Now that we all find ourselves in a new reality, be it working, learning, or just passing time at home, there are some unique vulnerabilities to be aware of online. To clear up some of the uncertainty, we virtually-interviewed NCTA Vice President of Broadband Technology Matt Tooley to give us an expert’s advice and give us some peace of mind.
How should users think about their cybersecurity, now that so many of them find themselves working remotely?
Everyone should remember that cybersecurity is a 24x7 effort. This means everyone should be cognizant of potential new attack vectors such as malware infecting a device and using the VPN to get to corporate assets.
Make sure your VPN client is configured to operate in what is called “split tunnel’ mode (you might have to ask your IT department depending on the VPN you use). This way only the internet data for the corporate network uses the VPN, and all internet-based traffic goes straight to the internet and bypasses the corporate network. This will reduce the amount of bandwidth used on employer’s internet connection.
Additionally, make sure to only use your corporate computers for corporate activities, use your personal device for all other activities such as streaming movies or trying out that latest game. Review and update your passwords, in particular make sure the password used for your primary email is unique and follows the best practices for passwords.
Everyone should be alert for the phishing attempts. The bad guys will try to take advantage of people’s fears and trick them into clicking onto links.
Think about what may be visible in your background when teleconferencing. You may have things visible that could be used to aid the bad guys in guessing your passwords such as your high school yearbook, children photos with names on them, diplomas on the wall, etc. So think about either using the blur background feature or using a virtual background to prevent leaking personal information.
Also, make sure to use a password on teleconferencing invites, to avoid getting Zoom-bombed.
What are internet providers doing to reduce these risks?
Internet providers are continuing their efforts to ensure that a cyberattack does not impact their networks and their customers’ ability to access the networks. Internet providers have security operation teams that are working 24x7 to monitor and act upon threats.
Internet providers are working closely with the Department of Homeland Security (DHS) Cybersecurity & Infrastructure Security Agency via the communications information security analysis center (ISAC) to stay informed of the latest threat information.
What can people do to make their home network a little safer?
Make sure all your devices including the home gateway/router all have the latest software. This is particularly true for any Internet of Things (IoT) devices. And to err on the side of caution, unplug the truly optional IoT devices.
Check to make sure your home router isn’t still using its default username and password. Many of the older home routers didn’t require you to change it. Newer ones require you to change. If you don’t change it, then it is easy for the bad guys to take over your home router and install spyware on it.
If you are using Wi-Fi, make sure you have the Wi-Fi encryption turned on. It should be configured to use either WPA2-PSK (AES) or WPAWPA2-PSK (TKIP/AES).
Do an inventory check of all the devices connected to your home Wi-Fi to make sure they are all devices you have authorized to use it and that there isn’t some unknown device using your Wi-Fi. Better yet, change your Wi-Fi password.