[SOLVED] Need advice to step up my cyber security due to working remotely - Colleagues have recently been hit with malware and session hijacking

euphoria4949

Distinguished
Aug 26, 2012
572
1
19,065
[Moderator edit to mark as Solved.]

Hi everyone, I really need some advice as one area I have always been incredibly remiss and probably even a little lazy with is cyber security. So please feel free to explain like I'm 5yo.


I've been working remotely for a couple of years on my normal home Win10/11 desktop, I've tried to be as careful as I can but recently my colleagues and I have been targeted with a lot of phishing emails and calls, scams through compromised emails from legitimate clients, and most recently malware disguised in we think it was PDFs or maybe videos.

Part of my job is frequently being sent PDFs, pictures, video... and having to download from people's Gdrives or Dropboxes, but these are all random customers from all over the world.
Even if a customer wasn't intentionally sending me something nasty, I know you can have an infected system without knowing it and send files to other people unknowingly infecting their systems.

So I'm working out what my best options are and I have a few questions I'm hoping some kind people can help me understand.
  1. If I bought a second computer dedicated to work, it would be connected via Wi-Fi or ethernet to my main WAN connection and same router.
    If the work computer was on the same connection connected to the same router but was Not on a home network connected to any other computer or phone, if the work computer got infected with something nasty could it spread to other devices because they are on the same internet connection and router, or is it safe because they are not on the same network and don't have a physical file sharing capability?

  2. Another option I thought of is to continue using my main desktop but running a Virtual Machine every day when I'm working.
    If I understand correctly this isn't a completely 100% secure method but it would be mostly good at protecting my physical OS and files, however, I don't know how a VM works, do I have to install all the apps I need to use each time or do I have to configure each app every time?

  3. I use a password manager for my personal accounts, and I naturally just started using that for my work logins as well. Is there any benefit to using a different password manager for anything to do with work or does it not really matter?
    On my main account, I do already use a huge complex password that I change regularly, and also 2FA every time I open a browser.

  4. Is there anything else I could be using other than Windows Defender and Malwarebytes?
I would really appreciate any help or advice, thank you
 
Last edited by a moderator:
Solution
If the work computer was on the same connection connected to the same router but was Not on a home network connected to any other computer or phone, if the work computer got infected with something nasty could it spread to other devices because they are on the same internet connection and router, or is it safe because they are not on the same network and don't have a physical file sharing capability?
If it were true that malware could jump between computers simply because it was on the same internet connection, we'd have a major problem. Because it's not just you who's on that connection, but a good number of your neighbors in the area.

So having physically separate local networks is safe. Though it doesn't need to be...
If the work computer was on the same connection connected to the same router but was Not on a home network connected to any other computer or phone, if the work computer got infected with something nasty could it spread to other devices because they are on the same internet connection and router, or is it safe because they are not on the same network and don't have a physical file sharing capability?
If it were true that malware could jump between computers simply because it was on the same internet connection, we'd have a major problem. Because it's not just you who's on that connection, but a good number of your neighbors in the area.

So having physically separate local networks is safe. Though it doesn't need to be physically separated, as there are routers that can create VLANs that, for all intents and purposes, make separate networks so computers can't see each other if they're not on the same VLAN.

If I understand correctly this isn't a completely 100% secure method but it would be mostly good at protecting my physical OS and files, however, I don't know how a VM works, do I have to install all the apps I need to use each time or do I have to configure each app every time?
A VM creates basically another machine, just within your computer. Whatever you do with it will be the same as if you're doing it on an actual machine. However, you should keep a clean copy of the file that's used as the VM's storage drive, so if you do run into a problem, you can just replace the file the VM was using for the clean one.

Keep in mind a VM does not protect you against web browser based attacks, such as session hijacking.

I use a password manager for my personal accounts, and I naturally just started using that for my work logins as well. Is there any benefit to using a different password manager for anything to do with work or does it not really matter?
You might want to consider using separate accounts, but it doesn't matter if you use the same manager or a different one.

Is there anything else I could be using other than Windows Defender and Malwarebytes?
Have a backup plan that satisfies the 3-2-1 rule: 3 copies of the data, 2 physically separate storage devices used, 1 copy off-site.
 
Solution
  1. Thank you, I thought it did require being on the same network as just being on the same connection didn't make sense. But while reading and researching I came across a few posts mentioning that malware can jump to the router itself and infect everything... Which then started to make me doubt what I thought I knew.

  2. That makes a lot of sense, thank you.

  3. Yes, I just found out some extra information and I'm now going to start using completely separate accounts. Maybe even a separate company/vault just to be extra safe as I've heard of recent compromises in 2FA companies.

  4. Thank you this is one bit of advice I do know, and I have tried to make multiple backups of anything important.
    I've also just found out about TotalVirus which seems like a really helpful project, and I think I'm going to try to persuade the owner for some proper real-time protection. Although asking the boss to spend money usually results in screaming of "WHY DO YOU HATE ME!" lol
Thank you for taking the time to help, I greatly appreciate it.
I'm kind of embarrassed at how many decades I've been a computer nerd but never really got more than the absolute basics for security, I think I've survived on pure luck alone. *sweating intensifies
 
  1. Thank you, I thought it did require being on the same network as just being on the same connection didn't make sense. But while reading and researching I came across a few posts mentioning that malware can jump to the router itself and infect everything... Which then started to make me doubt what I thought I knew.
The only way malware can do this now is if you have a device connected to the network that has some sort of remote access port open and weak security guarding it. For instance, if you don't change the default password on a router, then an attacker who's on the network can log into it and start doing things from there. But otherwise, malware can't do anything if the computer doesn't run it. So even if an infected router sends infected files to my computer, the worst that it'll do is fill up my drive space, assuming it doesn't have access to overwrite stuff.

In any case, most OSes are typically configured by default to ignore anything it itself didn't originally request.