SlideShare a Scribd company logo

CTM360 Advisory: Remote Work Guidelines

CTM360
CTM360

As the current pandemic crisis has scaled across the globe, the majority of the organizations have resorted to working remotely. This opens up an organization to potential cyber threats as there is a lack of control on the employee devices and digital environment. Cybercriminals are using the novel COVID-19 issue as a base for their attacks, which includes spreading malware through files containing information about Coronavirus, fake news and even scams related to masks or cures. Remote employees should be made well aware of such threats and how to be digitally safe.

Technology
1 of 3
Download to read offline
Severity: HIGH Copyright ©2020 CTM360® www.ctm360.com 1 #staysafe #‫كلنا_فريق_البحرين‬ REMOTE WORK GUIDELINES Reference: CTM-ADV-0320-2 Date: 31st March 2020 Category: Best Practices/Guidelines Description As the current pandemic crisis has scaled across the globe, the majority of the organizations have resorted to working remotely. This opens up an organization to potential cyber threats as there is a lack of control on the employee devices and digital environment. Cybercriminals are using the novel COVID-19 issue as a base for their attacks, which includes spreading malware through files containing information about Coronavirus, fake news and even scams related to masks or cures. Remote employees should be made well aware of such threats and how to be digitally safe. Please find below the best practices for employees working remotely. VPN: ● If VPN is used to connect remotely from a work laptop, ensure to use strong passwords with 2FA. ● If you notice that your work machine is slow or experiencing glitches, notify IT immediately. ● If work devices are being used, ensure family members or guests do not have access to these machines. Emails: ● If you receive an email, verify that the sender is legitimate / trusted and that the email is not misspelled. ● If you receive a suspicious email from an unknown source, ensure to report it to the IT team immediately. ● If you notice a genuine sender sounds suspicious, i.e. suggesting a sudden change in bank / invoicing details, immediately escalate to IT. Do not engage further with the sender. ● If you are authorizing transactions, confirming payments or engaging in monetary discussions, ensure that the counterparty is known/verified. These confirmations should be via phone on genuine numbers. Social Media: ● If you receive a social media connection request, verify the legitimacy of the account. Delete, if unknown. ● Do not disclose any of your activities or work-related matters on social media. TARGET AUDIENCE FOR CIRCULATION: ● All staff working remotely ● IT security, support teams ● Management
Severity: HIGH Copyright ©2020 CTM360® www.ctm360.com 2 #staysafe #‫كلنا_فريق_البحرين‬ Remote Meetings: ● Prevailing remote meeting tools (e.g. Zoom) are known to have privacy issues and may push some data to third-parties. ● Ensure that every meeting is secured with a strong password. ● Disable the option of file transfer in such remote meetings, when not required. Home Devices: ● It is strongly recommended to avoid using personal devices. On such devices, the level of risk is exponentially higher and there are more chances your machine may be compromised. ● Isolation and Compartmentalization if using Personal devices for work related use. This can be done via Dual Boot, Sandbox and Virtualization. ● Employees should avoid logging into their corporate emails from personal devices. If these devices must be used, ensure that they are protected with antivirus softwares, defenders, firewalls etc. Also, consider using a spyware scanner (e.g. https://privacy.net/free-spyware-removal-tools/) as a one-time exercise. ● Secure home-wifi networks. ● If your personal devices experience a lag or behave suspiciously, immediately stop for corporate use. Work From Home - Risks and threats: Social engineering & Phishing attacks: ● Beware of spam / phishing emails containing attachments that are mostly malicious in nature. ● Stay vigilant against unsolicited or unknown emails. ● Stay alert! Threat actors are using anxiety, pressure, fear or urgency as a tool to execute malicious campaigns, impersonating known entities (e.g. governments, corporations) and sending links in SMS/emails fraudulently offering or requesting financial support in lieu of the COVID-19 pandemic. Fake websites & Fake news: ● Beware of fake websites offering coronavirus vaccines or cures. ● Beware of clicking on pop-up ads. You may become a victim to spyware or other malwares. ● Beware of fake news being spread on social media. ● Be sure to only use trusted information sources from official websites. Guidelines for IT Staff ● Implement a Zero Trust security framework (providing specific access to resources only to those who need it) on your network for employees working remotely. ● List all the whitelisted tools and platforms that can be used like cloud services, video conferencing applications etc.
Severity: HIGH Copyright ©2020 CTM360® www.ctm360.com 3 #staysafe #‫كلنا_فريق_البحرين‬ ● Ensure that all devices that will be used remotely have the latest version of their operating software, security software and applications. ● Ensure that all devices and applications that will be used remotely have the latest patches installed. ● Ensure that all remote employees have access to a VPN, and that you have sufficient licenses for all the employees working remotely. ● Confirm that your staff can reach your cloud-based applications and services directly without having to go through the company network. ● Instruct your staff on emerging threats tied to the COVID-19, including new phishing attacks, attempts to steal VPN credentials and fake news. ● Develop and implement a security policy that applies to all remote employees, including actions such as locking computers when they’re not being used. ● Implement two-factor authentication. Disclaimer The information contained in this document is meant to provide general guidance and brief information to the intended recipient pertaining to the incident and recommended action. Therefore, this information is provided "as is" without warranties of any kind, express or implied, including accuracy, timeliness, and completeness. Consequently, under NO condition shall CTM360®, its related partners, directors, principals, agents or employees be liable for any direct, indirect, accidental, special, exemplary, punitive, consequential or other damages or claims whatsoever including, but not limited to: loss of data, loss in profits/business, network disruption…etc., arising out of or in connection with this advisory. For more information: Email: monitor@ctm360.com Tel: (+973) 77 360 360

