As a remote worker you wonder, do these computer hacks and vulnerabilities affect me?
When the news posts notices of security vulnerabilities, data breaches, and exploits it is difficult to know which matter most. The common advice given to the user is the same. You should enable automatic vendor software updates, check for new software releases, use multi-factor authentication, beware of attachments in email, and other commonly repeated counsel. This is all good advice.
What else do I need to know?
The questions to ask to evaluate risk depend on each individual situation. For example, Do I have an affected device? Is it easy to exploit? Is anyone trying to leverage the weakness? Is a fix available? How do I know if my system has the problem?
No one can answer these questions for you. If you work from home, are a digital nomad, or an independent remote worker without a corporate information technology department, you must do your own assessment. A corporation’s enterprise network infrastructure will have tools like intrusion detection, network scanning, and asset monitoring not available to a gig-working contractor or home-office user.
Posts here are ones I notice as relevant to the remote worker. Importantly, these have recent “exploits in the wild” meaning bad actors have shifted their focus on weakness which may have been known to exist for years. Additionally, there are links to resources which may be useful if you are your own technical support.
A self-reliant remote worker has the responsibility to maintain their own work environment. Your work depends on protecting your digital information. Exposing control and access of your products to unknown and unauthorized villains not only risks your deliverables but damages your reputation and exposes potential data loss from you and your clients and coworkers.
Common platforms from Microsoft, Apple, Android, etc., are both frequently exploited and fixed. The general advice applies. Allow or get the frequently published vendor updates and apply them.
Here are posts of recent active exploits relevant to a work-from-home or remote employee, and not typically mentioned in the news. Opinions, assessments, and views are my own, and not associated with any other organization.
Cybersecurity Posts
-
Using ChatGPT to Analyze Cybersecurity Vulnerabilities
Because you are hoping ChatGPT can help with #Cybersecurity vulnerability analysis, I got curious. How can #ChatGPT be used in Cybersecurity events? I added the following custom instruction in my ChatGPT sessions: Then I started a new chat, enabled the WebPilot plugin, and tested the custom instruction with a random CVE published today using the…
-
Secure Your Remote Work Setup: Keep the Cyber Criminals at Bay
While remote work is now more common, the convenience of staying connected with colleagues and clients from the comfort of your home has a set of security risks. It is essential to secure your remote work setup, protect your data, and keep the cyber criminals at bay. Remote Work Security The flexibility of remote work…
-
Ten cybersecurity tips relevant to a remote worker
As an experiment, this list was generated by OpenAI.com’s ChatGPT.
-
Safe Shopping and Mindful Cybersecurity
The annual holiday shopping season is upon us, again. Some of us find we are in a rush to find a perfect, or perhaps obligatory, gift for family, friends, or acquaintances. With these times also comes the regular reminder to be protective of your personal and financial information. Experience is a wonderful teacher. Here is…
-
Rapid7 InsightVM API and Searching on Assets or Vulnerabilities
Recently, I spent far too much time looking for what should have been obvious. Over the years I have filled the roll of a specialized-generalist, a jack-of-all-trades-master-of-none developer and technical architect. In simple terms, I connect information from different systems and processes to solve or measure business issues, then move on. I especially rely on…
Useful Resources
Enterprise Cybersecurity Solutions, Services & Training | Proofpoint US
Proofpoint is a leading cybersecurity company that protects organizations’ greatest assets and biggest risks: their people.
Threat Intelligence Resources & Cyber Security Insights (mandiant.com)
Dynamic cyber defense solutions powered by industry-leading expertise
Resources | FireEye
Information and insight on today’s threats from the leader in advanced threat prevention
Overview | CVE
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
Known Exploited Vulnerabilities Catalog | CISA
CISA will update this catalog with additional exploited vulnerabilities as they become known, subject to an executive level CISA review and when they satisfy the following thresholds:
- The vulnerability has an assigned Common Vulnerabilities and Exposures (CVE) ID.
- There is reliable evidence that the vulnerability has been actively exploited in the wild.
- There is a clear remediation action for the vulnerability, such as a vendor provided update.
Cybersecurity | Ready.gov
An official website of the U.S. Department of Homeland Security
Recorded Future
The Recorded Future Intelligence Platform delivers accurate and actionable intelligence at the right time and the right place, giving you the visibility you need to stay one step ahead of the adversary.
WordPress Security Plugin | Wordfence
A Comprehensive Security Solution For WordPress
Check Point Company Overview – Check Point Software
Provider of cyber security solutions to governments and corporate enterprises globally.
Enterprise Cybersecurity Solutions, Services & Training | Proofpoint US
Proofpoint is a leading cybersecurity company that protects organizations’ greatest assets and biggest risks: their people.