Cyber Security Working From Home
The importance of cyber security working from home has become more than evident with the recent pandemic outbreak.
The importance of cyber security working from home has become more than evident with the recent pandemic outbreak. Many companies worldwide had no other choice but to let their employees work remotely. With this, the IT infrastructure of companies got compromised, and cyber-attacks became an increasing concern.
When employees work within the same physical space and same servers and routers, the IT team typically takes care of cyber security. But, if you work from home, you have to take measures and protect yourself.
Let’s dive deeper into the importance of cyber security working from home and things you can do to avoid cyber-attacks.
What Are the Biggest Cyber Security Risks for Remote Workers?
As we’ve mentioned above, more and more companies worldwide are switching to remote working. As a result, cyber-criminal is on the rise more than ever, trying to exploit all the vulnerabilities of unsafe networks and untrained employees.
Here are some of the most significant risks to cyber security working from home:
Malware attacks typically use malicious software (usually a virus, trojan horse, or worm), which gets installed on the victim’s device in different covert ways. That can happen through clicking through an unsafe website, downloading a compromised attachment, clicking on a link in an email, etc.
Typically, hackers use malware software to extract data that they can later on exchange for financial gains.
Social engineering is described as a way for criminals to exploit and abuse human psychology. It’s a way to manipulate or trick someone to grant you access to their private data or info such as login credentials, card numbers, etc.
Common social engineering techniques are baiting, phishing, spear-phishing, pretexting, etc.
Phishing is among the most common social engineering attacks. Cybercriminals send corrupted emails with the pretense of being a trusted source and misleading the victim into opening them, downloading the malicious file, or clicking on a shady link.
Hackers often use phishing to steal sensitive data such as login credentials, credit card information, bank logins, social security numbers, etc.
Although ransomware is a type of malware, its recent spike and popularity call for its own spot on the list. Ransomware is malicious software that usually encrypts files on a device or “holds them hostage”. At this point, the files are unusable for the victim, and only the attacker can retrieve them.
Next, the cybercriminal will ask for a ransom in exchange for returning the files undamaged and threaten to release confidential data publicly. Ransomware is always used as a blackmail technique to extort money from an individual or an organization.
DDoS stands for distributed denial-of-service, and this is a type of cyber-attack aiming to crash a website or an online store by overwhelming the servers with tons of fake traffic or incoming server requests. When done with a purpose, it’s typically a malicious way to gain a competitive advantage during peak buying times.
But, DDoS attackers can also target servers, networks, applications, or devices, including your home network and device. These attackers can use your computer for DDoS attacks without you even knowing. Their aim is to bring systems and processes down, so you might notice a reduced bandwidth or inability to process data.
The last major cyber security risk for remote workers is using unsecured WiFi networks. An unsafe WiFi network can be the public WiFi of the cafe you always go to work. Or, it can be your home WiFi network that isn’t properly set up.
Cyber-criminals often exploit insecure WiFi networks as a way to gain remote access to the other devices using the network. That’s why having stable WiFi with good encryption and password protection is crucial.
Tips to Increase Cyber Security Working from Home
Now that we’ve seen the most common cyber-attacks remote employees can experience, let’s take a look at some practical tips you can do to maximize your Internet security and protect your privacy.
Separate your company and personal devices
A recent HP Wolf Security Blurred Lines & Blindspots report shows that an incredible 69% of employees admit using their personal devices (laptop, printer, or scanner) for work-related activities.
Using personal devices to access company accounts is perhaps the most significant concern of employers when it comes to cyber security for remote teams. Unsafe home printers are of particular concern to experts, as they’re commonly used for printing work-related files, leading to compromised data and cyber-attacks.
“ As companies extend corporate offices into the home environment, print security must no longer be a blindspot. The scenario of a printer being used to infect the wider corporate network is a very real potential. 45% of IT decision-makers say they have seen evidence in their company of compromised printers being used as an attack point in the past year. It’s time companies woke up to this problem and protected themselves against printer-based attacks. “, says Roz Ho, Global Head of Software, HP Inc.
Interestingly, the same report shows that 46% of employees use their company laptops for personal needs. And if that’s not scary enough, 30% of employees also let someone else (typically an unauthorized family member) access their work device.
Install a good antivirus software
Investing in comprehensive antivirus and antimalware software is a must for everyone, especially those working from home. There are many free or paid antivirus software solutions out there that offer adequate protection.
If you’re an employer with staff working from home, it’s best to have a regulated and paid set of Internet protection tools with multiple users for your employees. With this, you’ll ensure your remote employees don’t fall prey to malicious cyber-attacks and compromise sensitive data.
On the other hand, if you’re a remote worker and don’t have a company-wide antivirus solution, you can use many free versions to protect yourself, like Avast, AVG, Avira, Kaspersky, Microsoft Defender, etc.
It’s important to note that antimalware tools also scan files you transfer from USB ports or download online. Plus, they keep your browser safe. So, instead of compromising your personal or company data, ensure your antivirus software is up to date and running.
Offer cyber security training to your employees
With the sudden outbreak of the Covid pandemic at the start of 2020, many organizations didn’t have enough time to properly train their employees on all the best practices to increase their cyber security. As a result, experts noticed a significant increase in cyber-criminal.
