Organizations and schools across the globe are scrambling to effectively operate while complying with the social distancing mandates that are aimed at curbing the spread of COVID-19.
As a result, they have sent millions of students and information workers to operate from the comfort of their own homes. Remote working presents a unique challenge for cybersecurity because home environments do not have the same layers of security safeguards and controls for organizations.
To make things worse, cybercriminals have significantly ramped up their tactics to take advantage of those who may not have secure setups; some may seem obvious but be cautious not to overlook any just because you’ve heard of them before. Think carefully as you read on…
Here are 10 security tips that will help protect you from cyberthreats while working remotely:
Secure Your Wi-Fi Network
Most home-grade Wi-Fi routers and access points come with a known default administrator password. It is important to reset the default password to one that is hard to guess.
The next step towards a safer Wi-Fi is to change the SSID (your network name) and make the Wi-Fi password unique. Many manufacturers give their wireless routers a default SSID that’s usually the organization’s name. Change the wireless SSID to a unique name that does not identify with you or your family (our favorites are “FBI Surveillance Van #594” and “The LAN Before Time”).
Other ways to increase your Wi-Fi security includes making your Wi-Fi password strong, enabling network encryption and turning off Wi-Fi broadcasting.
Just like your computer, your router needs regular software updates that fix security flaws found in the router firmware. For example, last year a serious security backdoor was found in Huawei routers by Vodafone enabling hackers (or government espionage agents) to access all your internet traffic.
Lastly, check if your wireless router has a built-in firewall. If it does, turn it on.
Beware of Suspicious Emails, Websites and Avoid Clicking Links That Are Unfamiliar We are seeing a new wave of cyberattacks targeting and taking advantage of people who are forced to work from home during the COVID-19 outbreak.
Be especially wary of suspicious phishing emails and websites that are promising to provide vital information about staying safe from the coronavirus pandemic – check your sources!
We are also seeing many emails being sent out to students from sources posing as college officials offering updates about school closure updates and other coronavirus-related news.
Cybercriminals have created thousands of malicious websites with domains that reference COVID or COVID-19, the disease caused by coronavirus. Before clicking on or trying to open links, hover over the link to make sure it’s a legitimate website.
Keep Your Computer Up to Date with the Latest Security Updates
Ensure your home computers have the latest security and software updates. Updates often include patches for security vulnerabilities that have been uncovered since the last iteration of the software.
Activate automatic software and application updates on all your devices. We know it’s annoying to do sometimes, but it’s there to protect you. It’s kind of like giving your computer a vaccine.
Don’t Forget About Windows Firewall, Antivirus Software, Antimalware, Internet Web Filter and File Encryption
Make sure the Windows Firewall on your computers is turned on. Windows Firewall provides another layer of protection against malicious users.
Antivirus and antimalware are the last line of defense for detecting and blocking malicious software. Most company computers will have antivirus and antimalware installed and up to date. Validate that your — home computers have similar protections, if not purchase and install the security software.
Internet web filter software allows you and your family to safely browse the internet by blocking dangerous websites. Web filters restrict what websites a user can visit. This is particularly important now that schools are deploying remote learning technology, meaning your children will be spending a lot more time on the computer.
Remote workers should encrypt their work computers to protect sensitive data in case their computer is lost, stolen or compromised. If the computer finds its ways into the wrong hands, the bad actor will not be able to access the data if encryption is turned on.
Avoid free unsecured public Wi-Fi networks
Public Wi-Fi introduces significant security risk and should be avoided. One of the threats is hackers can position themselves between you and the Wi-Fi router (it’s called a Man-In-The-Middle Attack). So, instead of talking directly with the router, you end up sending your information to the hacker first.
If you need internet while on the go, a recommendation is to use the personal internet hotspot from your phone. If there are no other options available, just wait until you’re home to log into your banking portal.
Avoid using Personal Computers for Work
Even though it may seem convenient to use your personal computer to access work email, files and resources, it is important to keep work data on your work computer.
Your home computer will not have the same level of security safeguards and technical controls usually found on your corporate computer.
Keep laptops from getting lost or stolen
Always keep your work-provided devices with you especially when outside your home. In addition, don’t leave your laptop unattended — even for “just a minute” — while working in a public space.
If your laptop gets stolen, report it immediately to the local authorities and notify your employer that it’s missing. Your IT department typically can remotely erase or disable the stolen laptop if it comes online.
Keep Passwords Strong and Enable Two-Factor Authentication(2FA)
Verify with your IT department that they have a strong password policy in place. Strong passwords help keep your data secure while working remotely. Do not use the same password across multiple accounts.
If you have several passwords, a password manager can come handy. A password manager stores encrypted passwords online. A good example is LastPass (this is what we use). Password managers lock your passwords and personal information in a secure vault.
Strong passwords are essential but no longer enough to secure your data. 2FA (aka Two-Factor Authentication) adds an additional layer of protection to your accounts. It combines something you know (e.g. username + password) with something you have (e.g. a device) or something you are (e.g. biometric).
Use Virtual Private Networks (VPN)
Your IT Provider should have you connecting to your company resources through a VPN (Virtual Private Network) tunnel.
A VPN tunnel creates a secure connection to another network over the internet. So, when connecting from home, your activity and information is shielded from prying eyes. If you have any questions about VPN tunnels contact your local IT Provider or give it a quick Google — there are many cost-effective solutions out there like Nord VPN.
Backup, Backup, Backups
If you are saving data locally on your laptop, make sure you have a good backup. Your data can be lost due to human error, hardware failure or a security breach. Without a working backup, you risk losing everything that was stored on your computer.
Remember: backups are your last line of defense!
Let’s team up against cybercriminals and build our defenses up by following these useful tips that will help you have a safer environment — whether you’re working from home or just browsing the internet. Do you already use one of the tips listed below? If not, what are you waiting for?