The pandemic has forced many office employees to work remotely. The whole world switched to online environments, whether prepared or not. Working from home allowed businesses and companies to continue operating despite the worldwide lockdown. This setup has also offered a lot of opportunities for both employees and employers to explore. But just like other workplace setups, working from home has its own risks and downsides.
A dip in productivity is one of the common challenges of working from home, but most people don’t realize the real danger, i.e., data protection.
Cybersecurity risks when working remotely
Protecting your work and client data in the work-from-home setup is a huge challenge. When in office, the company sets up a strict cybersecurity program to protect networks and devices. When employees work from home, the IT guys don’t usually come around to your house to set your network and computer up in line with corporate standards.
Hence, you’re a vulnerable target. Data leak is the least of your problems. The internet is crawling with hackers looking for potential victims to target. In fact, when the pandemic began, the FBI reported a 300% increase in reported cybercrimes. According to IBM, remote work has also driven an increase in the average cost of a data breach by $137,000.
Malwarebytes also reported that remote workers had caused a security breach in one out of five organizations. This further substantiates the cybersecurity risks that work from home holds.
Security tips for remote workers
Remote working means dealing with different more security risks than working in an office, especially in terms of data protection. For instance, you might be using equipment you don’t usually use for work, like your personal laptop or computer. Likely, your own computer does not have security measures as secure as that in your office.
Here are some tips to help you protect the work data you handle and store while working from home.
Tip 1: Keep your home office secure.
Physical security is a highly neglected aspect in a remote setup because you usually trust the people around you. You feel relaxed because you’re with family and friends. But, keep in mind the physical safety of your device regardless of where you’re working. The same way that you secure your office by locking it up when you leave for the day, you should have the same level of security when working in your home office. Lock the door whenever you step out because you don’t know when someone else can use your laptop when it’s kept idle.
Laptops and other devices can be stolen right from your backyard, living room, or home office. Keep your devices secure when you take a break. Bring them inside and keep your home office locked when you’re not around.
Tip 2: Keep your home router secure.
Besides securing your physical environment, you also need to make sure that your digital environment is safe. This means securing your home network and ensuring that cybercriminals don’t find vulnerabilities that they can exploit. Default passwords or weak passwords on home routers leave your home network a target for these attackers. Therefore, changing your router’s password from the default to something unique is a simple step you can practice to protect your home network from malicious hackers who want access to your devices.
This is a great start, but there are some additional actions that you can go ahead with. For instance, installing firmware updates as soon as they become available ensures that all known vulnerabilities cannot be exploited.
Tip 3: Encrypt your devices.
If your employer hasn’t already turned on encryption for you, you should turn it on as it plays an integral part in reducing the security risk of lost or stolen devices. This also keeps the contents of your device that are accessible without password, PIN, or biometrics, safe from unauthorized access.
For reference, encryption is the process of encoding information that allows authorized parties to access your device. Although this does not stop the risk of interference and man-in-the-middle attacks, encryption does deny comprehensible content to the interceptor.
How you turn on encryption will depend on your device:
- Windows – Turn on BitLocker.
- macOS – Turn on FileVault.
- Linux – Use dm-crypt or similar.
- Android – Enabled by default since Android 6.
- iOS – Enabled by default since iOS 8.
Tip 4: Keep your work and personal devices separate.
It might be easier said than done, but it’s essential to carve out boundaries between your work and home life, especially while working from home.
Though it may seem troublesome to constantly switch between devices your online activities, it is best to keep your work and home devices separate. You never know how unsafe the internet can be. Do the same for your mobile devices to help reduce the amount of sensitive information exposed if any of your devices gets compromised.
Tip 5: Use supported operating systems only.
New vulnerabilities and exploits come to surface daily, and they can often impact old versions of operating systems that their developers no longer support. In general, operating system developers only keep the last few major versions, as supporting all versions is costly, and the majority of users do the right thing and upgrade.
Unsupported software no longer get security patches. In turn, vulnerabilities put your device and personal data at risk. In short, always use a supported operating system, and if your device allows it, go for the latest version.
One of the most effective practices is to keep your operating system updated. Even if you are using a supported operating system, there can be significant delays between disclosing a vulnerability and its mitigation. Even if the vulnerability is open for only a few days, they can be exploited by any threat actors, just like WannaCry’s EternalBlue exploit.
To reduce this risk, apply security patches on all your devices as soon as they become available, ideally through automatic updates. Most modern devices will automatically use updates by default, but you may need to allow your computer to restart to complete the patching process.
Tip 6: Keep your software updated.
Operating systems aren’t the only thing that can be exploited, in today’s digital age, web browsers have become a common target. As mentioned earlier, it is important to keep any installed applications updated.
Most modern software are configured to check and download security patches automatically. For everything else, make sure to regularly check for the latest versions. It is also recommended to use a secure SaaS app over an installable software, since it doesn’t get outdated and the security is in the provider’s hands instead of the user.
Tip 7: Enable automatic locking.
If you walk away from your device at your home office, co-working space, or a coffee shop, you should lock it. As a common human mistake, there are times when we forget to lock our devices. As a result, the risk of data loss surges. To mitigate such risks, automatic locking helps to protect our unattended devices.
Make sure to setup an automatic locking schedule that is not too long or not too short. Ideally, 30 seconds for mobile devices and 5 minutes for laptops should be good locking periods. Automatic locking is generally enabled by default on most modern devices, so you just need to tweak some settings.
Tip 8: Use a strong PIN/password on your device.
