100% Remote Operations Series: Cybersecurity at Home
This blog is part of our 100% Remote Operations: Working From Home series.
As the dust settles from the initial transition of office-working to home-working, organizations continue functioning with the new reality of social distancing. Those who are new to remote work have grappled with how to best ensure smooth sailing ahead. In many ways, remote work provides an innate convenience factor—no commute, environmental familiarity, and the use of your own technology. Using your own technology can seem ideal, and working from home can provide an essence of safety and security. Wherever work is being done, maintaining the same high level of data and information security is imperative, albeit challenging, outside of the office.
While significant transitions take place amid a global pandemic, cybersecurity has the potential to slip from being top of mind. Unfortunately, the reality is that with this attention focused elsewhere, lax cybersecurity exposes potential weaknesses that can be exploited. Both the Federal Bureau of Investigation and lawyers with the World Health Organization have warned of an uptick of fraudulent activity and crimes tied to COVID-19. Although COVID-19 has temporarily shaken up normal business operations, employees still cannot afford to let their guard down. It is crucial to examine and instate protocols and controls at home.
There are several primary challenges remote workers experience outside the office. In this blog, we discuss several precautions and measures to put in place to maintain cybersecurity while working at home.
1. Strong Passwords
The unfortunate truth is that credential stuffing, the term for gaining access to multiple accounts based on stolen credentials, occurs every day. While it may be convenient in the short-term, weak passwords make online accounts more susceptible to hackers in the long-term, proving hugely detrimental. Strong, unique passwords, and any extra layers of protection are good first lines of defense for online accounts. When determining secure passwords, here are some tips:
- Passphrases are longer and harder to crack than shorter passwords with more special characters.
- Each account should be assigned a new, unique password.
- Use a secure password manager to keep track of all unique login credentials.
- Multifactor authentication (MFA) should be used on as many accounts as possible.
2. Secure Home Technology
During this time, many employees have had the luxury of bringing home office laptops, monitors, and other technology. However, it is also true that many others will be using their own equipment instead.
Although it may not be necessary to be connected to the virtual private network (VPN) at all times, it is highly recommended that users connect to their organization’s VPN regularly. By connecting to the VPN, updates can be deployed effectively, keeping software up to date.
On the other hand, for some employees, it is not necessary to be regularly connected to a VPN. Regardless, it is still crucial to have a secure, reliable Wi-Fi connection. There are several measures that can improve the security of home Wi-Fi networks.
- Ensure that any default administrator passwords have been changed for the home router and Wi-Fi network.
- Enable WPA2 encryption with a strong password for the wireless network. This can be done in router security settings.
- Check that all other internet and smart devices at home also have strong passwords and are on the latest operating systems.
- When using your own devices, double-check to make sure that all anti-virus software is running and updated to the latest version.
- Any other privacy software, from add-ons to patches, should also be checked to make sure it is up to date and operating.
- Microsoft and Apple both have built-in Firewalls. Enable firewalls to prevent malicious activity.
3. Malicious Activity
As mentioned earlier, there has been an uptick in COVID-19-related fraudulent activity reported. Phishing is a primary consideration, which users should always be on the lookout for. Social engineering is another risk, which can come in the form of texts, calls, social media, and fake news reports. Unfortunately, in such times of dramatic change and urgency, users may have their guard down when receiving messages and media from unknown senders. Employees must stay vigilant to guard against these potential threats to cybersecurity. Any phishing or unauthorized activity on a work-related device should be immediately reported to your organization’s information security team.
4. Backup Plan
There are numerous reasons to back up information, especially if it is sensitive. Cloud storage avoids the uncertainty of storing data on a devices’ main hard drive, which can be vulnerable to data loss from physical damage, human error, or other issues.
For questions about backing up data, contact your IT department.
5. Virtual Meetings
As more people meeting virtually through video conferencing and meeting solutions, such as Zoom, the opportunities for malicious threats opens wider as well. From restricting unwanted participants from joining with passwords to employing screen-sharing controls, take the time to research best practices for online meetings using your specific virtual meeting platform and employ them before joining or starting your next session.
Keep In Mind
Working from home is entirely doable. Millions of people do it successfully each year. As many employees are still getting used to remote work, there are important cybersecurity considerations at home that they may not have ever had to reckon with, in the office. As the situation at hand continues to develop, it is imperative that employees not let down their guard while dealing with potentially sensitive information. Now more than ever, organizations are susceptible to security threats, which can be mitigated through following cybersecurity best practices.