If you are reading this, you are probably working from home. With the recent Covid-19 outbreak causing tectonic shifts in the job market, more and more people are forced to work remotely.
With this sudden move to remote work, learning the basic rules of cybersecurity is extremely important, both for employees and their employers.
TABLE OF CONTENTS
Why Cybersecurity is So Important During The Outbreak Period
When you work from an office, you have an experienced IT team to take care of corporate data security. However, the picture is completely different when working from home.
Hackers are aware that a lot of people are starting to use insecure home-networks and they act accordingly, often utilizing pandemic-themed attacks that play on mass hysteria and the natural fear of the outbreak.
For example, as of the 2nd of April 2020, experts from the Any.Run interactive malware hunting service recorded more than 30 different malware types that utilize Covid-19 in one way or another.
Mind you, that’s not 3660 attacks. That’s 3660 different instances of computer viruses that are designed to take advantage of the epidemic.
Any.Run experts warn that attacks usually come in one of the three ways.
1. Covid themed documents that attackers usually attach to spam-emails. They and send the emails to a massive contact database. When opened, such a document downloads the virus.
2. Phishing and fraudulent websites, that capitalize on your fear of the pandemic. They may offer medical supplies or updated quarantine rules, but really all they do is try to trick you into willingly giving contact or payment information.
3. Spam emails and files from fake executives. These emails often contain instructions that guide a user into downloading a virus. We will talk about dealing with these attacks later in the article.
Basic Security Rules That We All Should Follow
Before looking at security best practices, let’s get a few common rules out of the way. According to Any.Run researchers, there are certain behaviors that compromise security by default. Unfortunately, these are mistakes that a lot of us often make.
Here are a few things you shouldn’t do:
- Using unsecured Wi-Fi networks. Thes are Wi-Fi networks in coffee shops and other public places. Hackers can use them to compromise your device;
- Using unprotected personal devices. Your laptop may be good, but it probably lacks some important security tools like strong antivirus protection and firewalls, so try to avoid using personal equipment.
- Being careless. By default, home is a sweet and safe place where we deactivate our inner defense system. It also applies to any out-of-office environment. As a result, you are more likely to ignore the security rules imposed by the employer. So, don’t be careless at home.
With all of this in mind, here are 8 steps on how to maintain cyber security at home:
1. Use Company-Owned Devices
When possible, a remote employee should use a company-owned (and maintained) laptop. This measure alone will greatly reduce the risk of data loss. Try to get this idea to your boss or another decision-maker. After all, it’s in the company’s best interest, especially if we are speaking about a bank or a similar institution that manages sensitive data. The managers don’t want a lot of strange devices with outdated software and weak anti-virus protection get connected to their corporate network.
Sure, if the business you work for is small, it might be difficult for them to provide every employee or contractor with a company laptop. (Besides, we all hope the quarantine won’t last forever, and many white collars will return to their cubicles).
In this case, consider using a secure remote desktop service. All the data and software remain at the office machine, and your personal device acts as a display. Note that under this scenario, your PC should have the same level of protection as the office desktop. Otherwise, the remote connection could become a gateway for malicious data.
2. Install Strong Anti-Virus Software
In the office, you are safe. Companies normally take all the necessary measures to protect their devices from cyber attacks. If you work remotely from your personal device, data protection becomes your own responsibility. The main step would be to install an antivirus software by a reliable developer.
Freeware you are probably using now ensures only the basic level of protection and lacks some important features. Remember that nothing is 100% free in this world unless it’s charity. Software developers’ primary goal is making money. So, if you don’t pay for using their products, they take a digital toll on you. Meaning the freeware collects your metadata that will be used for marketing or other purposes.
3. Update Your OS
Still using an older version of Windows or Mac OS? Bad news — it has vulnerabilities that hackers may use to attack your device. Again, when you work at an office machine, other people are responsible for updates. If you deal with your personal device, there is no one to rely on. Cybercriminals know it well and bet on your laziness. Mend this loophole.
We recommend you to regularly update your OS and every piece of software you use for work.
4. Protect Your Home Wi-Fi Connection
To attack your device, hackers may connect to your home Wi-Fi network. If they succeed, it will allow them to intercept your data, including sensitive ones. Thus, before starting to work from home, configure your router settings.
For a start, check if your home connection is encrypted. Do your guests have to ask you for a password to get connected? Then it’s okay. Speaking about passwords, they should not look like 12345 or MyHome. Read this Security Guide to know what a strong password is.
