Remote work and work from home present unique challenges for information security teams and professionals. Remote work environments don’t usually have the same safeguards as in the office, and people are increasingly using personal computers for work.
These challenges aren't new ones. Organizations have been working to address them since the early days of BYOD (bring your own device) in the early 2000s. BYOD policies allowed employees to bring personal devices like laptops and smartphones to work rather than use company-provided devices.
In order to protect company data, formal policies were put in place solidifying the practice as a reliable option for modern workers in large dispersed organizations. BYOD proved to be beneficial, saving companies millions in operational costs each year while increasing productivity. It also brought new security dangers similar to what we’re facing now in terms of cybersecurity.
Employees working from home are accessing sensitive business content on the same devices they check TikTok with or hand to a whining child in hopes to distract them enough to get some work done. While this all sounds innocent, these acts can pose a significant risk to security. So how can you stay secure working from home?
We’ve worked remotely for almost ten years and security awareness is always a top priority in and out of the office.
Here are some tips and best practices on how you can secure and protect your remote team working from home:
Educate your employees
The weakest link in any security solution are people. To improve security, we equip our staff with security awareness training to help them in recognizing and combating emerging cyber threats including phishing schemes and malware attempts.
Keep your software up to date
We always ensure the latest operating systems, browsers, and apps are installed on computers and devices that connect to the Internet.
Software updates are important because they often include critical patches to security holes. In fact, many of the more harmful malware attacks we see take advantage of software vulnerabilities in common applications, like operating systems and browsers.
Complete regular backups to protect from ransomware
Regular backups will protect you not only from data loss but also from ransomware, malware that encrypts your data. Once your data is encrypted, the attacker will try to get you to pay the ransom for the key to decrypt their files.
We’ve seen an increase in these attacks during the pandemic. While ransomware often goes after company systems and not just worker computers, it is still important to pay close attention to the risks to steer clear of ransomware in the first place. Avoid clicking links in odd emails, scan emails for malware, avoid running unknown apps and keep current data backups to protect yourself from ransomware attacks.
With many of our clients, we use VPNs (virtual private networks) to securely connect to their networks. In some cases, our clients supply us with dedicated workstations for the duration of the project. VPNs can help create a trusted connection between employees and organizations and ensure ongoing access to company tools. VPNs also provide additional protection against phishing and malware attacks, the same way corporate firewalls do in the office.
Create strong passwords and use two-factor authentication
Credential stuffing attacks use passwords and usernames collected from previous hacks of accounts worldwide and took advantage of the fact that many people reuse passwords and usernames across multiple accounts.
Strong passwords are just as important on the home computer and devices as they are on work computers and devices. Encourage employees to change passwords every three months and avoid using names, favourite colours, or reusing the same passwords for home and work devices.
On top of creating strong passwords, we argue it’s even more important to also use two-factor authentication as an added layer of security. Best used with a dedicated security key or phone authenticator app, this layer of protection makes it that much harder for unauthorized users to access your online accounts.
Keep work data on work computers
Thinking about taking care of a few emails at home before bed? Make sure to take precautions like only using your work device and a VPN.
It can be tempting to use your personal computer if your work computer is in a different room or you forgot your charger downstairs, but this could be a risk to your company. There is a good chance you have not followed the same protocols with your personal computer as are mandatory at work, so it’s best not to use your personal computer for work information as it could be compromised by a third party. .
Avoid letting others use your work device
You may have kids at home or are you sharing an apartment with roommates. Make sure you lock your device when not using it. Intentions might be good, but others are not meant to access your work device and company information, they may perform activities that could risk infecting the device with malicious software or leak sensitive information.
If you’re sharing your device with your spouse or child, turn off pop up notifications to stop the accidental click before it happens.
Stay click aware and beware of phishing attacks
It is easy to forget cyber security best practices when away from the office, and cybercriminals are exploiting the coronavirus outbreak to take advantage of remote workers through phishing and spear phishing scams.
A mobile spear phishing attack (a targeted strategy designed to trick people into handing out information such as passwords) led to the recent major attack on high-profile Twitter accounts to push out a Bitcoin scam.
Due to the increase in spear phishing attacks during the pandemic, it’s important to be aware of the risks, and always confirm who you’re communicating with, especially if the person is asking for sensitive info. Best practice is to remain skeptical of all unsolicited emails, text messages, social media chats, and attachments. When in doubt – don’t click.
Following these tips help increase our team’s security for working from home and should help address some of the most common security risks facing our home-working environments. Our threat environment is not static, so it's important to keep a close eye on evolving threats to avoid unnecessary costs and disruptions in a time when we can least afford them.
Photo by Franck on Unsplash