One of the ways to help reduce the spread of Coronavirus COVID-19 is social distancing, which for many businesses means encouraging, or requiring, employees to work from home. This can create cyber security problems for employers and employees and has the potential to increase the risks of a cyber-attack, as employees are not protected by the same security controls as their usual office environment.
When moving to a work from home set-up, it is important that you take the following steps to reduce the risk of a cyber-attack.
- Engage Your IT Department or get some technical support. The experts can help ensure that things are set up correctly. They will ensure that all devices being used for work are secured with up-to-date firewall, antivirus, anti-malware and data encryption software. There may also be policies and procedures that you can out in place before employees access work data away from the office.
- Use a work-issued device when possible. Your organization will often have work-issued devices set up with additional security that will help keep your data safe. Using your personal computer to access work data increases the risk that your data can be stolen or compromised.
- Never Use Public Wi-Fi. Public Wi-Fi networks pose significant security risks and should be avoided at all costs. Only connect to the Internet through a secure network. When connected to a public network, any information you share online or via a mobile app could be accessed by someone else.
- Always use a Virtual Private Network (VPN). A VPN encrypts all of your internet traffic so that it is unreadable to anyone who intercepts it, adding an extra layer of security to your web use. Most organizations will provide a VPN to their employees to ensure secure, remote access for work use, and personal VPN accounts are available from various service providers.
- Ensure that Home Routers are Secured. Ensure that the password on home routers have been changed from the factory default and set encryption to WPA2.
- Use Strong Passwords. Compromised passwords are still one of the leading ways that cybercriminals gain access to sensitive user data. Passwords should be complex, changed frequently and should never be used for multiple accounts. Many people use the same or similar version of a password for everything, even between work and home. This means a single stolen password can be reused on multiple sites to unlock dozens of accounts for hackers. Remembering many secure and complex passwords can be difficult. Password management software can help and will ensure you have strong, unique passwords for everything.
- Use Multi Factor Authentication. This should be enabled for all employees. Logging remotely without being prompted for the SMS/OTP code this should raise a red flag. Contact local IT ASAP.
- Encourage employees not to respond to requests for information from unknown sources. This is even more important if the request is for personally identifiable information or passwords. There are people out there who will try to con you into sharing confidential information by pretending to be someone you know or work with. Take extra care in identifying who you’re sharing information with – even if you think the request came from a trusted resource or organization.
- Train staff to be on the lookout for phishing. Educate staff on how to recognize a phishing attempt, such as emails that request private information, use a generic introduction rather than your name, have spelling errors or use a suspicious email domain.
- Only click on links, open attachments, and download software from trusted resources. There are people out there who will try to take advantage by masking malicious links as something informative. Once clicked, those links can be used to gain access to private information and/or freeze computers or networks. If you’re unsure of the source, don’t click.