Recommended

Dos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityDos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityQuick Heal Technologies Ltd.
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Symptai Consulting Limited
 
Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Jay Nagar
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!EMBplc.com
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
BUILDING AWARENESS AND AWARENESS PROGRAM - Vasil Tsvimitidze
BUILDING AWARENESS AND AWARENESS PROGRAM - Vasil TsvimitidzeBUILDING AWARENESS AND AWARENESS PROGRAM - Vasil Tsvimitidze
BUILDING AWARENESS AND AWARENESS PROGRAM - Vasil TsvimitidzeDataExchangeAgency
 
OPSEC for OMBUDSMEN
OPSEC for OMBUDSMENOPSEC for OMBUDSMEN
OPSEC for OMBUDSMENNaval OPSEC
 

Recommended

Dos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityDos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityQuick Heal Technologies Ltd.
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Symptai Consulting Limited
 
Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Jay Nagar
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!EMBplc.com
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
BUILDING AWARENESS AND AWARENESS PROGRAM - Vasil Tsvimitidze
BUILDING AWARENESS AND AWARENESS PROGRAM - Vasil TsvimitidzeBUILDING AWARENESS AND AWARENESS PROGRAM - Vasil Tsvimitidze
BUILDING AWARENESS AND AWARENESS PROGRAM - Vasil TsvimitidzeDataExchangeAgency
 
OPSEC for OMBUDSMEN
OPSEC for OMBUDSMENOPSEC for OMBUDSMEN
OPSEC for OMBUDSMENNaval OPSEC
 
Traveling safely with smartphones 16 jun14
Traveling safely with smartphones 16 jun14Traveling safely with smartphones 16 jun14
Traveling safely with smartphones 16 jun14Naval OPSEC
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slidesjubke
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
How to Secure Your Mac Based Law Practice
How to Secure Your Mac Based Law PracticeHow to Secure Your Mac Based Law Practice
How to Secure Your Mac Based Law PracticeRocket Matter, LLC
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksJames Cash
 
Ceh intro
Ceh introCeh intro
Ceh introAnimesh Roy
 
6 Security Tips for Using Public WiFi
6 Security Tips for Using Public WiFi6 Security Tips for Using Public WiFi
6 Security Tips for Using Public WiFiQuick Heal Technologies Ltd.
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Smartphone
SmartphoneSmartphone
SmartphoneNaval OPSEC
 
30 Killer Internet Security Tips
30 Killer Internet Security Tips30 Killer Internet Security Tips
30 Killer Internet Security TipsQuick Heal Technologies Ltd.
 
