Securing Devices at Home
0 likes118 views
The document discusses essential strategies for securing devices and mitigating risks associated with remote work. It emphasizes the importance of preparedness, understanding common cyber threats, and implementing security measures such as strong passwords, two-factor authentication, and secure VPNs. Additional tips for protecting files and devices are also provided, along with recommendations for maintaining security during virtual meetings.
Securing Devices at Home
- 1. Securing Devices at Home Date: October 22, 2020
- 2. About Me – The Speaker 2 Rory Ebanks, M.Sc., B.Sc., CCISO, CEH, CHFI, ECSA , CND, CISSP, CCSP, CISM, CISA , CSX, AZ -900 Director Information Security Advisor y Symptai Consulti ng Limite d
- 3. Focus Areas 3 1. Preparin g for Remote Work 2. Understand in g the Risks of working remote ly 3. Mitigati ng the Risks of working remote ly 4. Protect ing files and device s 5. Additional Tips 6. Q&A
- 5. 5 Is your business prepared to work from home? • What are the services that are critical to your operations? • What processes are important for the services to be effective? • Who are the people that are important to the process and service? • Can the services be offered remotely? (Cloud, VPN, Terminal Services, etc.) • Do the employees have devices to access the services remotely and are these company owned or personal devices? • If they are personal devices, do they meet your organization’s minimum- security requirements? • Do the employees have adequate Internet access? • If services are not in the cloud can your infrastructure support remote connections? • If remote services are new to your organization have you taken precautions to ensure that your implementation does not expose your organization and its information assets?
- 6. Understanding the Risks of working Remotely
- 7. 7 Understanding the Risks While there are many potential solutions to getting your organization up to speed with security in this new reality, we should first understand some of the common cyber-attacks being utilized today. Social Engineering Malware Remote Service Attacks Brute Force Attacks
- 8. 8 Understanding the Risks Social Engineering
- 9. • Malware is a malicious computer program or software with the intention to cause harm to a computer or to retrieve information from the computer. Malware Understanding the Risks 9
- 11. • Remote service attacks are where cyber criminals attempt to identify and exploit any remote services which may be in use by an organization. Remote Ser vic e Attacks Understanding the Risks 11
- 12. Shodan - RDP
- 13. • Brute force attacks involve guessing various usernames and password combinations until the correct combination is identified to access any site or service protected by passwords. Brute Force Attacks Understanding the Risks 13
- 14. Mitigating the Risks of working Remotely
- 15. 15 Mitigating the Risks Two-factor Authentication (2FA) Enabling multi-factor authentication (MFA) is a straightforward way to ensure that the only person who has access to your account is you. Least Privilege Use access control limitations and grant access to resources only on a need to know basis. Strong Passwords A strong password must have a minimum of 10 characters and consist of a mixture of uppercase, lowercase, numbers and have special characters (such as #, @, &). VPN If possible, require the use of a secure VPN to establish a connection to the resources. Backup All important files must be backed up regularly and stored s eparately from the system being backed up. Protect files backed up by encrypting these files with a password.
- 16. 16 Mitigating the Risks Suspicious emails Avoid opening suspicious emails or attachments, do not click on links in emails or text messages which you were not expecting or comes from an unknown sender. Enable Security Tools Configure anti- malware or anti-virus software and disk encryption on all laptops and mobile devices. Update Keep all devices up to date with the latest system updates and patches Secure home Wi-Fi network Change your home Wi-Fi and the router default password Video conference securely * Ensure there is no sensitive information in your work area or in view of the camera. * Use a headset when conducting conference meetings * password- protect meetings
- 18. 18 Protecting Files • Use Disk Encryption • Backup Files Regularly • Encrypt Files with Strong Passwords • Use File-Level and Share-Level Security
- 19. FR 19 Protecting Devices • Use a Privacy Screen • Set a strong BIOS Password • Use Strong Passwords/Biometrics • Install a “Find My Phone” Application • Avoid Leaving Devices Unattended and Unsecured
- 20. FR 20 Protecting Devices • Keep up-to-date with the latest software updates • When connecting to untrusted wireless network, use a VPN to encrypt your session • Ensure that the most up-to-date virus and malware protection products are installed
- 21. Additional Tips
- 22. 22 Tips • Lock your devices & lock your doors • Shutdown your laptop, ideally once per week (not restart) • Employee Security Awareness • Zoom experience: • Don’t use your unique Zoom ID for all meetings • Use a password • If you are the host of the meeting, use the Zoom waiting room. • Upgrade to a paid/enterprise account.
- 23. Work From Home: Risk Assessment Tool https://www.symptai.com/tools