We all know how hard this pandemic is upon us. Whether you are a freelance professional, an employee of an organization, a student, or an entrepreneur you have to do your job part-time or full-time remotely. So, working from home, attending a meeting, or attending class lectures you have to depend on technology. Doing your job remotely has its perks. Unfortunately, this way of working from home is also a lucrative scope for cybercriminals to exploit. Here we will discuss cybersecurity tips for work from home users.
A study released in October 2020 by Ponemon Institute LLC and Keeper Security, Inc. discovered that 71% of these experts were sure of their associations’ capacity to fight off cyberattacks before the pandemic but during the pandemic, the percentage lowered to 44%. What’s annoying them most? An absence of actual security in the workspaces of remote workers (47%), the danger of remote workers’ gadgets being tainted with malware (32%), and the danger of cybercriminals getting into sensitive information on remote workers’ gadgets (24%).
Cybersecurity Tips for Work From Home Users
Whether you are an employee, an employer, or a professional if you want to be secure while working from home both for your home workspace or as an organization, the following tips can help you to keep the cybercriminals at bay,
- Always be updated: Whether you are working from home or just working remotely, the technology you are using, always keep them updated. You should remember that cybercriminals always exploit the old version of any technology as after update the previous versions remain to have some security flaws or loopholes.
- Keep an eye on your smartphone’s notification, as soon as you receive a security patch update, perform the update promptly.
- Don’t delay in updating your smartphone applications or desktop software those require updates.
- Your computer’s operating system must be turned on to receive updates automatically, if not then check for updates regularly and perform the updates.
- Start using a virtual private network (VPN): If you are not using a VPN on your devices then start using one from today. VPN enables you to establish a secure and encrypted connection to the network while you are communicating. VPNs help you to hide your real location or your ISP(internet service provider). As a result, hackers can’t locate you or your activities as well as they can monitor you.
- Using separate devices for work and home: If you are using multiple devices and you are working from home this might happen that you end up using all of them for both work and personal use. It might seem tiresome to jump from one device to another again and again but it is a good practice to keep your personal and work devices separate because you never know if one of your devices has already been compromised. It would eventually help you when any event of theft or hacking takes place you will be at least use one that’s not yet compromised and with the help of that uncompromised device, you can take control over your compromised device/s.
- Turn on encryption on your devices: It is always recommended to turn on your devices’ encryption for your safety. In an event of data theft or device theft, the cybercriminals will not be able to access your device or data if your devices are encrypted. Here are some ways of turning on encryption of some popular devices-
- Android: Recent android operating systems are encrypted by default
- Windows: By turning on BitLocker
- macOS: By turning on FileVault
- Linux: By using dm-crypt or something similar
- iOS: From iOS 8 all devices are encrypted by default
- Be aware of Phishing: Phishing is a very common and lucrative mode of exploitation used often by cybercriminals. Whether you are working from home or office, you need to be extra careful about phishing attacks. During this pandemic, many cybercriminals are using the situation in their favor and attacking with a covid-19 related phishing attack. Cybercriminals are often posing as a charity organization, healthcare representative, and tricking users with fake insights, attachments, or download links by clicking or downloading those contents the user is ending up compromising their sensitive data. Try to follow the steps below before interacting with an email,
- Always make sure to deal with emails via a secured network
- Never interact with an email from an unknown or untrusted source
- If you are suspecting the message or sender try to verify the sender via a phone call
- Always check the real link by hovering your cursor in the link, in the bottom-left corner of your browser it will show you where you’ll be taken actually by clicking the link.
- An attacker will often try to impersonate someone you know or looking very legitimate, so always know your sender or do your research before interacting with mails.
- Try automatic locking: When you are working remotely whether from home or outside the office make you have set your device to be automatically locked after a certain idle time or when you are away from your workstation/device. It’s not always criminals, even a family member may use your device while you are not around and may end up compromising your device security without knowing. So, make a habit of locking your devices while you are not working or you are away from your devices. You already know how to instantly lock your smartphone and we all are used to locking our smartphones instantly after using them. However, though you have turned on automatic locking here are the shortcuts to instantly lock your computers,
- Windows: Press Windows key + L
- Old Macs: Press Control + Shift + Eject
- New Macs: Press Control + Shift + Power
- Strong PIN/Password across all devices and accounts: Whatever you do for your devices’ and accounts’ security if you don’t use a strong PIN or password then you are just one attempt away from being hacked by an intruder. So always make sure to use a strong password to avoid any intrusion. Also, avoid reusing passwords because it increases the risk of potential data breaches. Here are some ways you should and shouldn’t in case of passwords,
- Try using a passphrase, like making up new words with random letters that you will remember easily or memorize
- Don’t use your date of birth, license plate, or address as passwords
- Abstain from writing down your credentials anywhere to be safe from handing them over accidentally
- Avoid sharing sensitive information over email or text: Try not to share sensitive information related to your work or personal life over email or text. Only use trusted network and try using encrypted channels to share case sensitive data. It is also advised not to expose your sensitive information on social media platforms. This could make you an easy target for cybercriminals like, sharing email, phone numbers, etc.
- Not sharing accounts with coworkers: You are always accountable for your office or personal accounts. So, while working from home or office never share your accounts with your coworker or with friends or family. If any of them get victimized by a security breach them your security will also be compromised. Moreover, hackers can also use your accounts to do unauthorized actions or can use your account to do criminal activities that will eventually put you in jeopardy in case of an investigation.