Nonprofit Cybersecurity Incident Report
Nonprofit Cybersecurity Incident ReportNonprofit Cybersecurity Incident Report
Nonprofit Cybersecurity Incident ReportCommunity IT Innovators
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness trainingAbdalrhmanTHassan
 
Building a culture of security
Building a culture of securityBuilding a culture of security
Building a culture of securityCourion Corporation
 
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...Enterprise Management Associates
 
Spyware
SpywareSpyware
SpywareAvani Patel
 
security privacy,security,web,internet,prevention from hackers,the onion rout...
security privacy,security,web,internet,prevention from hackers,the onion rout...security privacy,security,web,internet,prevention from hackers,the onion rout...
security privacy,security,web,internet,prevention from hackers,the onion rout...ABHAY PATHAK
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017Bret Piatt
 
Cybersecurity #SciChallenge2017
Cybersecurity #SciChallenge2017Cybersecurity #SciChallenge2017
Cybersecurity #SciChallenge2017Diana-Teodora Vrabie
 
Cyber pledge infoMagnum
Cyber pledge infoMagnumCyber pledge infoMagnum
Cyber pledge infoMagnumARUN REDDY M
 
Cyber Threat Advisory: Coronavirus Related Scams
Cyber Threat Advisory: Coronavirus Related ScamsCyber Threat Advisory: Coronavirus Related Scams
Cyber Threat Advisory: Coronavirus Related ScamsCTM360
 

More Related Content

What's hot

Traveling safely with smartphones 16 jun14
Traveling safely with smartphones 16 jun14Traveling safely with smartphones 16 jun14
Traveling safely with smartphones 16 jun14Naval OPSEC
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slidesjubke
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
How to Secure Your Mac Based Law Practice
How to Secure Your Mac Based Law PracticeHow to Secure Your Mac Based Law Practice
How to Secure Your Mac Based Law PracticeRocket Matter, LLC
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksJames Cash
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness trainingAbdalrhmanTHassan
 
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...Enterprise Management Associates
 
security privacy,security,web,internet,prevention from hackers,the onion rout...
security privacy,security,web,internet,prevention from hackers,the onion rout...security privacy,security,web,internet,prevention from hackers,the onion rout...
security privacy,security,web,internet,prevention from hackers,the onion rout...ABHAY PATHAK
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017Bret Piatt
 

What's hot (20)

Traveling safely with smartphones 16 jun14
Traveling safely with smartphones 16 jun14Traveling safely with smartphones 16 jun14
Traveling safely with smartphones 16 jun14
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slides
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
How to Secure Your Mac Based Law Practice
How to Secure Your Mac Based Law PracticeHow to Secure Your Mac Based Law Practice
How to Secure Your Mac Based Law Practice
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber Attacks
 
Ceh intro
Ceh introCeh intro
Ceh intro
 
6 Security Tips for Using Public WiFi
6 Security Tips for Using Public WiFi6 Security Tips for Using Public WiFi
6 Security Tips for Using Public WiFi
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Smartphone
SmartphoneSmartphone
Smartphone
 
30 Killer Internet Security Tips
30 Killer Internet Security Tips30 Killer Internet Security Tips
30 Killer Internet Security Tips
 
Nonprofit Cybersecurity Incident Report
Nonprofit Cybersecurity Incident ReportNonprofit Cybersecurity Incident Report
Nonprofit Cybersecurity Incident Report
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
 
Building a culture of security
Building a culture of securityBuilding a culture of security
Building a culture of security
 
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...
 
