This is a very unique time we’re living in. Whether you’re working on the front-lines as a healthcare professional, grocery store worker, trucker, essential employee, or you’re working from home, the following are some very basic things to do, and look out for, that bare repeating. We’ll also briefly discuss some happenings with video conferencing company Zoom that you need to be aware of.
While this is not an exhaustive list of tips you can use to better protect yourself, this is meant as a way to get the ball rolling.
Devices:
- Apply updates to your devices and software. This helps plug up security holes.
- Have antivirus software installed and scans scheduled to run on a frequent basis.
- At a minimum, password protect your devices.
Social media:
- Stop participating in “quizzes”/”ice breakers!” We wrote about this a few years ago. Answering these questions may allow someone with ill intent the ability to sign into accounts you use. The answers you provide may help the bad actor a chance to guess your password as well as answers to account security questions.
- Clear desk rule. We can’t stop you from taking pictures of your workspace and posting it to social media. Hopefully your employer has policies against this activity, and we also strongly advise not to publish your workspace. If you are going to share, here are things you need to do (You should do these things regardless if you’re sharing to social media or not.):
- Lock your monitor. This way no one can see what is on your computer screen and it helps prevent someone from physically accessing your computer when you’re away from it.
- Clear your work station of all paperwork and remove sticky notes from your monitor. If you leave something sensitive on your desk, there’s a good chance someone can read it in the photo or video.
- Lock your monitor. This way no one can see what is on your computer screen and it helps prevent someone from physically accessing your computer when you’re away from it.
Zoom:
- The FBI is warning users of Zoom bombing where people are hijacking the meetings by taking over the screen share. Recommendation is to not share meeting information publicly, manage screen sharing options to “host only,” and to make sure the app is up to date [Source: FBI https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic ]
- Ars Technica reported on a bug that Zoom has not fixed yet, that allows Windows credential stealing by sending malformed links in Zoom’s chat function. The article states users need to be suspicious of links shared in Zoom’s chat function. It also states that you should block port 445 or that it “…can access only trusted addresses on the Internet.” [Source: Ars Technica https://arstechnica.com/information-technology/2020/04/unpatched-zoom-bug-lets-attackers-steal-windows-credentials-with-no-warning/ ]
- Security research group, Citizen Lab, has issued privacy concerns about the video conferencing platform from less than secure encryption schemes, to web traffic funneled through China, where “…Zoom may be legally obligated to disclose these [encryption] keys to authorities in China.” (“…keys for encrypting and decrypting meetings transmitted to servers in Beijing, China.”). There’s a laundry list of issues. You can read the full report here [Source: Citizen Lab https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/ ]
- What to do with Zoom:
- DO NOT use Zoom for sensitive/confidential meetings.
- Use Zoom’s password feature instead of “Waiting rooms”
- Assume what you say and do on Zoom is public and behave accordingly.
- What to do with Zoom:
We hope this was informative. If you do need help, or want to learn about what services we offer, please contact us using the form below.
Contact Us | Bsquared Intel
Please fill out the form below, or call 203.828.0012, to learn how bsquared intel can assist you.