- Keep your work devices away from family members: You might be a tech-savvy guy, you know well how to protect yourself online. But when you are working from home your devices may come into your family members’ hands if you are not cautious. Your work devices will likely be exposed to young childer. As not everyone is aware of the threats of being unprotected in the cyber ocean, it is better to always keep your work devices away from your family members. To be safer, make a separate space for your office and restrict access but yourself.
- Keep backup: Having a backup is always a good habit. You never know when your data might get compromised or your system might get compromised, hackers may destroy everything you have in your system. That’s why if you don’t have a backup start backing up from today. If your organization has a cloud storage setup they start using that and store all sensitive organizational information there and to be more secure avoid keeping them available in your device while you are not working. So, in an event of a cyberattack or if the data get destroyed you’ll be able to access them from the cloud.
- Securing your home network: While you are doing home office make sure you have a secure home network. For example, cybercriminals tend to exploit default passwords on your home networking device like your router, smart devices, etc. To secure your home network you can do the following,
- Don’t share your wi-fi password with an outsider
- Use a separate network that is not connected to the internet-of-things (IoT) devices
- Change your default router password to a strong one that is hard to guess
- Keep your router firmware always updated
- Change your SSID to something that is not related to you
- Though recent hardware is already using network encryption, make sure to use WPA2 as this is the strongest.
Monitoring Cybersecurity Tips for Work From Home Users
If you are following the above and keeping yourself updated with the recent trends then it can be said that you are good to go. However, if you are an entrepreneur and managing a team remotely those are working from home or remotely, then you can take the following steps,
- Arranging cybersecurity awareness training: Try arranging an awareness training program for your workforce who are engaging themselves remotely to your organization. By conducting a cybersecurity awareness training program everyone within the organization will on the same page regarding cybersecurity.
- Monitor your supply channel: If you are dependent on third-party vendors or/and service providers to run the organization, then you must remember that in case of a data breach the weakest link that will be mostly exploited to get you will be a third-party vendor or service provider. So keep an eye on the vendors’ risk management. You can contribute to their risk management directly or else you suggest to them good help that they can consider to maintain a good risk management system.
- Establishing email security: Make sure to implement good email security, within the organization, and for employee communication. Without having good email security you cannot prevent phishing attacks, spear phishing, email spoofing, etc. As email is the most professional way of communication when it comes to business organizations, you must maintain proper email security. If you want to establish proper email security you must undertake policies like, SPF, DKIM, and DMARC.
- Introducing access control: If you want to reduce the risk of data breaches and data leaks in your organization then implementing an access control policy is a very good way to do it to be safe from internal data leaks. For example, you can implement role-based access control (RBAC) in your organization, where the employees of your organization will gain access to information only assigned to their role.
- Make your web application or sites HSTS: If your organization owns a web application or website then you must make sure to use HSTS- HTTP Strict Transport Security. It is a policy that empowers sites to make themselves available just through a secure network connection otherwise it will block any insecure or malicious access. By using HSTS the end-users are safe from cookie hijacking attacks.
- Monitoring and maintaining security metrics: If you have employees working from home then it is a good practice to monitor how your organization’s employees are doing online. So to make sure that your employees are abiding by them, you should introduce information security policies and set up metrics through which you can monitor how well they are maintaining.
- Use a secured channel for communication: While working from home, employees often tend to communicate with the available medium close to them like personal devices. To make sure that your organization’s data is safe and secure make it mandatory for your employees to communicate for organizational purposes, like sharing sensitive data, financial information, emails, etc only by pre-approved channels where you will be able to monitor and manage according to your need.
- Only approve organization-approved software and hardware: When your employees are working from home you don’t know about their workspace and how they are dealing with daily work in terms of devices or software. It is true that to make things easy we all tend to depend on the things we already know about like process, software, systems, etc. But for maintaining organizational cybersecurity companies should encourage employees to only use work device and company approved software to conduct their daily work. If not then there is a high probability that the attacker may exploit the scope and can result in an organizational data breach for using unapproved software or devices that are not optimized.
- Using multi-factor authentication: When most of the workforce or all of them are working from home or working remotely, it is a good precaution to make it mandatory for all of the employees to use multi-factor authentication while across all of their devices. Relying on multi-factor authentication is an easy way to make accessibility to your organizations’ resources more secure without spending more. Moreover, it is also a good practice for all of us to get benefited from multi-factor authentication across all our devices and accounts whether it is personal or organizational.
- Ensuring maximum security around online financial transactions: An organization is always a hotspot for cybercriminals because by investing a certain amount of time if they succeed they will get more than enough which opposite to attacking an individual. So, it is always recommended to use only the company approved channel to exchange financial information. When it comes to transferring funds, it is always important to only use the organization’s bank approved platforms to perform any fund transfer. While doing banking activities from the bank’s website it is a must to use a secure network connection and doing all the work on a software updated device. It is also recommended to make sure you are entering the authentic website, not some websites cybercriminals trick you to enter to be able to expose all the sensitive information.
The bottom line is prevention is better than cure. Covid-19 along is a hell of a disaster for the making. As all of us are going through this tough time, becoming a victim of a cyber attack could be more than one can take. So, only by maintaining cyber hygiene, we can make our work form home secure and prevent any sort of data breach from happening.