Spyware
SpywareSpyware
Spyware
 
security privacy,security,web,internet,prevention from hackers,the onion rout...
security privacy,security,web,internet,prevention from hackers,the onion rout...security privacy,security,web,internet,prevention from hackers,the onion rout...
security privacy,security,web,internet,prevention from hackers,the onion rout...
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017
 
Cybersecurity #SciChallenge2017
Cybersecurity #SciChallenge2017Cybersecurity #SciChallenge2017
Cybersecurity #SciChallenge2017
 

Similar to CTM360 Advisory: Remote Work Guidelines

Cyber pledge infoMagnum
Cyber pledge infoMagnumCyber pledge infoMagnum
Cyber pledge infoMagnumARUN REDDY M
 
Cyber Threat Advisory: Coronavirus Related Scams
Cyber Threat Advisory: Coronavirus Related ScamsCyber Threat Advisory: Coronavirus Related Scams
Cyber Threat Advisory: Coronavirus Related ScamsCTM360
 
Document safer online for nonprofits guide
Document safer online for nonprofits guideDocument safer online for nonprofits guide
Document safer online for nonprofits guideNguyen Xuan Quang
 
First Union Bank Report
First Union Bank ReportFirst Union Bank Report
First Union Bank ReportYogesh Kumar
 
Checklist to reduce security risk for your remote workers
Checklist to reduce security risk for your remote workersChecklist to reduce security risk for your remote workers
Checklist to reduce security risk for your remote workersPeter Hagen
 
Watch Guard Firebox T10 Infographic
Watch Guard Firebox T10 InfographicWatch Guard Firebox T10 Infographic
Watch Guard Firebox T10 InfographicRandolph Novino
 
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfJust-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfInfinityGroup5
 
Cyber attacks during COVID-19 Era
Cyber attacks during COVID-19 EraCyber attacks during COVID-19 Era
Cyber attacks during COVID-19 EraPranav Kumar
 
A Cybersecurity and Digital Risk Assessment: A Family Case Study
A Cybersecurity and Digital Risk Assessment: A Family Case StudyA Cybersecurity and Digital Risk Assessment: A Family Case Study
A Cybersecurity and Digital Risk Assessment: A Family Case StudyCSEIJJournal
 
Enterprise Fraud Prevention & Scam Detection Tips By CXO 2.0 Conference Experts
Enterprise Fraud Prevention & Scam Detection Tips By CXO 2.0 Conference ExpertsEnterprise Fraud Prevention & Scam Detection Tips By CXO 2.0 Conference Experts
Enterprise Fraud Prevention & Scam Detection Tips By CXO 2.0 Conference ExpertsCXO 2.0 Conference
 
How to secure your enterprise data during Covid-19
How to secure your enterprise data during Covid-19How to secure your enterprise data during Covid-19
How to secure your enterprise data during Covid-19Dharmendra Rama
 
Working from home- How secure is it.pdf
Working from home- How secure is it.pdfWorking from home- How secure is it.pdf
Working from home- How secure is it.pdfFiyona Nourin
 
Security Minded - Ransomware Awareness
Security Minded - Ransomware AwarenessSecurity Minded - Ransomware Awareness
Security Minded - Ransomware AwarenessGreg Wartes, MCP
 
Enhancing Cybersecurity in Remote Work-3.pdf
Enhancing Cybersecurity in Remote Work-3.pdfEnhancing Cybersecurity in Remote Work-3.pdf
Enhancing Cybersecurity in Remote Work-3.pdfTuring.com
 

Similar to CTM360 Advisory: Remote Work Guidelines (20)

Cyber pledge infoMagnum
Cyber pledge infoMagnumCyber pledge infoMagnum
Cyber pledge infoMagnum
 
Cyber Threat Advisory: Coronavirus Related Scams
Cyber Threat Advisory: Coronavirus Related ScamsCyber Threat Advisory: Coronavirus Related Scams
Cyber Threat Advisory: Coronavirus Related Scams
 
