COVID-19: How to avoid cyberattacks when working from home

0
705

Zoom Security

In light of recent reports about the popular meeting platform Zoom being susceptible to attack. We would like to inform you that any chat platform can be used by cyber-attackers to target you.

Apart from other basic security features, Zoom has the following in-meeting security capabilities that can be enabled by the meeting host:

  • Play enter/exit chime
  • Lock a meeting when all participants are in
  • Create Waiting Rooms for attendees
  • Password protect a meeting
  • Only allow individuals with a given e-mail domain to join
  • Require host to be present before meeting starts
  • You can always expel an unwanted participant
  • Generate a new code for your meeting every time instead of using only one code for all meetings.

Lastly, IT provides alternate virtual meeting tools please refer to our Work from Home Guide.

General WFH Security Guidelines

We need your help. To ensure a smooth work from home experience, the Information Security Department has stopped proactively blocking home routers that report malicious infections. Our systems now report a significant increase in infections and we need you to help to reduce these by protecting your home devices.

Working from home, you may be using a Mac/PC provided by KAUST. If you are, rest-assured that you’re protected most of the time. Machines provided by KAUST have anti-virus and anti-malware applications such as Traps, installed to protect your devices from malicious infections from websites and software.

However, if you’re using a Mac/PC, NOT provided by KAUST, you may NOT be sufficiently protected since personal machines DO NOT have the advanced software KAUST provides to keep data stored on machines safe and secure. Therefore, using personal devices for work can potentially pose a security risk.

All devices, not provided by KAUST, being used for KAUST related work, are classified as BYOD; that stands for Bring Your Own Device and are subject to guidelines that can be reviewed by accessing the KAUST Policy site here.

Follow the Guidelines below when using personal devices to access work related resources:

Device Security

  • Install anti-virus software: We recommend you to have an up-to-date anti-virus solution installed from one of the top leading anti-virus providers available.

If you don’t have one installed, we strongly advise you to go to https://antivirus.kaust.edu.sa to get Traps now for free.

  • Enable lock-screen: Configure your personal devices to require a password or PIN to be accessed.
  • Enable auto-lock: Configure your personal devices to automatically lock after 10 minutes of inactivity.
  • Automatic updates: Configure your devices to always install updates automatically.
  • App permissions: Be aware of access rights that applications may ask for, on your PC or mobile devices.

Data Security

  • Secure Data Remotely: Only use KAUST provided cloud resources such as SharePoint and OneDrive to store work related data. Avoid storing confidential/sensitive work information such as financial records or KAUST personnel related information on a personal device.
  • Password protect data: When storing confidential data on personal devices temporarily, always secure the data behind a strong password by using software such as PGP Desktop and 7-Zip.
  • Avoid auto-complete: Refrain from saving your work-related usernames or passwords on browsers using the convenient save features.
  • Unnecessary apps: To minimize risk associated with apps installed, it’s a good idea to routinely review and uninstall all unnecessary and unused applications from your devices, mobile or PC.
  • Backup regularly: Since electronic devices are prone to damage and failure, and your personal devices may not have back-up software that’s available on KAUST provided devices, always be sure to regularly back-up important data.

Network security

  • Secure Wi-Fi: Connect only to Wi-Fi connections that you trust, that are protected with a password and always avoid public networks at all times.
  • Wi-Fi password: Anyone who has connected to your Wi-Fi network in the past may be able to connect to it again without you knowing. If you have not changed your Wi-Fi password in recent times, changing it now would be a good idea.
  • Connect to KAUST VPN: For those that are not on KAUST Campus, OR are on-campus and connect using a VPN service must connect to KAUST VPN as this adds an extra layer of security.

Physical Security

  • Report lost or stolen: If you’ve accidentally misplaced or lost your personal device that may have had KAUST confidential information, it’s always best to report it to explore what options you may have. Contact us by sending an email to askinfosec@kaust.edu.sa.

Report suspicious emails by clicking the PhishMe Button, or forward email to PhishReporter@kaust.edu.sa. For questions and concerns, email askinfosec@kaust.edu.sa

LEAVE A REPLY