EDITOR ’ S QUESTION
HackerOne , employs a hybrid model where approximately a third of employees work from home all the time and another third work from home a few days a week . When the WHO announced that the COVID-19 was a worldwide pandemic , HackerOne took steps to implement a mandatory work-from-home policy globally .
When employees find themselves in a mandatory work from home situation like the one we ’ re in today , it can be quite daunting for businesses , especially when you start to consider all the moving parts – including keeping yourself safe at home .
My top tip would be to make sure employees are doing their part . This includes good cyberhygiene , making sure they are set up with Multi-Factor Authentication ( MFA ), using good password managers , and are instructed to disconnect from the corporate VPN when no longer in use , allowing the corporate IT infrastructure more room to breathe . Employees should make sure their home routers are up to date , secure with strong passwords and equipped with WPA2 security or higher . Encourage employees not to install new apps without approval from IT ; to be mindful of sharing online meeting IDs and URLs on social media ; and to be on the lookout for phishing scams that can be spread via text , email or social media .
In working away from your operation centre , be mindful that there are pros and cons in times like we are facing today with COVID-19 . On the plus side , no one is physically in your office or data centre to break anything . On the downside , no one is there to fix it either . If you can , ensure that you have a good on-call system and are able to stay within SLAs . all of your network configurations , ACLs , firewall rules , etc . Without a doubt , in nine months from now , we ’ ll be looking at news stories about two impacts resulting from COVID-19 .
I ’ d also recommend gathering intelligence in real time on endpoints , sending that data to a centralised platform , and with that data sending various levels of alerts from casual notices to late-night pages , to the IT team . This data can be anything from new applications installed , use of USB devices , or potential malware binaries detected . Tools like traditional antivirus usually lag crucial days behind on payload detection and even then , the best bet isn ’ t removing the payload , but erasing or quarantining the device indefinitely .
In a remote world , communication is everything . It is best to quickly jump on a call , just as quickly as you would go to someone ’ s desk in an office setting . Screen sharing or even tools like FaceTime can be used when you can ’ t see someone ’ s screen . Ask questions to help decipher what an end-user is
Employees should make sure their home routers are up to date , secure with strong passwords and equipped with WPA2 security or higher .
seeing rather than making assumptions . Be patient and considerate but remember to be thorough about verifying user ’ s identities before resetting passwords or MFA or anything else . p
Ensuring your VPN is secure is key . If you have to use a VPN or any other remote networking infrastructure as you need to spin up something ‘ right now ’, ensure the infrastructure you ’ re building is secure . Triple-check
AARON ZANDER , HEAD OF IT AT HACKERONE
www . intelligentcio . com INTELLIGENTCIO APAC 35