In your router settings, opt for a WPA2 encryption mode. Right now, it’s the safest choice.
5. Use VPN In Coffee Shops
Ok, you have secured your router and now the data you send from home is encrypted.
Do you still need a VPN (Virtual Private Network) on your laptop and phone? Well, if you are self-isolating due to the Covid-19 outbreak, you probably don’t. Just because your device never goes out.
As for less stressful days, it depends. For instance, if you have a habit of using open Wi-Fi hotspots in coffee shops, co-working stations, parks or trains, you do need a VPN. It ensures an isolation layer between you and that suspicious guy at the corner table.
Also, a VPN would be useful if you don’t completely trust your provider. Say, you share an apartment with a person you hardly know and get connected using the password s/he gives you. Better safe than sorry.
6. Use Corporate Messengers And Mail Services
Most companies use corporate messengers, email services and private cloud storages for internal communication. These services were chosen and set up by your IT guys, so these guys are responsible for their safety. On the opposite, when you share information with your co-workers using your personal email address, Facebook chat or Google Drive, you put it under threat. The potential fault is also yours. Let’s consider two examples.
You upload something and give access to everyone with a link. You are sure your info is safe, as you send this link only to the person/s you trust. But it’s not that simple. ‘Anyone with a link’ option means that your doc may appear in a stranger’s search results if he looks for something on your topic.
Free messengers we use for personal communication would be a bad option for corporate data sharing. Even those implementing encryption can harvest users’ metadata.
Besides, the popular messengers like WhatsApp may be hard to manage. If you use a group chat to discuss business issues, you should remove the members that have changed their phone number. If you don’t, the person who gets this number will keep receiving messages from the chat.
The conclusion is simple. For better safety, don’t exchange anything important otherwise than via the corporate communication tools. ‘Business-class’ services normally feature a higher level of protection. Corporate mail has better filters, and it’s more likely to detect and block spam and phishing letters.
7. Watch Out For Scams
We have already written about the popular types of coronavirus scams, including the Covid-19 live map. But it’s important to know about the modifications customized for remote workers. Hackers seek to cash in on this global trend and are laying new traps. According to Any.run, they often offer to take a free coronavirus test, with a paid day off work.
Ok, let’s review the basic work-from-home scams you should detect at first sight.
Remote Work-Specific Scams: Examples
- CEO scam. A remote employee receives a fake email/text from their boss or even the company CEO. It demands important information or even a money transfer. Something like “I forgot my password, send it to me asap” or “I need you to process a wire transfer, let me know if you can do it now”. It often looks like an emergency request to add anxiety and leave you less time to think things over.
- IT scam. A hacker pretends to be a member of your company’s IT team. They may openly require some data or just send you a generic corporate message like: “We call an emergency meeting tomorrow at 12:00, follow this link to join” or “For security reasons, you have to update your email client, click here to install the latest version”.
- Client scam. Under this scenario, a ‘client’ contacts a freelancer to discuss some project and casually asks for some sensitive information. Scammers may impersonate a famous company and make an attractive offer on its behalf. Happy to get this opportunity, the victim provides what they ask for.
Yes, we know — these schemes look rather primitive and probably wouldn’t work under normal conditions. In the office, you can always approach a higher-ranked or more experienced colleague and ask them what to do. But in an unfamiliar situation, you don’t know how to react. Besides, due to the pandemic many untypical requests seem quite natural and you respond to them without a second thought.
Note that using the corporate mail and messenger greatly reduces the risk of receiving scam messages. But they happen to find their way there, too. Therefore, never open, click or download anything unless you’re 100% it comes from legitimate sources.
8. Lock Your Device
This rule applies to working from public places or sharing a workspace with people you don’t completely trust. They may be some strangers you encounter at a coworking station, or your roomies, or the guys you travel with.
To avoid any corporate information leak, password-lock your device or use free desktop encryption tools like VeraCrypt. If you have to leave your device somewhere (say, you are in a cafe and want to go to the bathroom), use a keyed lock like Kensington. It physically locks desktops, printers, laptops, monitors, and other types of devices.
Cybersecurity For Remote Work: Conclusion
Ok, these were the basic tips to follow if you wonder how to make remote work secure. As always, the rule of thumb is to stay calm and vigilant. This attitude will help you avoid or reduce many risks, especially now.