All of these don’t matter if you don’t have a strong password. Make sure to avoid anything easy to try, such as repeating numbers (e.g. 000000), sequences (e.g. 123456), or common passwords. Remember also not to use any information that is related to you, such as your date of birth, address, license plate, etc. A strong password should look random to other people.
Tip 9: Use an antivirus.
Antivirus protects your computer from known and unknown malicious software, including viruses, ransomware, spyware, trojans, rootkits, and others. An antivirus detects or recognizes the virus, and then works on removing it from the computer system. Antivirus not only eliminates malware but also prevents any future infection.
Tip 10: Invest in a password manager.
If your organization doesn’t use a password manager, it is a good idea to start investing in one. They help you create strong passwords and remember them. They also make it easy to use a unique password for each website you use. This is a big deal because if you reuse the same password that’s exposed in a data breach, your other accounts will remain safe. Most password managers allow users to securely keep notes, credit card information, and other types of sensitive data.
Tip 11: Enable two-factor authentication and use an Authenticator app.
Two-factor authentication is a security feature where access is given only after successfully going through two authentication mechanisms.
Two-factor authentication, or 2FA, can greatly reduce the risk of becoming a victim of phishing emails and malware attacks. After all, even if the attacker is able to get your password, they are unable to log in because they do not have the second piece of evidence. To successfully login, they would need access to whatever is generating your one-time code, which should be an authenticator app or security key.
The first requirement is a password. The second requirement can take many forms, but it is usually a one-time code or a push notification. It’s important to know that however convenient a text message is, it is not a good choice for the second factor. In fact, security experts disapprove of its use because hackers know how to trick telecom companies into accessing the new sim card via social engineering. The best practice is to use an authenticator app, such as Duo, Google Authenticator, and Authy.
- Face-scan upon entry: The application accurately scans a remote agent’s face through its intelligent technology.
- Photo ID scan upon entry: After the face scan step, RemoteDesk then prompts the user to undertake ID (employee ID card) verification.
- Successful onboarding: A simple 2-step onboarding process lets you create a baseline profile for your employees with their face and ID scans in a remote working environment.
Tip 12: Enable ‘find my device’ and remote wipe.
Finding and ideally remote your device is a crucial part of ensuring information security when a device is lost or stolen. Securely wiping your device makes it difficult for the attacker to access your data.
Here’s how to enable ‘find my device’:
- Windows: Go to Settings > Update & Security > Find my device.
- macOS: Configure iCloud on your device via Settings > Your Name > iCloud > Find My Mac.
- Linux: Not built into the operating system and requires a third-party app
- Android: Set up a Google account on the device and it gets enabled by default.
- iOS: Setup iCloud on your device by going to Settings > Your Name > iCloud > Find My iPhone/iPad.
Tip 13: Wipe any devices before you share, sell, or dispose of them.
If you’re planning to lend, give, sell, or throw out an old device, make sure to reset it to factory settings. This will keep your data safe from being accessed after you get rid of your device, either temporarily or permanently. Make sure to back up or transfer any important data on the device before doing so.
Tip 14: Use a virtual private network (VPN).
A virtual private network (VPN) extends a private network across a public network, enabling you to send and receive data across shared or public networks as if you get directly connected to the private network. This is done by establishing a secure connection to the network and routing your traffic through an encrypted tunnel. This keeps your connection secure even when using public hotspots while allowing remote access to your computing assets.
VPNs reduce the risk of some online threats, including man-in-the-middle attacks. VPNs make it almost impossible for threat actors to snoop on your traffic and monitor what you are doing. This technology also prevents websites from tracking your actual location.
Tip 15: Use corporate services for email, messaging, and all other work.
Your company most likely has a set of IT services that employees use, such as Microsoft Office 365, a corporate messenger like Slack or HipChat, and at the very least corporate email. Your company’s IT service configures those tools, and IT is responsible for setting them upright.
However, your company IT is not responsible for the settings of your personal accounts. Are you sure that your colleague — and no one else — will see the file that you sent a link to? If the file is accessible to anyone who has the link, then search engines can index it. Besides, if someone googles something on the topic of your document, it might appear in the search results and catch the eye of someone who should not even know of its existence.
As much as possible, stick to official resources when sending files or other information. Those cloud drives configured for business are generally far more reliable than the free user versions. Corporate mail usually has less spam, and none of your personal correspondence, which adds up to less risk of missing an important email or forwarding something to the wrong address — and colleagues will know for sure that it’s you, not someone pretending to be you.
Tip 16: Stay vigilant
Unfortunately, there is always a possibility of a malicious and highly convincing message to sneak into your corporate mail. This risk has heightened due to telecommuting sharply increasing the amount of digital communications. Therefore, read statements carefully and don’t rush to respond to them. If someone urgently needs a vital document or demands immediate payment of an invoice, double-check the someone is who they claim to be. Don’t be afraid to call the other party for clarification or confirm the action one more time with your boss.
Be particularly suspicious of emails with links or attachments. Try ignoring a link if it does not point to a corporate resource. If everything looks fine and the link opens a site resembling OneDrive, do not enter your credentials on it. It is better to type in the OneDrive address in the browser manually to log in when you try to open the file again.
Basically, working from home creates new opportunities for malicious entities to access confidential data. This new work setup puts your data’s security at a greater risk. In addition, if the information is compromised while an employee is working from home, it can be challenging to identify how it happened and when. It’s therefore crucial that you prevent data breaches from happening by following the tips above.