SANS ISC shares a similar warning as CISA that the home network is less protected than the corporate security fortress & could be compromised if proper security awareness does not follow the new work at home privileges

Working From Home & At Risk…From HackersAs a researcher investigating state-sponsored hacking I’ve been trying to think about what COVID-19 means for cybersecurity. My guesses begin at as I look around me, with the massive growth of work-from-home, and how it will will make life easier on hackers, and harder on defenders.

Last week, as workplaces emptied into the stubble-and-sweatpants of full-time-remote-work most desktops stayed at the office. Some employers sent staff home with fleets of laptops and phones. Most did not.  Predictably, the world’s business has slid into a world of personal devices, personal chat & calling apps, and un-administered, unpatched home wifi routers and networks. This is some remarkable, quick moving resiliency. It is also introducing serious new risks that could lead us to be re-victimized digitally.

The New Workplace Has More Doors, Fewer LocksIt has always been a challenge for administrators to make sure that sensitive work is conducted over work networks and on work devices. The new reality of COVID-19 is that employees need:

    • More remote access to networks and resources
    • To access new resources as colleagues take sick leave
    • To conduct business on personal devices, accounts and apps