TCT is committed to helping you keep your organization secure and compliant. Every quarter, we’re publishing compliance and security insights that you can share with your employees to fulfill periodic security reminder requirements your organization may be subject to.
As an added bonus, we’ve highlighted some developing security trends and featured a quick tip in TCT Portal to get more out of your compliance management.
Protect Your Company Data at Home: WFH Security Tips
When you’re working remotely from home, you don’t have the built-in security that your company provides on-site. It’s critical to observe robust routines to protect your company’s sensitive information. Follow these best practices to ensure that you’re working from home securely.
Protect your data the way that you would protect it in the office. That includes placement of your monitors. If they face an outdoor window, you don’t want passersby to get curious and peek through the window.
Protect company information at all times, even within your home. You live with people you trust, but they don’t have the right to see the sensitive data that you’re dealing with. Be cognizant of protecting company information from anyone who might be in your home, such as family friends, home contractors, and delivery people.
Keep track of printed materials and use secure shredding as soon as you’re done with them. Secure them when they aren’t in use.
Your company should provide laptops for working from home. Devices are under the control of the company, and will come loaded with all the proper security software and configuration settings in place.
Your organization should specify how to connect to the company’s servers, and how to ensure your firewall and antivirus settings are configured correctly. Make sure your devices are set to update software patches on a regular basis (or set a reminder to do so at least monthly). Follow their rules and guidelines, remember to use strong passwords, and store them securely. Don’t write passwords down on sticky notes, but use a secure password management system.
Of course, you should never work from an insecure WiFi, and make sure you know the devices that are on the network. Where possible, make it as secure as possible. When you install the WiFi system, make sure you change any of the default user accounts.
Quick Tip: Use TCT Portal for a Business Continuity Boost
Every business has expected and unexpected turnover. One of the most devastating impacts to any organization is losing the brain trust that has been built up over time. TCT Portal helps avoid lost expertise during turnover by doubling as a business continuity tool.
In TCT Portal, you have a repository of compliance knowledge for managing compliance engagements. You have built-in traceability and tracking of who did what, when did they do it, what evidence they supplied, what passed muster with the assessor, and more. It’s a tremendous repository of knowledge that keeps your compliance engagements stable and running smoothly.
Companies that use TCT Portal don’t have to worry about cramming to get vital knowledge out of a person who is moving on — and you don’t have to rely on faulty memories or poorly written notes. You have a tool that you can use to look at past evidence. Whoever steps into that outgoing person’s shoes has a huge leg up, because they can tap into a clear, organized repository.
What’s Going on in Security Today
Via Fox News. Companies need to ensure every smart device in the office is secure — even coffee makers. Cybersecurity software company Avast recently figured out how to hack into a smart coffee maker and use the machine to demand money. Once the smart coffee maker is turned on, it creates its own Wi-Fi network that the coffee drinker first connects to. Without proper security protocols, this provides opportunities for hackers to turn it into a ransomware machine.
Via The Hacker News. Microsoft’s Patch Tuesday was September 8, 2020. The patches and updates released fixed 129 flaws that have been discovered, including 23 critical patches, 105 important patches, and 1 moderate patch. Unlike previous Patch Tuesdays, none of the vulnerabilities were under active attack, and none of them were public knowledge.
Via BleepingComputer. Microsoft announced a new Azure feature that allows automatic VM guest patching. This will allow Azure-based virtual machines to opt in to a feature that will have all patches for Windows installed automatically upon release, and install only during “off-peak” hours. This has not been rolled out yet, but it’s coming.
Via Threat Post. A new Bluetooth bug, “Blurtooth,” allows an attacker to eavesdrop on Bluetooth (BT) conversations. This flaw was discovered pairing a Bluetooth 4.0 connection through BT 5.0 implementations. For a device to be vulnerable to this attack, it needs to support the older BR/EDR and BLE transports, while supporting Cross-Transport Key Derivation (CTKD).
Via ESET. A team of researchers from the Swiss Federal Institute of Technology in Zurich (ETH Zurich) has found a security vulnerability in Visa’s EMV contactless protocol that could allow attackers to perform PIN bypass attacks and commit credit card fraud. The researchers were able to successfully carry it out in actual stores, using Visa Credit, Visa Electron, and V Pay cards.
Via Dark Reading. The mass adoption of telehealth applications and services in the months since the COVID-19 outbreak began has introduced new cyber-risks within the healthcare industry. Since March and the pandemic, a 350% increase in Telehealth has been seen across the industry. As Telehealth becomes more widely adopted, telehealth devices will need to be protected by the healthcare organization.