• Categories
  • Recent Posts
  • Popular Posts
  • Popular Tags

  • The massive shift towards a work-from-home model in the face of the COVID-19 pandemic brings up the critical concern of home network security. A simple home network lacks the sophisticated security protocols that would be present within organizational networks and opens more endpoints for cybercriminals to exploit as your employees work from home.

    Here are some security tips to consider that can help strengthen your organization’s security posture in this new normal of remote work.


    Ensure that your employees’ devices are protected with a comprehensive, up-to-date antivirus solution. This can help secure your organizational data that is now being transmitted and stored on their devices.

    Patching and Updates

    Having a consistent patching routine ensures that software is up-to-date and protects devices from vulnerabilities. Such vulnerabilities make it possible for cybercriminals to breach networks and steal organizational data. For example, Microsoft recently announced that Windows 8.1 was going end-of-life, meaning they were discontinuing support (including security updates) for this OS. We recommend that you upgrade all organization’s Windows devices to Windows 10 to have access to Microsoft support and protect yourself against security vulnerabilities.

    SaaS/Web Access

    Make sure your team has uninterrupted access to VPN and remote desktop solutions like Citrix or Microsoft RDP. Office 365 is the most widely used cloud-based collaboration and productivity suite worldwide and is invaluable during this period of global remote work. Because of its integration with collaboration tools like Microsoft Teams, it allows your employees to collaborate and have virtual meetings while getting their work done, and since it is happening in the cloud, organizational data stays off personal devices, and protected against breaches. Another benefit to using cloud-based applications is that installing business applications on personal devices would require additional licensing, resulting in higher costs.

    Document Storage

    Review document storage best practices with your employees to ensure that they recognize the sensitivity of your data. Company documents can include confidential information, and therefore should not be saved on personal devices that are used in the home by individuals other than your employee.


    For shared machines, employees should have separate user accounts for home and work use, and work accounts should be password protected. This will protect sensitive data from being accessed by users other than the employee. If separate accounts are not possible, we recommend that users avoid saving passwords and disable VPN access once they are no longer using their device. While saving passwords is convenient, when done on shared devices without a separate account, it can expose sensitive data to other users of the device.
    Corporate machines typically have policies that require the screen to lock after inactivity to prevent someone other than the user from accessing the device. Employees should enable screen locks that require compulsory passwords to access their account on their personal devices to protect organization data.

    Home Networks

    Home network devices such as modems and routers are rarely updated with the latest firmware. This can open up the home network to security vulnerabilities that hackers can then exploit. We recommend that your organization’s IT team review these devices to ensure they are up-to-date with the latest firmware to safeguard your critical data.


    This is an unprecedented period of business disruption, and organizations have taken great strides to enable their employees to work remotely and keep their business functional. However, this requires some security follow-ups, and the above tips will keep your employees and your data safe as we continue to thrive in this new normal of remote work. Please contact us if you have any questions regarding these best practices.

    Security, Technology, Workplace of the Future

    , , ,

    With the transition to remote work in the face of the COVID-19 pandemic, many organizations and schools are transitioning to using Zoom for online collaboration and learning. This has seen the online conferencing service get hit with multiple cyberattacks, and there are now over 500,000 leaked Zoom accounts available for sale on the dark web.

    We have received some questions from our clients on these security concerns, and whether Zoom is safe to use. This blog is in response to those concerns and some of the measures that users can take to stay safe, should they choose to use it.

    Why Zoom?

    Zoom’s focus has been usability and reliability – easy to use and works great on any device with a range of bandwidth. Zoom has had to handle a 20x increase in use over a matter of weeks and have largely been successful in managing the increased usage.

    However, as use in organizations has skyrocketed, vulnerabilities and concerns have been identified. With the popularity of Zoom, it has also presented a huge attack opportunity for cybercriminals.

    Initial areas of concern

    1. Zoom-bombing:
      Zoom-bombing is when an intruder infiltrates and disrupts a video conference call. Not only could intruders share inappropriate content, they could also simply just quietly listen into or watch what’s happening in the meeting and steal specific data to enhance social engineering and e-impersonation campaigns. Various changes have been made by Zoom to address Zoom-bombing including defaulting to users being put in the waiting room where a host must allow them access. Advice has also been issued on ensuring that a password is used for all meetings and that the meeting URL is only provided to invited users.
    2. General:
      Vulnerabilities have been identified, but recently, Zoom has been fairly quick to fix them. If installed, Zoom should be set to auto update, so all new fixes are applied as soon as available. Meeting links are generalized and reused so once someone has the link, they can always access in future.
    3. Encryption:
      Currently, Zoom is using their own encryption, which is generally not recommended due to the highly complicated nature of encryption. Zoom does not use end-to-end encryption, so there is a potential that their current communication stream could be compromised. Zoom indicates that they are working on improvements.
    4. Privacy:
      Ensure that the Zoom privacy policy is reviewed, understood, and determined acceptable for your organization. For free accounts, personal information will certainly be monetized. For paid accounts, organizations should understand what information is collected and how it is secured.

    In Conclusion

    If you choose to use Zoom, it is important to keep in mind the security of your data and users. Practice cybersecurity discipline and use the following tips to stay safe:

    • Use with caution and an understanding of the risks
    • Should not be used for secret or confidential meetings or conversations
    • If used;
      • Ensure users are aware of, and using, proper security settings and are staying up-to-date on ongoing changes
      • Set the application to auto-update so it is always up-to-date with latest fixes
      • Ensure meeting recordings are also protected
    • Hosts should monitor participants of their meetings and not allow unknown users into meetings
    • For tighter control and deeper integration with other organization communication tools, consider a more mature conferencing solution

    Security, Workplace of the Future

    , , ,