Working from home isn’t new anymore and most who are doing it, even on a part-time basis, are considered seasoned veterans by now. But being seasoned doesn’t mean you are any less of a target for cybercriminals. With millions of people handling much of their work and school responsibilities remotely, cybersecurity threats are showing a clear spike in phishing and other cybercrime activity.
There is so much sensitive data being transmitted on a consistent basis, and in most workplaces, somebody else typically takes care of the cybersecurity measures. But when you are working from home, it is you who must pay attention.
To help you, we have put together a list of Cybersecurity best practices to help you stay vigilant:
-
Use your work device for work
Using your own personal computer for work introduces a number of potential vulnerabilities. Most personal devices have many non-essential applications and games installed and may be used by other family members, making this a hot spot of potential risk. Your work device will likely already have the programs, documents, and security safeguards installed, and security measures in place.
You should ensure that your device is always secured, locking the screen when you walk away, and If you are handling very sensitive data, you should make sure the sightlines to your device are blocked while you are working. You should never let other people use your work device, even if you are working from home with family. Make sure that lost or compromised devices are reported immediately so that the necessary steps can be taken to secure sensitive data. -
Keep all operating systems, programs, and applications up to date.
Software programs are updated regularly in response to newly discovered bugs and vulnerabilities. If you are using an outdated version of an app or operating system, your device is not secure against known threats.
-
Protect your accounts with strong, unique passwords and enable two-factor authentication on all your accounts.
Your passwords are the first line of defense. You should use a different password for each of your accounts. Passwords should be at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password. Always log off if you leave your device and anyone is around, it only takes a moment for someone to steal information.
Activating two-factor authentication (2FA) on your accounts can prevent malicious parties from accessing them, even if your password is compromised. Using apps that generate one-time passwords is the most secure form of 2FA. You can check this list to see whether your service supports 2FA. -
Secure your home Wi-Fi network:
• Changing your home Wi-Fi password – Most routers come with a preset password. These default passwords are often weak (less than 16 characters) and shared by other routers, making them easy to guess. Even if you changed your router’s password when you first set it up, it is worth changing it again, especially if you have shared that password with guests.
• Turn on encryption – Most routers now come with the ability to encrypt traffic. Usually, this option is usually turned off by default, so you should ensure that you enable encryption, ideally WPA2, before you begin handling sensitive data on your home Wi-Fi.
• Turn off network name broadcasting – Hide your Wi-Fi network by turning off network name broadcasting. This will stop your network from automatically showing up on every device that has its Wi-Fi turned on and prevent others from stealthily connecting to your Wi-Fi. As long as you know your Wi-Fi network’s name, you do not need to share it constantly, and if you have already logged in to your Wi-Fi network with your work device, it will remember the connection, even if you turn network name broadcasting off. You can turn off network name broadcasting (or SSID broadcasting) in your router’s settings. -
Ensure your privacy with a VPN
If you are using a computer provided by your employer, this should be checked for you. If you are using your own computer, get a VPN to secure your connection, and encrypt your data. With VPN your important data can’t be accessed by anyone you don’t want to. Use it always when you are connecting to public Wi-Fi networks.
-
Video conference securely
• Ensure there is no sensitive information sitting on your desk or in view of the camera – If you are talking to someone on a video conference or if you are sharing your screen, do not leave notes or documents with sensitive information (like passwords, URLs, or login credentials) visible.
• Password-protect, or otherwise ensure unknown individuals cannot enter video conferences – “Zoom Bombing,” or crashing unprotected conference calls to share disruptive or offensive material, is one of the new (and irritating) trends popping while people are working remotely. Make sure every conference call and video chat session is password-protected, or you should use services that do not allow uninvited users to join.
• Be cautious when sharing your screen. If possible, don’t leave any windows open that you don’t want to share. While it could just be an awkward moment, it’s also a privacy issue, oversharing content that is not meant to be viewed by others.
• Do not share sensitive information on social media – A recent trend on many social platforms was to share all the cities you lived in, or your favorites (food, color, etc.). However, many of these questions are common security questions, making this seemingly innocent trend risk to your account security. Related to scams and phishing, it is also a risk to share pictures of your remote working station, same goes for using your webcam. You might accidentally share important information, or you might also accidentally share too much about your home or your family members. -
Use antivirus software
There’s no way around it, you just need to have it to be safe. Antivirus software is important to have on your personal computer, but its importance is even bigger if you are using your own computer for working. Prevent malware from compromising your work and your employer’s systems.
-
Beware Covid-19 and related phishing scams
Cybercriminals have been aggressively exploiting Covid-19 by using many types of national + international phishing and scam campaigns. If you get an email with any suspicious links or attachments, especially related to Covid-19, don’t open them (it’s better to be safe than sorry.) and just forward it to the Anti-Phishing Working Group at reportphishing@apwg.org or report the phishing attack to the FTC at ftc.gov/complaint. If you got a phishing text message, forward it to SPAM (7726).
-
Create a comfortable safe working environment
One of the most repeated pieces of advice in our work from home culture is to create a mini office where you can focus on work. A dedicated workspace helps create familiarity and discipline in your day. Everyone will have different needs when it comes to a home office setup, so keep in mind that experimentation is part of the process. Social media is full of good ideas to get started with making your home office running in a safe way.
Be sure to follow your company IT security protocols and only use services, programs, and apps they recommend while working from home. Always reach out to your IT security officer if you have any questions or concerns. Braver technology is always available to help with any security, connection, or network concerns you may have.
Every day, your business depends on information technology (IT) to operate. Thank you for letting us be there for you. Braver Technology Solutions | WeMakeITWork@BraverTechnology.com
Boston 617.315.8515 | Taunton 508.824.2260 | Providence 401.484.7900