The demand for remote working due to the Covid-19 pandemic has invariably placed renewed pressure on organizations to secure corporate resources and data in locations outside of their control. All over the world large numbers of people have joined the rush to work from home, with many organizations unprepared, and with individuals often working from their personal devices. As these devices are often not maintained with proper security measures, they have the potential of leaving an organization open to various attacks.
Here are my top tips for remaining secure and compliant as you work from home:
- Secure your home network: Make sure your Wi-Fi network is encrypted. If your Wi-Fi requires a password, then it is a good start. If not, you should access your router’s settings to change this. You also need to change your router’s default password if you have never done it before. If your router is breached, then an attacker could access your devices and any data you send through the router. Default passwords for routers are a weak link in their protection.
- Avoid public wireless networks: Public wireless networks may seem convenient, especially if you are travelling for work, but they can also be a threat to your privacy, meaning you might want to think twice about connecting. Open Wi-Fi networks provide an opportunity for criminals to hijack your connection and access information sent between your device and the internet. It is best to use secure wireless networks whenever possible. Use caution when connecting to open wireless networks: do not accept self-signed or untrusted certificates and verify that you are connected using HTTPS before logging in to any websites. Antivirus apps and password managers go a long way, but a VPN is a uniquely powerful tool that you should have in your personal security toolkit. Particularly in the connected world of today.
- Use Strong, unique passwords: In the chance a hacker does gain access to one of your accounts, make sure to use different and complex passwords for each of your accounts, and never reuse your credentials across different platforms. It is also a good idea to update your passwords consistently to further protect your data. You can also use a password manager, or a security solution that includes a password manager, to keep track of all your unique passwords. Most of us use very poor passwords and tend to reuse them on various websites. It is tricky to use solid, unique passwords for all the websites that you use daily? A password manager is the solution. For all the websites that you use, password managers store your login information and help you log into them automatically. With a master password, they encrypt your password database, and the master password is the only one you must remember.
- See Something, Say Something: Do not respond to emails or phone calls requesting confidential company information—including employee information, financial results, or company secrets. It is easy for an unauthorized person to call you and pretend to be an employee or one of our business partners. Stay on guard to avoid falling for a potential scam and report any suspicious activity to your manager and to your Information Security team. If you receive an odd email that you do not recognize, or notification that someone is trying to access your account, do not assume that someone else sees it before you. If you have any question on an email, do not hesitate to forward it to your security team. or your high authorities.
- Stay current on software updates and patches: You might get reminders that software updates are available for your computer, laptop, tablet, or mobile. Do not wait. Update them. And bear in mind you can often configure your devices to update automatically. Why it is important? Updates are designed to mitigate and patch security flaws and help protect your data. Updates can also add new features to your devices and remove outdated ones. Windows updates and patches will be pushed to your devices and may require a reboot after being applied. When prompted, apply the changes, and allow your device to reboot to ensure your workstation is up-to-date and protected.
- Be aware of Malicious Software: Remember not to download or install software from unknown sources. If you have a software need, discuss it with your department manager. Downloading and installing software from unverified sources can expose vulnerabilities on your system, install spyware or keyloggers, and allow remote access without your knowledge.
Email is a dangerous tool
- Encrypt email messages: As more people access work email at home, cybercriminals are unleashing a barrage of email scams and attempting to breach less secure home networks to access company data. Do not let curiosity get the best of you. Always delete suspicious emails and links. Even opening or viewing these emails and links can compromise your computer and create unwanted problems without your knowledge. Use your best judgement; if an attempt appears convincing or targeted to something specific about you or your management, or you think it might help other employees to be aware, then send it to your IT team. Remember, if something looks too good to be true, it probably is.
- Beware of coronavirus-themed phishing emails: Cybercriminals are exploiting the coronavirus outbreak to send fake emails with dangerous links to employees. Here is how it works: The email messages may appear to have come from a colleague and might ask you to open a link to a new company policy related to the coronavirus. If you click on the attachment or dangerous link, you are liable to download malware onto your device. Do not click. Instead, immediately report the phishing endeavor to your employer. Email is unencrypted by default, which means that sending a password over email opens the possibility that anyone who intercepts the packets along the route to the recipient can see all contents. Additionally, it is often saved on a local device, such as a cell phone, which may be stolen. Verify any that links in an email are linking to where they claim. Rather than clicking on the link, copy and paste the URL into your browser.
- And attachments: Beware of attached files from any sender, including within the organization, unless you are expecting to receive the file. Certain file extensions require more caution than others. Do not download or run an attachment with the following extensions: .exe, .msi, .bat, .cmd, or .vbs. Microsoft Office file types that end with an ‘m’ may contain macros and are also potentially unsafe (.docm, .xlsm, .pptm). This is not an exhaustive list of executable file types, so if you do not recognize the extension, it is best to be cautious and inquire with IT before opening anything you do not recognize.
When to go offline
- Watch out for work-from-home scams: We are likely to see an increase in work-from-home scams and other schemes that target economy workers. Many of these request personal information or upfront payments before you can begin work. By the time you realize it is a scam, the fraudster has ceased contact and stolen your money or taken over accounts.
- Backup your sensitive files OFFLINE: There is a high chance of risk if you do not follow the safety precautions properly. Else, one may lose their data that is stored in the pc / laptop due to ransomware or other malware attack. Take precautions and make sure that all important files are backed up regularly.
Business need to take the time to educate their employees regarding cybersecurity policies and updates. Every employee must be responsible for and aware of the company’s cybersecurity policy. These security fundamentals are intended to be a set of simple and mostly common-sense guidelines to allow all employees to cover the basics, look out for one another, and continue to focus freely on his or her main tasks. These fundamentals are a minimum requirement for computer information security to avoid creating easily exploited vulnerabilities, but comprehensive security is a never-ending process. The first step in awareness of that process is to be able to recognize a security threat.
Shitesh Sachan, White Hat Hacker and CEO, Detox Technologies