Being Secure While Working Remotely

Being Secure While Working Remotely

[NOTE: Dr. Kirda shared similar thoughts as part of our Lastline Speaks video series.]

Like most of you, I’m stuck at home because of the COVID-19 virus. Two questions that I’ve been hearing a lot lately are: Is working remotely secure, and what kind of security problems might I face?

I think it’s safe to say that most home environments are less secure than a classic working environment where you have network monitoring systems, firewalls, and security policies in place.

Using a VPN to Connect to Your Company Network

This does not mean however that you cannot work securely from home. To be able to do so you need to make sure that you’re using a virtual private network (VPN) to connect to your work environment so that other computers and people cannot eavesdrop on your traffic. And make sure that your computer is completely patched so that there are no known vulnerabilities.  

VPNs are great for securing the remote connection to the work environment.  However, they might have some disadvantages too. In particular, using a VPN from a third-party often comes with a privacy risk as all traffic would be routed through that third-party. Hence, one important question is how trustworthy the VPN provider is.

Another important question is how security-aware and secure is the VPN provider? (For example, are they well-patched and well-configured?). Also, does the VPN have any exploitable vulnerabilities? These days, cybercriminals are often targeting the VPN services that people use. The idea here is that if I can compromise the VPN service, I would potentially get access to sensitive network traffic. In general, though, the benefits of using a VPN outweigh the potential risks. But like in all things digital, VPNs should also be taken with a grain of salt and should not be treated as a panacea for all cyber-threats.

It’s also important to follow the traditional computer security guideline such as not clicking on links that come through email, and if possible, not opening any attachments in emails from an unknown source as they might be malicious.

Is Using Zoom or Other Remote Conferencing Services Safe?

I’m also asked frequently about remote conferencing software such as Zoom: Is it secure and can we trust it? To start with, the basic answer is that if you’re using any software, there’s always a risk that it can be compromised if it has a vulnerability, and it might even be worse if that vulnerability is remotely exploitable.

We do know that Zoom is coming under more scrutiny now and is responding. It is also true that more Zoom vulnerabilities are being discovered. However, I’m not aware of any large-scale exploitation. In most cases, I think a remote exploitation of your Zoom session is not very likely.

Besides the potential vulnerabilities in Zoom, you also need to be aware of privacy risks such as “Zoom-bombing” where unwanted people can appear in your calls. There are some simple security measures you can take to deal with such threats. The first is enabling the Wait Room functionality so nobody can attend your call without being accepted by you. You also can set up a password for each Zoom meeting.

In Closing…

The bottom line is that it is possible to work security from home, but it requires a few basic precautions and constant diligence about following simple security measures and practices.

Engin Kirda

Engin Kirda

In addition to being co-founder and Chief Architect at Lastline, Dr. Engin Kirda is a Professor of Computer and Information Science at Northeastern University in Boston, and the director of the Northeastern Information Assurance Institute. Before Northeastern, Dr. Kirda held faculty positions at Institute Eurecom in the French Riviera and the Technical University of Vienna where he co-founded the Secure Systems Lab that is now distributed over five institutions in Europe and US. Engin has authored or co-authored more than 110 peer-reviewed scholarly publications and served on program committees of numerous well-known international conferences and workshops.
Engin Kirda