Jay Gomez shares how employees can protect themselves from cyber threats in the face of an extended work-from-home assignment. Formerly information security head and data protection officer at ABS-CBN, he is now based in Hong Kong as senior vice president for cyber risk at Kroll Associates (Asia) Limited.
What are some of the common threats that WFH employees are susceptible to, especially those who use personal computers?
During normal times, we are protected by corporate infrastructure like firewalls, web filtering and other measures. However, when we went into work-from-home mode last year, corporate users started using their own devices and internet connection at home. The WiFi access points of the home network are usually not secure, meaning they don’t use encryption. That’s one issue.
Second, most personal devices don’t have an antivirus, they’re not even patched. There are cases where the employee uses pirated software, which is a source of malware. Sometimes, we let family members use our work-issued laptops and they see sensitive or confidential information such as personal or company data.
From a security standpoint, we don’t see what’s going on with the employee’s laptop. You may have data loss protection software but if the employee doesn’t connect to your corporate network, there’s no way to keep track of whatever is going on.
Antivirus software can only protect you to a certain extent. If the virus or malware is a “zero-day,” meaning the antivirus does not have its signature, then there’s no way to protect your computer unless you have what we call an endpoint detection and response or EDR tool.
Actually, there are many threats: your home network, your software if you’re using pirated ones, sharing your computer with other users. Updating of software is also a problem. Let’s say you’re using software applications (for example, Oracle or SAP) or a client-server application that needs updating from time to time or even the operating system itself, if you’re not connected to your office network, then it’s likely you’re not getting the right updates.
Should we use a VPN if we work from home?
I highly recommend that you do so. If Lopez Holdings, for example, has a VPN for corporate use, use that. You can also subscribe to a VPN for your own personal device. Personally, I use a commercial VPN (Private Internet Access) for my laptop and phones.
What’s a 2FA? Do we really need it?
Social media, web-based email and any other application that you subscribe to would normally ask you to provide a username and a password. But most of them would allow you to enable a feature called two-factor authentication (2FA) or multifactor authentication (MFA). 2FA’s principle, to put it simply, is using what you have and what you know. Like with your ATM account, you have the card and you know the PIN code; if you don’t have any of those, then you cannot withdraw your money. It’s the same with the username and password. Even if hackers happen to guess your password, but if they don’t have the 2FA which could either be a PIN, Microsoft Authenticator, Google Authenticator or your biometrics, then they’ll still be unable to log into your account. I recommend that you download authenticator software or put 2FA on your phone. Or you can buy and use YubiKey tokens or subscribe to a password manager that has 2FA or MFA features.
Your password must be a “passphrase” with uppercase and lowercase letters, special characters and must be at least 15 to 16 characters. A password is easy to break, especially if it’s a word that can be found in the dictionary; sometimes it’ll take a hacker only several seconds to break it.
What initial steps can we take to protect ourselves from cybersecurity threats?
Prevention is the first step. No. 1, use a complex passphrase, use 2FA or MFA. Second, don’t use the same password or passphrase for all your accounts. There’s something called “credential stuffing,” where hackers have a database of usernames and passwords that they use for all applications on the chance that you have the same password for your banking account and email account; once they guess the password for one account, they can actually log into the rest of your accounts.
Don’t connect to your neighbor’s WiFi. Use data when you’re at the airport and not the airport’s free WiFi. Install legit software. Install antivirus in your personal computer and phone.
As much as possible, don’t use personal computers for work. However, there’s something called MDM or mobile device management solution, where the company can monitor work-related files without looking at the rest of your computer. They can even do a remote deletion of workrelated files from the device when necessary.
What are some telltale signs of a breach?
If your personal device is acting funky—sometimes it’s very slow, or when you start the browser it opens a lot of other windows or browsers. When you get a lot of emails that you don’t normally receive, or when you can’t access your account; that’s a telltale sign that hackers were able to log in and change your credentials. A good indicator also is when you receive 2FA/ MFA requests on your phone or on Microsoft Authenticator or Google Authenticator applications but you’re not logging into any of your applications. That means someone is trying to log into your account using your password but they don’t have the 2FA/MFA, so the transaction cannot be consummated. When this happens, change your password/passphrase immediately.
