GRCC Best Practices for Working Remotely
In these unprecedented times come unprecedented measures in Cybersecurity. With many working from home, our cybersecurity awareness levels outside the office must be heightened unlike ever before.
As the use of remote tools, home office equipment, and video conferencing solutions increase, attackers move their focus to these areas. It is important to be mindful of your new work environment, the potential risks, and how to mitigate those risks. Please use the tips below to help keep your personal and work-related data secure.
Secure Home Wi-Fi
The following are some ways you can secure your home network.
- Change the default (admin)istrator credentials for the admin account on your router
- Ensure your router has a strong password (the password you and your family use to connect to the home Wi-Fi)
- Check your admin account for updates on your router's firmware to ensure it has the latest patches.
Alexa, Google Home, Wi-Fi security cameras, and Baby Monitors
Be mindful of the devices in your new home office. We are advising that you do not hold private meetings in the same room as such devices. These are devices that connect to Wi-Fi or communicate over frequencies that can be eavesdropped. They are not managed by your IT department and can have vulnerabilities which make them susceptible to various attacks. It is good practice to disconnect these devices from Wi-Fi whenever they are not being used.
Video Conferencing Software
Zoom and Google Hangouts are two options GRCC Faculty/Staff/Students have been increasingly used for video conferencing.
Your IT Security Team is aware of the recent vulnerabilities that have been discovered and the media scrutinization of Zoom. We understand your concerns. We are constantly researching new vulnerabilities, evaluating risk, and mitigating such risks where possible. One such topic has been Zoom Bombing. This isn’t really a hack or vulnerability, but rather user error in how they are setting up their Zoom meetings. We are not all Zoom experts and we understand this may be a new environment for you.
Business related Zoom meetings should be private and the meeting settings should reflect this. Distance Learning and Instructional Technologies has made some changes to the default Zoom settings which should help add protection. A key way to keep your meeting secure is to keep attackers out. All invitees should either be registered or a password should be required to enter the meeting. The GRCC managed Zoom can be found at https://grcc.zoom.us/ and additional best practice information can be found at:
Remember that Google Hangouts can also be used for private video conferencing by keeping the invitees to only those in our organization or other users that also have a Google account. This is because you are inviting based on the Google verified user, rather than a public link that anyone can use to join the meeting.
Remain Cautious of Links
Just like you shouldn’t trust all the links sent to your email inbox or randomly found across the internet, the same is true for links posted in video conference rooms. Please implement the same protections regarding these links such as verifying the source, copying and pasting the link (rather than clicking on it), and hovering over the link for more details when possible. Please advise your students to also take these precautions.
Due to a current vulnerability in Zoom, if you click on an attacker’s link within the Zoom meeting, you will need to change your GRCC password as a precaution via the GRCC Password Reset page (grcc.edu/password). Please inform your students of this as well. Educational links should be posted through the Blackboard course in order to help users identify it as a link they can trust. Another way to help protect against malicious links is to have proper settings and use private meetings as mentioned above.
Attackers are taking full advantage of COVID-19 fears. Beware of emails appearing to be from legitimate health or financial organizations regarding information on Coronavirus/COVID-19.
These types of emails could look like the following:
For legitimate sources of information regarding COVID-19 updates, Google the following along with "COVID-19/Coronavirus":
- Center for Disease and Prevention (CDC)
- World Health Organization (WHO)
- Local Health Centers: Spectrum Health, Metro Health, Mercy Health, etc.
- Local Health Departments
- Internal Revenue Service (IRS) - regarding stimulus checks
Please reach out if these mitigations are not working for you.
If you have any other concerns regarding security, do not hesitate to reach out to the IT Security team regarding them via firstname.lastname@example.org.