Working from Home? Are you Cybersecure? (Part 1)
The coronavirus is turning all of our lives upside down. My family and friends in the UK have been on lock-down for a several weeks now. Here in Alabama, we just went into shelter-in-place mode a couple of days ago as I pen these words.
As a result, a lot of people who used to spend their days in an office environment are now working from home. The problem is that many of them are woefully ill-equipped with regard to managing cybersecurity in their homes.
We should also spare a thought for the poor corporate IT guys and gals. They’ve suddenly transitioned from having only a small percentage of the employees working from home to almost 100%. As a result, many IT departments are now frantically scurrying around trying to plug security holes and bolster the cybersecurity status of their workforce.
As is usually the case, I’m a bit of square peg trying to fit in a round hole. As a freelance technology consultant and technical writer, I could have a home office, but we don’t really have the room in our house, so I rent an office downtown. Apart from anything else, this gives me a place to store all of my technical books and hobby projects, which tend to make strange sounds and flash a lot of LEDs (the projects, not the books). Unaccountably, my wife (Gina the Gorgeous) feels these wondrous artifacts don’t adequately reflect the ambiance for which she’s striving. Also, arriving at the office before 8:00 a.m. every morning and not leaving until 5:00 p.m. or later in the evening almost makes it seem like I have a real job.
Even though we haven’t been on lock-down until this past Saturday, I’ve been working from home for the past couple of weeks using my laptop computer. The problem is that I’m much less efficient on my laptop than I am on my full-up system. Thus, when we heard the news that the lock-down was going into effect on Saturday at 5:00 p.m., I decided to make a run for the office and retrieve my main machine. As seen in the photo at the start of this column, I just finished setting everything up on the table in our breakfast nook, plus I brought a folding table in from the garage.
On the breakfast table are my three 28" monitors forming a single desktop. On the fold-up table is my printer, plus the whole table is covered with an anti-static mat for when I prototype my electronic doodads, gizmos, and thingamabobs. Under the table is my tower computer and uninterruptible power supply (UPS). In the event of a loss of power, the UPS can keep everything running long enough for me to save my work, exit out of my applications, and close things down gracefully. In reality, it only has to “hold the line” for about 15 seconds until the natural gas emergency generator I had installed a few years ago kicks in, but it’s better to be safe than sorry.
Cybersecurity
When it comes to cybersecurity, I think I have a fairly typical setup. Although my friends in security say Linux is best, like many people I use Windows 10 as my operating system (OS). I augment the native Windows Defender Antivirus with Norton Antivirus. You have to be careful here because antivirus tools work deep down, interposing themselves between the OS and the rest of the system. Windows Defender and Norton play well together, but some combinations may see each other as viruses and try to “fight it out” between themselves.
I also store all of my data files in a DropBox folder on my computer. This means that whenever I move, rename, delete, or modify a file, including hitting the “Save” button while editing a file, in addition to taking place locally on my computer, that change is immediately uploaded to the DropBox cloud.
One thing I worry about is my machine becoming infected by ransomware. In this case, a malicious application encrypts all of the data files on your system, after which the nefarious perpetrator tries to extort money from you (typically in the form of an untraceable cybercurrency like Bitcoin) with the promise of decrypting them again. One problem here — apart from the obvious one — is that, as each of my files was encrypted, DropBox would see that as a change and copy the corrupted file up into the cloud (sad face).
In order to mitigate against this, once a week I disconnect my computer from the internet, run a full virus scan, plug in an external USB solid-state drive (SSD), copy my DropBox folder to the SSD, unplug (“air-gap”) the SSD, and reconnect the computer to the internet. Of course, there’s always a chance I unwittingly backed up some malware that slipped through the net, but you can only do the best you can do. Also, DropBox has a nice “Rewind” feature that would allow me to “wind back” my account to any time in the past 30 days (or up to 180 days for those using the more expensive accounts).
So, the above describes my own setup, which I would regard as being fairly typical. One point we haven’t touched on is that of virtual private networks (VPNs). The sad truth is that using a VPN may not protect you as much as you might hope, but we’ll save the grisly details for Part 2. Until then, I welcome any cybersecurity-related comments, questions, and suggestions, along with any cybersecurity stories you care to share.