Published on Thursday, 20 August 2020 | Hits:614
Kapamilya love reached more Filipinos as ABS-CBN Foundation Inc.’s (AFI) “Pantawid ng Pag-ibig: Isang Daan, Isang Pamilya” campaign distributed food packs and ligtas bags outside Metro Manila for those greatly
Published on Thursday, 18 June 2020 | Hits:608
Local government units (LGUs) found it challenging to quickly provide relief to families affected by the quarantine. That is why several mayors in Metro Manila and nearby provinces have expressed
Published on Thursday, 18 June 2020 | Hits:577
As Filipino families continue to struggle with the loss of jobs, ABS-CBN Foundation Inc. (AFI) moves to the second phase of the “Pantawid ng Pagibig” campaign with the aim of
Published on Tuesday, 19 May 2020 | Hits:659
The “Pantawid ng Pag-ibig” campaign of ABS-CBN and ABS-CBN Foundation Inc. (AFI) has raised P350 million in cash donations and pledges for the benefit of over 600,000 families in Metro
Published on Thursday, 06 February 2020 | Hits:600
NO evacuee will be left behind. This is the promise of ABSCBN as it launches the “Tulong-Tulong sa Taal” campaign, which aims to unite the nation in helping Filipinos affected
Published on Friday, 23 June 2017 | Hits:4256
ABS-CBN Foundation Europe CIO joins public and private support for the victims of the massive fire that hit the 24-storey residential London Grenfell Tower in West London on June 14
Published on Friday, 17 February 2017 | Hits:4528
A state of calamity has been declared by the Mayor of Surigao City. Relief and rescue operations are underway for the barangays that have been affected.
Published on Tuesday, 19 May 2020 | Hits:1274
The Rural Workers Association of San Rafael (RWASR) based in Bulusan, Sorsogon, which runs Nasipit Eco-Agri Farm, has a simple message for their fellow Filipinos: “There is no problem we
Published on Thursday, 16 April 2020 | Hits:1182
ABS-CBN helps arm Filipinos with relevant information to stop the spread of disease through its “Ligtas Pilipinas sa COVID-19” campaign on radio, TV and online.
Published on Thursday, 16 April 2020 | Hits:1329
HELP came through for health workers in East Avenue Medical Center after ABS-CBN delivered masks and other protective gear and snacks to show support and Kapamilya love to those leading
Published on Monday, 09 March 2020 | Hits:973
“Maraming, maraming salamat po sa award na ipinagkaloob ninyo sa amin. Alay namin ito sa kapatid kong si Gina Lopez,” said “G Diaries” host and Bantay Bata 163 executive director
Published on Monday, 09 March 2020 | Hits:1041
She could hardly contain her joy and excitement when she saw her son walking towards her. She welcomed him with tight hugs and happy tears as a loving mother would
Published on Monday, 09 March 2020 | Hits:798
ABS-CBN Lingkod Kapamilya Foundation Inc. (ALKFI) renamed its building Gina Lopez Building in honor of its late chairperson and founder of ALKFI programs Bantay Bata 163 and Bantay Kalikasan.
Published on Thursday, 06 February 2020 | Hits:1013
ACCORDING to UNICEF, 95 children in the Philippines die every day because of malnutrition. This is one of the reasons Alaska Milk Corporation supports the advocacy of ABS-CBN Lingkod Kapamilya
Published on Monday, 16 December 2019 | Hits:1521
IN 2015, Unicef and the Council for the Welfare of Children conducted the National Baseline Study on Violence Against Children in the Philippines, which indicated that eight out of 10
Published on Friday, 05 January 2018 | Hits:1524
For the Love of Children For the Love of Children These children live everyday making ends meet without losing hope that a better future awaits them. Together, let’s keep their hopes alive
Published on Wednesday, 20 December 2017 | Hits:1820
New World Hotels and Resorts gears up for another exciting edition of Run & Raise in 2018. Now on its fourth year, Run & Raise 4 will be held at