Security Hygiene for Secure Remote Working
Twenty seconds: that’s how long washing your hands is supposed to take when you’re being thorough, and lately, we’re all being very, very, thorough. But how many seconds do you devote to analyzing emails, direct messages, or the texts that you receive? Fifteen? Ten? None?
Malware propagators take advantage of our own natural responses to receiving or accessing important information from sources we assume to be trusted, and they also take advantage of headline-making events like the coronavirus outbreak.
It’s important to remember that whether you’re the CEO of a global company or simply trying to stay informed of the latest news on coronavirus, the potential to fall victim to a phishing, spyware or ransomware attack is heightened.
With that said, BlackBerry’s Cyber and Product Security Teams have created a list of “cyber hygiene best practices” to help protect remote workers during Fraud Prevention Month and beyond. We hope these tips will help keep you more aware and secure:
What is the Potential Impact of Malware on my Devices?
Depending on the type of malware infecting your devices, an attacker may be able to:
- Record phone calls and surrounding audio, voicemails, and keystrokes.
- Impersonate you in order to infect others in your network.
- Review text messages, content from chat applications (WhatsApp, LINE) and call logs.
- Retrieve location data, browser histories, and stored media such as photos and videos.
- Gain user access to email, social media, and additional messaging applications.
- Modify device settings or take screenshots.
- Access sensitive personal or corporate data.
How Do Some of These Attacks Happen?
Attackers can utilize different means to infect targets. Often, attacks are initiated by the following:
- Social Engineering: Users are tricked via malicious texts, emails, documents and/or phone calls to install malicious software. Some attackers may disguise themselves as technical support personnel or other trusted entities.
- Physical Access: An attacker with physical access to an unsecured device can install the malicious software.
- Application Vulnerability Exploit: Vulnerabilities within applications present on the device can be exploited to gain remote access to it.
- Malicious Applications: Applications downloaded from third-party websites, sometimes even those present in legitimate app stores.
- Malicious Websites: Infections can occur when visiting websites controlled by attackers or legitimate sites that have been compromised.
- Exploit via Charging Station or PC: Connecting your device to a compromised charging station or PC could lead to an infection.
- Exploit via Radio Interfaces: Your mobile device could be attacked through its interface to cellular networks, Wi-Fi, Bluetooth, or NFC.
- Review the email sender - some phishing email have come from attackers posing as legitimate senders using URLs that are similar to the real entities, such as "cdc-gov.org," rather than "cdc.gov." It is best to treat all emails as potentially malicious and exercise caution - remember that even legitimate email addresses can be compromised.
- Don't click links - hovering your curser over links can show you the address they lead to, but it is ‘best practice’ to only type trusted URLs directly into a browser, and to never click on links in emails, even if the email appears to be from a trusted source.
- Be careful with attachments - especially if you don't recognize the sender or the email appears suspicious. Make sure you are running an endpoint protection solution that can protect you from malicious attachments should you encounter one.
- Don't open unsolicited email from anyone you don't know - it is best to send these emails to your spam folder and not risk compromise – rarely would any important communications come from an unknown source through an unsolicited email.
- Be aware of spelling and grammatical mistakes – these can be red flags for scams and email-based attacks. Also be wary of generic greetings, such as "Dear Sir" or greetings that seem overly personal such as “Dear Beloved” – these are also likely indicators of malicious intent.
- Avoid email that demands immediate action or requests for your personal information, passwords or login credentials – attackers will often try to instill a sense of urgency in their targets so bad decisions are made.
- Contact Your Security Operations Center (SOC) at your employer immediately if you suspect your device has been compromised.
- Do not leave your device unattended and always enable screen lock that requires a pin or passcode.
- Disable Wi-Fi, Bluetooth, and NFC when not in use or while traveling.
- Do not add unknown contacts to third-party apps or click on unsolicited links – always enter a URL directly into a browser to assure you are directed to the desired website.
- Disable auto-downloads of media files in third-party apps on personal devices. For example, on WhatsApp on Android:
- Open WhatsApp and go to the window where chats are shown.
- Select Settings, the three vertical dots on the top right-hand side.
- Click on Data and storage usage.
- Head to Media Auto-Download, where you will encounter three options: When Using Cellular Data, When Connected on Wi-Fi and When Roaming.
- Disable auto-downloads by unchecking all four options, Photos, Audio, Video and Documents.
- Do not use personally installed/third-party applications for corporate communications or file-sharing.
- When traveling, log out of third-party apps. When possible, uninstall third-party apps that are not required for the duration of the trip.
- Monitor the DTEK application on Android by BlackBerry devices for anomalous behavior.
- Modify privacy settings on your social media accounts including active sessions, passwords for access, etc. Adversaries are known to utilize social media to gather information that can further be used to exploit victims - the following links can help: Facebook, Twitter, LinkedIn.
- Review security protocols from your organizations for additional controls necessary to secure remote and mobile computing.
- For Android users: Check the device administrator’s settings to see if installed applications from unknown sources are enabled, as this could be a sign of a spyware infection.
- For Apple Users: Examine your device for signs it has been jailbroken. Although this would typically require physical access to your device, if you have ever left your device unattended, this could elevate your risk profile.