Pandemic Legacy: Working Securely at home

Eden Digital Guides and Guidance:
[ Accessibility ] [ Assessment ] [ Learning Technology Good Practice ] [ Lecture Recording ] [ Moodle for Learning ] [ Moodle Baseline ] [Moodle How-tos] [ Multimedia ] [ Student Online Learning ] [ Zoom ]

1. Phishing / Smishing

We are in unprecedented times and seeing a significant uptick in rather unpleasant phishing attacks.  Whilst this is nothing new, the impact with people working remotely is greater.  It is much harder for us to clean and clear machines that get infected as part of phishing attacks.   Therefore, everyone should be super vigilant and sceptical about any links that are sent either by email or by text message.  Mitigations:

  1. Get onto MFA if you haven’t already (search for “LSE MFA” to find the web page) and strongly recommend to your staff that they do the same.  We will be making a lot more use of Office 365 remotely and using this protection makes it nigh on impossible for credentials to be leaked.  MFA requires a mobile phone and some people might be reluctant to use their own.  The app we use, however, is a standard one and can be used for other types of authentication, not just LSE.

  2. Get to know the phishing warning signs:

    1. Email addresses that might not match the displayed name

    2. Poor spelling and grammar

    3. Fear, intrigue or excitement as drivers – “click this link or this kitten dies"

    4. Lack of information or context in the email – sometimes just a “click here” link, or a generic invoice attachment without any information.

If you’re in any doubt about whether an email is genuine or not, send it to phishing@lse.ac.uk and we’ll take a look.

2. Sharing a home computer for work

Many of us will be sharing a computer or facilities at home and as such particular care should be taken on storing files on the hard disk of personal machines. You’ve got to make sure that your work data is only accessible to you. Mitigations:

  1. Set up password control on the shared device with different accounts for each of the family.  This is just good practice anyway and will mitigate accidental disclosure or deletions.

  2. Ideally don’t store any data on the hard drive but instead use your OneDrive account.  Everyone in LSE has a 1tb of encrypted secure storage just for them.  The school does not recommend any other shared or cloud storage other than that provided.

  3. You can easily encrypt office documents by adding a password to them.  If you want to create encrypted volumes on your home computer, you can use free tool VeraCrypt to do this

3. Home machine – keep your Antivirus and Malware up to date

You do have Anti-virus don’t you? 

Windows Defender, which comes free with Windows 10, is good enough.

MalwareBytes works well for both Mac and Windows.

You can download Sophos for free from us – search for “LSE IT Freebies”.  But having it is not enough: make sure it is automatically updating and running regular scans.

...And remember to keep patching! Installing the regular security updates that are released for both your operating system and the software you use is one of the main ways you help keep your machine safe.

4. Final messages

If you are using the standard LSE provided equipment and services then we have a degree of protection for both your ability to carry on working and securing the data you hold.

If you are compromised, fixing individual machines will be very difficult and take a long time.  We will need have machines couriered across to you and that will take time.

We do have far better monitoring in place (Splunk) so we are able to spot compromised accounts often before the individual notices.  We will be in touch in those cases and we do know it is often a very sensitive and upsetting issue.

 

This guide is provided by LSE Eden Digital and licensed under a Creative Commons Attribution-ShareAlike 4.0 International License