, but don&#8217;t. Either pass all that traffic through your own&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/network\">network<\/a>, or block it with a message that VPN&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/bandwidth\">bandwidth<\/a>&nbsp;is limited due to whatever reason you want to provide in order to justify&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/blocking\">blocking<\/a>&nbsp;that traffic. My point being that a split tunnel approach allows for an&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/attacker\">attacker<\/a>&nbsp;on the&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/internet\">Internet<\/a>&nbsp;to bridge their&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/attack\">attack<\/a>&nbsp;through your user&#8217;s PC.<\/p>\n\n\n\n<p>Can there be more possible pitfalls? Sure. These are just the five biggest ones. If your firm is anticipating a stretch where a large percentage of&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/employees\">employees<\/a>&nbsp;must work remotely, then take the time to bake some security into that plan so that reducing&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/health\">health<\/a>&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/risk\">risk<\/a>&nbsp;doesn&#8217;t increase IT risk.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Can&nbsp;coronavirus&nbsp;COVID-19 impact your network? The short answer is &#8220;yes&#8221;, if your firm hastily adopts a&nbsp;remote&nbsp;work&nbsp;policy&nbsp;without considering some&nbsp;common sense&nbsp;security precautions. 1. No personal&nbsp;email. The only exception for this would be to contact helpdesk about being unable to&nbsp;access&nbsp;corporate&nbsp;email. Personal email is not typically set up to properly archive and retain messages that could later be subject to [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-2527","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2527","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2527"}],"version-history":[{"count":1,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2527\/revisions"}],"predecessor-version":[{"id":2528,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2527\/revisions\/2528"}],"wp:attachment":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2527"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2527"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}