Document safer online for nonprofits guide
Document safer online for nonprofits guideDocument safer online for nonprofits guide
Document safer online for nonprofits guide
 
First Union Bank Report
First Union Bank ReportFirst Union Bank Report
First Union Bank Report
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Network monitoring white paper
Network monitoring white paperNetwork monitoring white paper
Network monitoring white paper
 
Checklist to reduce security risk for your remote workers
Checklist to reduce security risk for your remote workersChecklist to reduce security risk for your remote workers
Checklist to reduce security risk for your remote workers
 
Watch Guard Firebox T10 Infographic
Watch Guard Firebox T10 InfographicWatch Guard Firebox T10 Infographic
Watch Guard Firebox T10 Infographic
 
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfJust-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
 
Cyber attacks during COVID-19 Era
Cyber attacks during COVID-19 EraCyber attacks during COVID-19 Era
Cyber attacks during COVID-19 Era
 
Pp9
Pp9Pp9
Pp9
 
cybersecurity-101_4
cybersecurity-101_4cybersecurity-101_4
cybersecurity-101_4
 
A Cybersecurity and Digital Risk Assessment: A Family Case Study
A Cybersecurity and Digital Risk Assessment: A Family Case StudyA Cybersecurity and Digital Risk Assessment: A Family Case Study
A Cybersecurity and Digital Risk Assessment: A Family Case Study
 
Enterprise Fraud Prevention & Scam Detection Tips By CXO 2.0 Conference Experts
Enterprise Fraud Prevention & Scam Detection Tips By CXO 2.0 Conference ExpertsEnterprise Fraud Prevention & Scam Detection Tips By CXO 2.0 Conference Experts
Enterprise Fraud Prevention & Scam Detection Tips By CXO 2.0 Conference Experts
 
How to secure your enterprise data during Covid-19
How to secure your enterprise data during Covid-19How to secure your enterprise data during Covid-19
How to secure your enterprise data during Covid-19
 
Cybersecurity awareness.pdf
Cybersecurity awareness.pdfCybersecurity awareness.pdf
Cybersecurity awareness.pdf
 
Working from home- How secure is it.pdf
Working from home- How secure is it.pdfWorking from home- How secure is it.pdf
Working from home- How secure is it.pdf
 
08 pdf show-239
08 pdf show-23908 pdf show-239
08 pdf show-239
 
Security Minded - Ransomware Awareness
Security Minded - Ransomware AwarenessSecurity Minded - Ransomware Awareness
Security Minded - Ransomware Awareness
 
Enhancing Cybersecurity in Remote Work-3.pdf
Enhancing Cybersecurity in Remote Work-3.pdfEnhancing Cybersecurity in Remote Work-3.pdf
Enhancing Cybersecurity in Remote Work-3.pdf
 

More from CTM360

Secure web conferencing for c level executives
Secure web conferencing for c level executivesSecure web conferencing for c level executives
Secure web conferencing for c level executivesCTM360
 
Unlocking New Doorways to Multi-channel Scams
Unlocking New Doorways to Multi-channel ScamsUnlocking New Doorways to Multi-channel Scams
Unlocking New Doorways to Multi-channel ScamsCTM360
 
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDETWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDECTM360
 
The Spread of Fake News - CTM360 - GI December 2017
The Spread of Fake News - CTM360 - GI December 2017The Spread of Fake News - CTM360 - GI December 2017
The Spread of Fake News - CTM360 - GI December 2017CTM360
 
Cyber Warrior - Business in Gulf 2017
Cyber Warrior - Business in Gulf 2017Cyber Warrior - Business in Gulf 2017
Cyber Warrior - Business in Gulf 2017CTM360
 
NME IT Security Survey 2016
NME IT Security Survey 2016 NME IT Security Survey 2016
NME IT Security Survey 2016 CTM360
 
