Security Vulnerabilities Affecting Remote Workers

settings android tab

As a remote worker you wonder, do these computer hacks and vulnerabilities affect me?

When the news posts notices of security vulnerabilities, data breaches, and exploits it is difficult to know which matter most. The common advice given to the user is the same. You should enable automatic vendor software updates, check for new software releases, use multi-factor authentication, beware of attachments in email, and other commonly repeated counsel. This is all good advice.

What else do I need to know?

The questions to ask to evaluate risk depend on each individual situation. For example, Do I have an affected device? Is it easy to exploit? Is anyone trying to leverage the weakness? Is a fix available? How do I know if my system has the problem?

No one can answer these questions for you. If you work from home, are a digital nomad, or an independent remote worker without a corporate information technology department, you must do your own assessment. A corporation’s enterprise network infrastructure will have tools like intrusion detection, network scanning, and asset monitoring not available to a gig-working contractor or home-office user.

Posts here are ones I notice as relevant to the remote worker. Importantly, these have recent “exploits in the wild” meaning bad actors have shifted their focus on weakness which may have been known to exist for years. Additionally, there are links to resources which may be useful if you are your own technical support.

A self-reliant remote worker has the responsibility to maintain their own work environment. Your work depends on protecting your digital information. Exposing control and access of your products to unknown and unauthorized villains not only risks your deliverables but damages your reputation and exposes potential data loss from you and your clients and coworkers.

Common platforms from Microsoft, Apple, Android, etc., are both frequently exploited and fixed. The general advice applies. Allow or get the frequently published vendor updates and apply them.

Here are posts of recent active exploits relevant to a work-from-home or remote employee, and not typically mentioned in the news. Opinions, assessments, and views are my own, and not associated with any other organization.


Cybersecurity Posts

  • Security Vulnerabilities Affecting Remote Workers April 15th, 2022

    From April 11th, 2022, to the 15th, the week ended with twenty-eight new “exploits in the wild”, as reported by CISA, the Cybersecurity and Infrastructure Security Agency. Exploits ranged from weaknesses on current products in use to older unsupported and end-of-life devices. Here are ones I thought were particularly relevant to the remote working digital…

    Continue Reading

  • Self-Secure your Digital Information

    Wordfence, a security plugin for WordPress, released an interesting public service announcement. See PSA: Widespread Remote Working Scam Underway, which outlines a sophisticated way to steal personal and financial information, and your money, disguised as an offer for a remote-working job. Stealing your information need not be this elaborate. When you sell something online, and…

    Continue Reading


Useful Resources

Enterprise Cybersecurity Solutions, Services & Training | Proofpoint US
Proofpoint is a leading cybersecurity company that protects organizations’ greatest assets and biggest risks: their people.

Threat Intelligence Resources & Cyber Security Insights (mandiant.com)
Dynamic cyber defense solutions powered by industry-leading expertise

Resources | FireEye
Information and insight on today’s threats from the leader in advanced threat prevention

Overview | CVE
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

Known Exploited Vulnerabilities Catalog | CISA
CISA will update this catalog with additional exploited vulnerabilities as they become known, subject to an executive level CISA review and when they satisfy the following thresholds:

  • The vulnerability has an assigned Common Vulnerabilities and Exposures (CVE) ID.
  • There is reliable evidence that the vulnerability has been actively exploited in the wild.
  • There is a clear remediation action for the vulnerability, such as a vendor provided update.

Cybersecurity | Ready.gov
An official website of the U.S. Department of Homeland Security

Recorded Future
The Recorded Future Intelligence Platform delivers accurate and actionable intelligence at the right time and the right place, giving you the visibility you need to stay one step ahead of the adversary.

WordPress Security Plugin | Wordfence
A Comprehensive Security Solution For WordPress

Check Point Company Overview – Check Point Software
Provider of cyber security solutions to governments and corporate enterprises globally.

Enterprise Cybersecurity Solutions, Services & Training | Proofpoint US
Proofpoint is a leading cybersecurity company that protects organizations’ greatest assets and biggest risks: their people.

Leave a Reply