Most of the Fermilab community is settling into a new telecommuting routine and adjusting to different ways of accomplishing our work. Working remotely brings a separate set of cybersecurity concerns, as being away from the on-site lab network creates a different computing environment than you may normally use. As such, the Cybersecurity Team has compiled a list of reminders and instructions to help you stay safe online during this time.
General cybersecurity tips for telecommuting
- Remember that when you are telecommuting, your computer is not connected to the physical Fermilab network. This means that you do not have the extra protections that are in place on site, such as the web proxy, firewall, intrusion detection system and so forth. As such, the workstation you are using for lab work may be susceptible to the same threats as the other devices in your remote environment. To ensure you have a more secure network connection, be sure all networking equipment has up-to-date firmware and patches, use a wired Ethernet connection if possible, and look for ways to further lock down your router by using the management page, accessed by entering the router’s IP address into a browser window. For more information on how to do this, please reference our article on the subject.
- Address cybersecurity incidents in the same way as if you were on site. The Cybersecurity Team is still maintaining 24/7 incident response and available to assist you with any concerns you may have. We are available at cybersecurity@fnal.gov for general questions and phishing reports, and we highly encourage you to continue to report any suspicious emails you may receive during this time. For cybersecurity incidents requiring immediate assistance, please contact the Service Desk at 630-840-2345. They will page the incident response rotation to further investigate the issue.
- Updates and patches are needed for all computers to address important cybersecurity vulnerabilities. Without these patches, a workstation, phone or tablet can potentially be an attack vector to harvest information, perform denial of service attacks, or compromise further devices on your home or Fermilab network. While personal devices may receive these from the manufacturer directly, Fermilab-owned computers receive these patches via the lab network. As such, we recommend that you connect to the lab network via VPN for a least six consecutive hours at least once per month to ensure your machine downloads and installs these patches, as well as maintain compliance with the proper baseline.
- Consider the safety of the lab network when using VPN services. If your computer has picked up a virus on your remote network before you VPN into the lab, that virus could then potentially infiltrate the lab network and cause damage. A simple way to protect against this is to have antivirus software installed on your machine and ensuring that it has the latest patches and updates. If your computer has been infected in anyway, please do not connect to the VPN until the issues have been resolved.
- If you have a Fermilab-owned machine, try to be its sole operator. It can certainly be a hectic time for everyone with families all together. However, it is best practice to keep your lab-issued equipment separate from other devices in the house and away from other family members to ensure that your computer is not being used for non-Fermilab activities. If others are using the computer, they may be using it for activities other than your lab work, which could open it up to more opportunities for compromise. Also, your Fermilab accounts are accessible from your workstation, so anyone using the computer can view your information. As such, it is important to keep in mind that you are ultimately responsible for anything that happens in your Fermilab accounts, even if that’s a family member that inadvertently got into one of your accounts.
- If you need technical assistance of any kind, please contact the Service Desk at 630-840-2345.
As always, if you have any questions or concerns regarding these topics or anything else, please do not hesitate to contact the Cybersecurity Team at cybersecurity@fnal.gov, and we hope you continue to stay safe and well during this time.
Jessie Pudelek is a computer security analyst at Fermilab.