TRAP10 Cyber Scam Targeting Unaware GCC Residents
TRAP10 Cyber Scam Targeting Unaware GCC Residents TRAP10 Cyber Scam Targeting Unaware GCC Residents
TRAP10 Cyber Scam Targeting Unaware GCC Residents CTM360
 
XSS, LFI & CSRF vulnerabilities
XSS, LFI & CSRF vulnerabilitiesXSS, LFI & CSRF vulnerabilities
XSS, LFI & CSRF vulnerabilitiesCTM360
 
DMARC Implementation across all domains
DMARC Implementation across all domainsDMARC Implementation across all domains
DMARC Implementation across all domainsCTM360
 
CTM360 adv-0317-01 dns messenger
CTM360 adv-0317-01 dns messengerCTM360 adv-0317-01 dns messenger
CTM360 adv-0317-01 dns messengerCTM360
 

More from CTM360 (10)

Secure web conferencing for c level executives
Secure web conferencing for c level executivesSecure web conferencing for c level executives
Secure web conferencing for c level executives
 
Unlocking New Doorways to Multi-channel Scams
Unlocking New Doorways to Multi-channel ScamsUnlocking New Doorways to Multi-channel Scams
Unlocking New Doorways to Multi-channel Scams
 
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDETWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
 
The Spread of Fake News - CTM360 - GI December 2017
The Spread of Fake News - CTM360 - GI December 2017The Spread of Fake News - CTM360 - GI December 2017
The Spread of Fake News - CTM360 - GI December 2017
 
Cyber Warrior - Business in Gulf 2017
Cyber Warrior - Business in Gulf 2017Cyber Warrior - Business in Gulf 2017
Cyber Warrior - Business in Gulf 2017
 
NME IT Security Survey 2016
NME IT Security Survey 2016 NME IT Security Survey 2016
NME IT Security Survey 2016
 
TRAP10 Cyber Scam Targeting Unaware GCC Residents
TRAP10 Cyber Scam Targeting Unaware GCC Residents TRAP10 Cyber Scam Targeting Unaware GCC Residents
TRAP10 Cyber Scam Targeting Unaware GCC Residents
 
XSS, LFI & CSRF vulnerabilities
XSS, LFI & CSRF vulnerabilitiesXSS, LFI & CSRF vulnerabilities
XSS, LFI & CSRF vulnerabilities
 
DMARC Implementation across all domains
DMARC Implementation across all domainsDMARC Implementation across all domains
DMARC Implementation across all domains
 
CTM360 adv-0317-01 dns messenger
CTM360 adv-0317-01 dns messengerCTM360 adv-0317-01 dns messenger
CTM360 adv-0317-01 dns messenger
 

