Today, over half of US workers are doing some or all of their work from home. Some workers miss the interactive atmosphere of an office environment but others are content to continue to work remotely. The situation suits many employers who find that the flexibility results in more work getting done. However, allowing employees to work on their home computers can put an entire organization’s computer network at risk of viruses, fishing and cyberattacks.
Many IT departments are warning that remote workers lack the security apparatus to fight off malware infections. There is also more of a risk of cybercrooks being able to access sensitive data via remote devices.
Interpol, the international police agency, concurs. Since the beginning of the pandemic, they say, when millions of workers moved their offices to their homes, there have been more incidences of cybercrimes. An Interpol report stated that
“With organizations and businesses rapidly deploying remote systems and networks to support staff working from home, criminals are also taking advantage of increased security vulnerabilities to steal data, generate profits and cause disruption.”
Protecting yourself against cybercrimes isn’t throw of the dice as one would do at an online casino. There are steps that you can take to bolster your cybersecurity and protect yourself against online attacks.
Some of the most important steps include:
Updates
Keep your devices updated. Updates, both for software programs that are installed on your devices and antivirus programs, help safeguard your data and fix security flaws. You’ll receive notifications on your smartphone from the company in the form of a window that will pop up to tell you that you should click to update your program. Don’t neglect the operating software updates to your smartphone as well as to any changes that effect your apps, especially if you use your phone to manage both your personal and your work life.
VPNs
A VPN is a virtual private network which enables users to send and receive data across public/shared networks by extending a private network across a public network. Via the VPN users are able to proceed as if their computing device was connected directly to a private network.
Remote workers often access the employer’s network through a VPN. The VPN secures information transmitted between employee and employer via data encryption to prevent cybercrooks from intercepting sensitive data — customer information, financial documents, etc.
The VPN should never be turned off during work hours. Otherwise, infiltrators could steal proprietary information. As always, never use a public WiFi network when you are accessing a work-related account unless you signed in to your employer’s VPN.
Phishing Scams
A phishing scam can get through virus protectors by enticing the recipient of an email to click on a link that will then attack the user’s computer. Many of the phishing scams are extremely sophisticated, including those that target employees of a specific company with an email that purports to come from that company.
So, for instance, if you get an email whose return address is almost identical to the company’s real email address (perhaps, at the end, it reads .info instead of .com, etc) it would be natural to click on the link embedded in the email text. Problem is, the link might unleash malware onto your device.
Phishers aim to steal passwords, account numbers and other sensitive information. Kelvin Coleman, executive director of the National Cyber Security Alliance says “Most of the things that they could gain access to could absolutely make life miserable for you.”
Passwords
You’ve heard it a million times but you need to have a unique password for all of your accounts. Your router and WiFi network should be password protected and each device should require that the user enters a password before it opens. Your router server will give you a default setting – switch that default password to a unique password as soon as possible.
According to the National Cyber Security Alliance, it is recommended that you create a strong, lengthy password for every account to which you log in to on an employer-issued device. The veteran anti-virus company Norton recommended that passwords be at least 10 characters and not include a name, a real word or personal information (i.e. birthdate).
Norton says, “By combining uppercase and lowercase letters with numbers and special characters, such as ‘&’ or ‘$,’ you can increase the complexity of your password and help decrease the chances of someone potentially hacking into your account.” Don’t use a password that has repeat numbers (9999), sequenced numbers (7890) or frequently used words such as “password”, “iloveyou,” “test1” or “qwerty.”
Separate Devices
Keep your work device for work. According to Coleman of the National Cyber Security Alliance, cybercriminals target personal and work devices that are used interchangeably. “It’s not unlike any other disaster that we’ve seen since we’ve been relying on technology. Bad actors take advantage of a crisis. A global pandemic is a crisis. They’re going to take advantage of this because they know so many more people are online. There is a target-rich environment that bad actors see these days.”
Doing work tasks on your home laptop may jeopardize sensitive business data if that device doesn’t have proper security. It’s complicated, especially if family members use devices interchangeably (especially if kids are using them for remote schooling.). But don’t tempt the forces that may be looking for an opportunity to breech your security.
Multi-Factor Authentication
Multi-factor authentication involves at least two methods of verifying a user’s identity before they can log in to an account, network or device. Those methods include security tokens, passwords, facial recognition, biometric identification (fingerprint), etc.
Multi-factor authentication adds an extra layer of security but it’s not being used to its full potential. The Ponemon Institute and Keeper Security report that of IT professionals who were surveyed, 31% said that they weren’t required to use any authentication methods at all. And of the 69% of organizations that did require some kind of authentication, only 35% reported that multi-factor authentication was mandated.
Help Net Security says “As hackers look to target less tech-savvy users that are new to working at home, multi-factor authentication stops hackers in their tracks. In a time where most employees are working on unsecured home and public networks, having multi-factor authentication as an extra safeguard will not only take some burden off the IT team but will also help make employees that aren’t trained in security less susceptible to cybercriminals.”
Working from home can be convenient and freeing but it’s the worker’s responsibility to do his or her utmost to uphold existing security standards and encourage the company to add to those standards when necessary. By using strong passwords, performing regular software updates, using multi-factor authentication and staying aware of potential threats, remote workers can make the work-from-home movement a success.