Prepare and Protect: Cyber Security Best Practices When Working From Home
Even before the onset of the COVID-19 pandemic and its accompanying disruptions, we were in the midst of a workforce revolution, as technology has enabled flexible and remote working on an unprecedented scale. According to research done by FlexJobs and Global Workplace Analytics, the number of people working remotely in the United States has risen 44% over the last five years, this will be significantly higher when 2020 is analyzed.
While many studies indicate that flexible work options can increase employee happiness and productivity, there are possible drawbacks and dangers as well, such as a loss of cohesiveness, interconnectivity, and efficiency. One of the biggest concerns however should be data security. The exposure of sensitive business and/or personal information can have devastating, far-reaching effects.
The still ongoing worldwide health crisis that forced many employees to work from home and organizations to develop remote working strategies for the very first time is still a powerful force. As a result, there is bound to be confusion and irregularity that results in insecure behaviors.
With that in mind, we thought it would be helpful to share some advice on how to minimize cyber risk while working from home.
This is by no means an exhaustive list meant to cover every possible scenario, just some basic tips and best practices that may help to protect you, your colleagues, and your loved ones during this unusual time.
- Secure your devices.
- Use a VPN.
- Secure your wi-fi network.
- Limit off-network communications.
- Be hyper-vigilant.
Secure your devices
This may seem obvious, but device security is of paramount importance, and many people are entirely too indifferent towards things like software updates, or making sure firewalls are turned on. Cybercriminals prey on this sort of laziness and neglect.
If you haven’t already, encrypt your devices. Run regular anti-virus checks. Be wary of third-party app stores, and never install or download anything from unknown sources. Review permissions for installed apps, and think carefully about apps that request access to sensitive data.
Use a VPN
Many, if not most organizations have a company VPN that employees are instructed to use when working remotely, and this is with good reason— a VPN, or virtual private network, is like a tunnel from your device to the cloud, to physical servers, and to all websites that you access. All information sent while using a VPN is encrypted, and internet traffic is scrambled and redirected to be hidden from outsiders.
However, simply having a VPN on your company device, or for business purposes, is not enough. If you do not have or use a VPN on your personal device(s), you should remedy that immediately, especially if you ever use public Wi-Fi hotspots or a shared Wi-Fi connection. Without a VPN, all the data leaving and returning to your computer is vulnerable, including passwords and personal information.
Secure your Wi-Fi network
Many people go into “set it and forget it” mode with their home Wi-Fi, utilizing the same password for months or years and sometimes not even changing the default network name. This creates vulnerability. It is important to change your network’s name— setting your SSID to “hidden” can help, too— and to have a complex password or passphrase that is updated periodically.
Also, you may want to consider providing a separate network for guests and reducing the range of your wireless signal. And you’ll want to make sure your encryption is up to date— if you have an older device you might be using the WEP (Wired Equivalent Privacy) standard of protection, and if so, your data is insecure. For privacy, it is essential to use WPA (Wi-Fi Protected Access) protection, preferably WPA2 (you can check your wireless security settings on your router’s configuration page).
Limit off-network communications
Having an entire office working remotely is a new reality for many organizations, and it is imperative that company email and messaging systems remain encrypted and secure. Also, companies should be reviewing agreements with vendors of Remote Access Technology, ensuring that these systems will not be overwhelmed by what is sure to be a tremendous increase in traffic, and that proper security protocols are in place.
In all likelihood, there will be some issues with remote connection and communication during the pandemic period, and you might be tempted to conduct business on your personal device, outside of the company network and enterprise security systems. Do not do this. You run the risk of unknowingly exposing sensitive information or storing data in an insecure manner. Whenever possible, it is best to limit all off-network communications in business matters.
These are historic times, some change and disruption is inevitable. Cybercriminals are capitalizing on the ongoing disruption by preying on fears and insecurities— several global watchdogs have warned of COVID-19-related phishing schemes that are now commonplace, and with most companies forced to change the way they communicate, employees may be more likely to open fraudulent emails and download malicious attachments.
It is therefore important to be hyper-vigilant when it comes to email accounts, downloading and storing information, and using Remote Desktop Protocols (RDPs). Be extra careful about giving out any personal data, and before sharing any work-related information electronically, be sure that it’s encrypted and that it’s being shared with legitimate parties.
And lastly, be sure to familiarize yourself with your organization’s incident response guidelines. Should you have a question, require assistance, or need to report an incident, contact your IT or security team immediately.