Recently uploaded

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 

Recently uploaded (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

CTM360 Advisory: Remote Work Guidelines

  • 1. Severity: HIGH Copyright ©2020 CTM360® www.ctm360.com 1 #staysafe #‫كلنا_فريق_البحرين‬ REMOTE WORK GUIDELINES Reference: CTM-ADV-0320-2 Date: 31st March 2020 Category: Best Practices/Guidelines Description As the current pandemic crisis has scaled across the globe, the majority of the organizations have resorted to working remotely. This opens up an organization to potential cyber threats as there is a lack of control on the employee devices and digital environment. Cybercriminals are using the novel COVID-19 issue as a base for their attacks, which includes spreading malware through files containing information about Coronavirus, fake news and even scams related to masks or cures. Remote employees should be made well aware of such threats and how to be digitally safe. Please find below the best practices for employees working remotely. VPN: ● If VPN is used to connect remotely from a work laptop, ensure to use strong passwords with 2FA. ● If you notice that your work machine is slow or experiencing glitches, notify IT immediately. ● If work devices are being used, ensure family members or guests do not have access to these machines. Emails: ● If you receive an email, verify that the sender is legitimate / trusted and that the email is not misspelled. ● If you receive a suspicious email from an unknown source, ensure to report it to the IT team immediately. ● If you notice a genuine sender sounds suspicious, i.e. suggesting a sudden change in bank / invoicing details, immediately escalate to IT. Do not engage further with the sender. ● If you are authorizing transactions, confirming payments or engaging in monetary discussions, ensure that the counterparty is known/verified. These confirmations should be via phone on genuine numbers. Social Media: ● If you receive a social media connection request, verify the legitimacy of the account. Delete, if unknown. ● Do not disclose any of your activities or work-related matters on social media. TARGET AUDIENCE FOR CIRCULATION: ● All staff working remotely ● IT security, support teams ● Management
  • 2. Severity: HIGH Copyright ©2020 CTM360® www.ctm360.com 2 #staysafe #‫كلنا_فريق_البحرين‬ Remote Meetings: ● Prevailing remote meeting tools (e.g. Zoom) are known to have privacy issues and may push some data to third-parties. ● Ensure that every meeting is secured with a strong password. ● Disable the option of file transfer in such remote meetings, when not required. Home Devices: ● It is strongly recommended to avoid using personal devices. On such devices, the level of risk is exponentially higher and there are more chances your machine may be compromised. ● Isolation and Compartmentalization if using Personal devices for work related use. This can be done via Dual Boot, Sandbox and Virtualization. ● Employees should avoid logging into their corporate emails from personal devices. If these devices must be used, ensure that they are protected with antivirus softwares, defenders, firewalls etc. Also, consider using a spyware scanner (e.g. https://privacy.net/free-spyware-removal-tools/) as a one-time exercise. ● Secure home-wifi networks. ● If your personal devices experience a lag or behave suspiciously, immediately stop for corporate use. Work From Home - Risks and threats: Social engineering & Phishing attacks: ● Beware of spam / phishing emails containing attachments that are mostly malicious in nature. ● Stay vigilant against unsolicited or unknown emails. ● Stay alert! Threat actors are using anxiety, pressure, fear or urgency as a tool to execute malicious campaigns, impersonating known entities (e.g. governments, corporations) and sending links in SMS/emails fraudulently offering or requesting financial support in lieu of the COVID-19 pandemic. Fake websites & Fake news: ● Beware of fake websites offering coronavirus vaccines or cures. ● Beware of clicking on pop-up ads. You may become a victim to spyware or other malwares. ● Beware of fake news being spread on social media. ● Be sure to only use trusted information sources from official websites. Guidelines for IT Staff ● Implement a Zero Trust security framework (providing specific access to resources only to those who need it) on your network for employees working remotely. ● List all the whitelisted tools and platforms that can be used like cloud services, video conferencing applications etc.
  • 3. Severity: HIGH Copyright ©2020 CTM360® www.ctm360.com 3 #staysafe #‫كلنا_فريق_البحرين‬ ● Ensure that all devices that will be used remotely have the latest version of their operating software, security software and applications. ● Ensure that all devices and applications that will be used remotely have the latest patches installed. ● Ensure that all remote employees have access to a VPN, and that you have sufficient licenses for all the employees working remotely. ● Confirm that your staff can reach your cloud-based applications and services directly without having to go through the company network. ● Instruct your staff on emerging threats tied to the COVID-19, including new phishing attacks, attempts to steal VPN credentials and fake news. ● Develop and implement a security policy that applies to all remote employees, including actions such as locking computers when they’re not being used. ● Implement two-factor authentication. Disclaimer The information contained in this document is meant to provide general guidance and brief information to the intended recipient pertaining to the incident and recommended action. Therefore, this information is provided "as is" without warranties of any kind, express or implied, including accuracy, timeliness, and completeness. Consequently, under NO condition shall CTM360®, its related partners, directors, principals, agents or employees be liable for any direct, indirect, accidental, special, exemplary, punitive, consequential or other damages or claims whatsoever including, but not limited to: loss of data, loss in profits/business, network disruption…etc., arising out of or in connection with this advisory. For more information: Email: monitor@ctm360.com Tel: (+973) 77 360 360