&

當前位置：資訊 >> 培訓通知 >> 瀏覽文章

遠程辦公的網絡安全資源Cybersecurity Resources for a Remote Workforce

來源：本站原創瀏覽量：發布日期：2020/10/10 14:13:26

It is no secret that CPAs have faced an increasing level of cyber-security threats, even under normal conditions. Audit Analytics reports in its June 2020 “Trends in Cybersecurity Breach Disclosures” that cyber breaches increased 400% between 2011 and 2019. The most common breaches include malware, and the theft of Social Security numbers, which are likely to be stored by CPA firms, have become an increasing target for data thieves. The IRS warned of tax and financial fraud scams related to the coronavirus (COVID-19) pandemic (IR-2020-15), and it cannot be stated any more succinctly than IRS Commissioner Chuck Rettig, “Criminals seize on every opportunity to exploit bad situations, and this pandemic is no exception”.

注冊會計師面臨的網絡安全威脅越來越高，這已不是什么秘密，即使在正常情況下也是如此。Audit Analytics在其2020年6月發布的“網絡安全漏洞趨勢披露”報告中指出，2011年至2019年間，網絡漏洞增加了400%。#常見的漏洞包括惡意軟件，而竊取可能由會計師事務所存儲的社保號碼已成為越來越多數據竊賊的目標。美國國稅局警告與冠狀病毒（COVID-19）大流行（IR-2020-15）有關的稅務和金融欺詐詐騙案。關于這一點，沒有比國稅局局長查克·雷蒂格（Chuck Rettig）更簡潔的表述了：“犯罪分子抓住每一個機會去利用惡劣的情況，這次大流行也不例外。”。

Compounding the already existing cybersecurity threats, the physical shift to working from home has the potential to put the protection of client data, software, and hardware under even greater stress. This month’s column focuses on free materials for CPAs, including resources that may be new to readers. The Center for Internet Security and CSO Online, are just a few of many resources to help secure the remote technology environment.

再加上已經存在的網絡安全威脅，從物理上轉移到在家工作有可能給客戶數據、軟件和硬件的保護帶來更大的壓力。本月的專欄關注注冊會計師的免費資料，包括讀者可能不熟悉的資源?；ヂ摼W安全中心（ Center for Internet Security ）和CSO在線（CSO Online）只是幫助保護遠程技術環境的眾多資源中的一小部分。

A must-see tool on the CIS website is the “Resource Guide for Cybersecurity During the COVID-19 Pandemic,” which is accessible as a webpage or downloadable four-page PDF (https://bit.ly/3jUAcmY). The guide is a fast read with hyperlinks to more detailed resources. The first page covers COID-19-related cyberattacks, addressing phishing and malspam, credential stuffing, ransomware, remote desktop protocol (RDP) targeting, and distributed denial of service (DDoS) attacks, with connections to a variety of tools, including one CIS newsletter article: “What You Need to Know About COVID-19 Scams.”

CIS網站上的一個必看工具是“COVID-19大流行期間的網絡安全資源指南（Resource Guide for Cybersecurity During the COVID-19 Pandemic）”，它可以作為網頁或可下載的四頁PDF格式訪問(https://bit.ly/3jUAcmY).這是可以快速閱讀的指南，其中有指向更詳細資源的超鏈接。頁介紹了與COID-19相關的網絡攻擊，解決網絡釣魚和惡意垃圾郵件、憑證填充、勒索軟件、遠程桌面協議（remote desktop protocol, RDP）定位和分布式拒絕服務（distributed denial of service, DDoS）攻擊，并連接到各種工具，包括一篇CIS時事通訊文章：“您需要了解有關COVID-19詐騙的信息(What You Need to Know About COVID-19 Scams)”。

On a related note, “Cleaning up ‘Dirty’ Wi-Fi for Secure Work-from-Home Access,” pulled from Cyber Defense Magazine (June 11, 2020), is an eye-opening discussion of the risks of home workplace access. Wi-Fi networks, which cannot be resolved by a virtual private network (VPN). VPNs have grown in popularity for providing a secure Internet connection, particularly in the work-from-home environment. VPNs cannot, however, address on their own the threats created by the “dirty” nature of many home Wi-Fi networks. Internet users may not realize the large number of connected devices in their home, each of which create an entry point for a cyberattack. The article references the CIS Wireless Access Controls, Control 15, which recommends the use of a separate wireless network for personal (or untrusted) devices versus home office equipment (https://bit.ly/3f7O4Hb).

另一篇相關文章[摘自《網絡防御》（Cyber Defense Magazine）雜志（2020年6月11日）]提到的“清理被污染的”Wi-Fi，讓人大開眼界地討論了家庭工作場所接入的風險。Wi-Fi網絡，無法通過虛擬專用網絡（VPN）解決。VPN由于其提供安全的互聯網連接而越來越受歡迎，特別是在家工作的環境中.然而，VPN無法獨自解決許多家庭Wi-Fi網絡的“污染”性質所造成的威脅。互聯網用戶可能沒有意識到家中有大量聯網設備，每一個設備都是網絡攻擊的切入點。本文引用了CIS無線訪問控制方法（CIS Wireless Access Controls）中的“控制方法15”，該方法建議對個人（或不受信任的）設備使用單獨的無線網絡，而不是家庭辦公設備。

Another CSO Online article, “8 Key Security Considerations for Protecting Remote Workers” (https://bit.ly/30aOE2D) presents links to examples of the types of products addressed in the recommended practices. The discussion begins with determining what protection should be required for employees’ home computers, with specific consideration of Windows and Macintosh products and a link to a five-minute video that identifies good questions to ask. In determining what software remote employees might need, be aware that, on the positive side, some licenses do allow installation on multiple devices; on the negative side, firewalls must be configured properly to prevent ransomware attacks.

CSO在線（CSO Online）的另一篇文章“保護遠程工作者的8個關鍵安全注意事項（ Key Security Considerations for Protecting Remote Workers）”列舉了推薦方法中提到的產品類型的鏈接(https://bit.ly/30aOE2D)。相關議題的討論中首先要確定員工的家用電腦需要什么樣的保護措施，具體考慮Windows和Macintosh產品，并提供一個5分鐘視頻鏈接，確定了值得提出的問題。在確定遠程員工可能需要哪些軟件時，請注意，從積極的一面來看，有些許可證確實允許在多個設備上安裝。消極的一面是，防火墻必須正確配置以防止勒索軟件攻擊。