Working from home or travelling from place to place?
But this shift could also open doors to security risks and cyberthreats. Blurring the lines in enterprise security, remote devices could be infected and serve as launch points for supply chain attacks. Security teams and home office users, however, can minimize the risks that come with remote-working setups.
Many major websites and services are implementing two-factor authentication (2FA). Make sure to have logins set up to not rely on passwords alone (e.g., use authentication mobile apps or biometrics). Passwords have time and again been hacked, leaked, or stolen.
Assess your security and establish clear guidelines on remote working as aligned with company policies. Make sure you have intrusion prevention and protection against data loss and theft, preferably through IT-approved company-issued laptops.
Follow the 3-2-1 rule in backing up data: Create at least three copies of the data in two different storage formats, with at least one copy located off-site on external SSD or HD drives.
Do not use your personal machine as it may have fewer security controls than your company-owned hardware. Work-issued laptops or machines should be for employee use only; other members of your household should not have access to your dedicated work equipment.
Use the dedicated enterprise VPN servers only on your work laptop or desktop to make the connection between your network and the office’s secure. But be wary of phishing attacks that steal VPN-related account credentials. If VPN connectivity is not on the table, ensure that data communication is done via encrypted email or Pretty Good Privacy (PGP) encryption.
Having backup options (e.g., hardware such as USB hard drives) puts you in a better position when something goes wrong, such as connectivity loss or server failure. For macOS users, Time Machine can be activated to create backups.
Unfortunately, scammers use current situations like the COVID-19 pandemic to prey on collective fear and misinformation for their fraudulent activities. These scams are sent through emails, malicious domains, fake apps, or social media, claiming to provide shipping notifications, COVID-19 information, and even supposed cures through attachments that actually bear malware. Fraudulent messages can often appear localized to the recipient to lend an air of legitimacy.
There are measures you can take to avoid getting duped. For one thing, be wary of telltale signs of phishing scams: unknown senders, glaring grammatical errors, mismatched URLs, and outlandish stories. Do not provide your identifiable information such as personal details and bank account information. Immediately alert your organization if you received such attempts to help others spot the scams.
The router is the gateway to all internet-connected devices in your home network. Attackers are known to compromise home routers with default credentials that users often neglect to change. It is good practice to regularly change the password for your router as it may have been previously shared with other users. Passwords that are not prone to dictionary attacks are recommended, i.e., those that have more than 12 characters, with a mix of letters, numbers, and special characters. Likewise, it is important to always update the firmware of your router to the latest version. Routers issued by internet services providers (ISPs) usually have automatic updates, but due diligence can be done through a router’s web console, which is accessible using its IP address.
Restrict user accounts on the router to two: A super-user account used only for setup and configuration (local account, not remote-enabled), and a personal account that is the default user allowed to manage the router (also local account, not remote-enabled). You, or somebody else in your family who is tech-savvy, can also do a port scan on your router’s IP address; if this is not possible, you may check your IP address on GRC. Many routers also allow the automatic addition of new devices for convenience, but this feature should be disabled and unknown connected devices should be removed from the router configuration.
As a safety net, you may also consider a backup internet connection by way of a router that supports LTE in case your normal ISP line goes down. The tethering or personal hotspot function of your smartphone can also work as a connectivity backup.
Use a password manager to make it easier for you to handle strong passwords across multiple website and service accounts. This streamlines the use of long, randomly generated unique passwords and avoids the reuse of the same or similar passwords across websites and services.
Update all of the pieces of software that you use to their latest versions and install security patches immediately to reduce the chances of malware infection. Setting up a secure remote-working environment is not an overnight job. It requires considerable effort from all people involved, especially in the case of those who are new to telecommuting. The measures laid out here should help companies and employees ease the burden and effectively protect work-from-home setups from cyberthreats.
Since kids are also staying at home, likely having their online classes, and other members of the family may also be working remotely, home network security basics such as creating backups should be incorporated. Create a safer digital environment by employing home network security that not only can block and filter sites, but can also protect your network and devices against hackers and web threats. You can also consider employing router security that allows device management like disconnecting unwanted devices in the network, controls social media use, blocks inappropriate sites, and sets time limits for device usage.
As with laptops and desktops, make sure phones are updated with their latest firmware versions. Download only legitimate apps from official stores and review the app permissions before installing them. Install a mobile security app to prevent malicious apps or codes from running on phones.
Social