MANY of us have become very accustomed to working from home over the last 18 months.
As we slowly emerge from the pandemic, many organisations are planning to continue with a blended approach, with some percentage of the work week likely to be spent at home and the rest in the office.
This new way of working has opened up many new entry points for cyber criminals to attack individuals and organisations as many of the security barriers that we take for granted in the office are no longer available to use when logging on at home. This, combined with the multitude of new communication and productivity tools we use to stay connected, greatly increases the risk.
All that said, working from home can bring many benefits from a work/life balance and productivity perspective, and with a few small changes and a little awareness, you can go a long way to improving your remote working security.
Securing your home wi-fi network
Many wi-fi routers will come with default, easy to guess wi-fi passwords like “admin” or “1234567” or in some cases your router may not require a password to connect.
Make sure your wi-fi requires a long password to connect to it. You can manage your wi-fi password by accessing the wi-fi router’s settings.
You can also enable your router’s firewall to add an extra layer of protection for internet traffic coming into your home. There are usually details on the back of your router to help you log in. If you are unsure, you should be able to find details on the manufacturer’s website or by contacting your internet service provider.
Being wary of public wi-fi
Many of us in areas of higher population should have decent internet speeds but for those who do not or where the reliability of your internet speed is dependant on which way the wind is blowing you may need to go elsewhere to connect.
If you must connect to a public wi-fi network you should always connect to wi-fi that is password protected.
Open wi-fi connections are often trapdoors for downloading viruses or malicious software that could infect your device and your work network.
Using a VPN
Many companies will ensure all employees access the company network through a Virtual Private Network. This means that all the internet traffic that travels through this connection is private, encrypted and virtually impossible for cybercriminals to intercept. Smaller businesses that may have limited IT budgets should know that VPN’s are generally quite affordable but offer huge security benefits if employees are required to access files on the office network.
Connecting to online services
Whether it is communication through Zoom or Microsoft Teams or file sharing using Dropbox or OneDrive, accessing these services should always happen using a long passphrase rather than a short complex password. Many of these services also facilitate multi-factor authentication (MFA) so will not be completely reliant on the password. You should use the MFA option if it is available.
Remember to disable these services on old devices you may have, especially if you are planning on giving the device to someone else or to a charity.
Sending sensitive data over email
If you need to send sensitive data to colleagues, it can often be tempting just to copy and paste or attach a file to an email and press send. This is one of the most common ways for data to leak outside your organisation when incorrect email addresses are entered or the email is forwarded on to someone who should not have received it.
Using a reputable cloud storage service gives you control over who can see the file.
Watching out for phishing scams
There has been an explosion in phishing attacks throughout the pandemic as cyber criminals try to take advantage of the sudden shift to home working. When accessing your email from home it is important to be extra vigilant and cautious when clicking on links in emails or open attachments.
Always check the sender email address and double check links or attachments before opening them.
If they are unexpected or suspicious do not click on them and report them to your IT team.
Keeping your laptop and other services up to date
When working remotely it can be easier to just put your laptop to sleep rather than shutting it down and restarting it every day. This can mean that important patches or updates are not being installed on the machine.
You should also make sure that your devices are running the latest operating system versions and that your applications are kept up to date. If they are not your device could be vulnerable to an attack from cyber criminals.
Keep your devices secure
If you are using a laptop provided by your company, you should already have anti-virus software installed. Make sure it is switched on and is regularly scanning your device.
If you don’t already have antivirus you can purchase very high-quality solutions that cover multiple devices for around €50 per year.
This is certainly worth it for the peace of mind that your device is protected.
It is important to remember that your home network is not too small to be attacked. If your network is compromised it could then be used as an entry point to launch a bigger attack that could bring severe consequences against you and your organisation.
Being conscious of this and implementing some small changes to your work practices can go a long way to keeping the bad guys at bay.
ABOUT THE AUTHOR
John-Ross Hunt is a Product Manager with Cyber Security leaders Trend Micro, specializing in the area of enterprise security awareness training with the product Phish Insight
Tomorrow: Helping your chidlren stay safe online.