According to a recent Deloitte report on Covid 19 home office cyber security, an astonishing 42% of employees responded that their employer hadn’t provided any mandatory training or awareness on working securely from home.
Failing to provide training and standardized policies with rules, obligations, and best practices for cyber security can result in employees quickly falling prey to online predators. In this way, your remote staff can compromise or leak confidential company data without even knowing.
Education should be the first step of every business aiming to increase their cyber security awareness. You empower your employees and keep your company safe by pointing out the dangers of the Internet world, the risks, and the best ways to protect themselves.
Don’t use public WiFi
Public WiFi networks are notorious and known sources of cyber-criminal since hackers can log into the same network as you and spy or steal your login information from any company or personal account.
In the case of public WiFi networks, free ones that don’t require a password are of particular concern. Practically anyone can connect to such shared networks and gain access to your device.
So, if you work remotely and plan to work from a cafe or a restaurant, use your personal hotspot from your phone instead of connecting to a public WiFi. And, if that’s not an option, use public WiFi only for things like reading the news.
The important thing is to avoid logging into any email servers, bank accounts, or other private or business accounts that require typing a username and password.
Secure your home WiFi network
It’s important to note that home WiFi networks can also be unsafe if they aren’t adequately secured. Often, we make the mistake of not setting up our routers properly and using the generic network name and password the router came with. However, we don’t realize the cyber security risks of this practice.
Here are some actionable things you can try right away to secure your home router and make your WiFi network private:
- Use a unique SSID, router name, and password (type 192.168.1.1 in your browser to do that);
- Choose a complex password that contains letters, numbers, and characters;
- Switch to a WPA2 network encryption security method;
- If necessary, limit network access only to a few MAC addresses (every device that connects to the network has its own MAC address)
Beware of phishing attacks
Lately, using Covid-19 in phishing attacks has become a favorite among cybercriminals. Typically, they make people afraid they might be infected or tell them that they’ve been in touch with someone who tested positive. Like this, hackers often manage to get social security numbers or other sensitive data that they can abuse.
According to a recent Deloitte study, 25% of employees have noticed an increase in phishing emails since the start of Covid-19.
Here, note that phishing emails or scams don’t have to be Covid-related. They can try many different approaches to try and get your credit card number or other data. And, almost always, the email will come from a seemingly reputable organization. But, if you look closer, you’ll often find that the email has a spelling mistake, and it just looks like the original one.
And finally, always be wary of links or attachments you receive from company emails as well. Unless you expect to receive a file, always call to ask first if your colleague really meant to send you something, or maybe their account has been hijacked.
Use a safe VPN
Often, employees who work from home will have to connect to a company’s VPN to work. VPN stands for “Virtual Private Network”, and remote teams often use it to work safely and privately. A safe VPN with secure passwords is a must for everyone that works from home.
However, educate your remote team to know when to disconnect from the VPN and connect to their home network. Your remote staff should know how to secure both the company and their private data.
Although they’re considered safe, VPNs can also often be the door that lets cybercriminals in. So, if your employees’ VPN passwords are compromised, they can still fall prey to malicious cyber-attacks.
To strengthen your company VPN, try these tips:
- Use a safe provider;
- Update from a Point-to-Point Tunnelling Protocol to a Layer Two Tunnelling Protocol (L2TP) for better encryption;
- Make it a rule for your remote employees to change their passwords regularly;
- Use a robust authentication method, not just username and password;
- Ask your remote staff to use the VPN only during work hours.
Download only from direct sources
Another practice that strengthens cyber security working from home is downloading your tools and software only from the official websites and trusted sources.
For instance, if you want to download Zoom, don’t download torrents or go to third-party download pages but directly to Zoom.com. The same goes for any software or tool you want to download, including the Microsoft Package, Adobe Photoshop, different phone solutions, CRMs, etc.
Downloading software from untrusted sources puts you at risk of unintentionally downloading malware and corrupting your files or the whole device. This type of malware will often download and install silently without you even realizing or approving it.
Lock your devices to prevent unauthorized access
Always lock your devices, no matter how long you’re away from your work desk! For instance, set up automatic locking of your laptop when there’s no activity for more than 5 minutes. Like that, each time the screen turns on, you’ll be prompted to put your password, pin, pattern, or biometrics to log in.
Unauthorized access from family members of remote employees is a significant concern for employers. This practice can result in legal data privacy issues for both the employer and the employee, whether intentionally or not.
Be especially careful of unlocked devices if you work from public spaces like shared offices or cafes. It can take just seconds for hackers to steal data or transfer malicious software with a USB stick.
A centralized storage cloud and file backups
Storing data locally and scattering it throughout different company devices is a bad practice, often resulting in data breaches or loss.
Firstly, devices can be physically damaged, which means you’ll likely lose that data. Secondly, devices can be stolen, which means your files get stolen. And lastly, your device disks can get compromised by malicious software, affecting or damaging the local files.
Hopefully, these reasons portray the importance of using a centralized storage cloud with designated access and protection. Cloud storage solutions have their own firewall, which protects you from uploading corrupted files.
As an employer, you can implement a premium company-wide storage solution with upgraded security. Or, if you’re an employee and your employer doesn’t have a set storage solution, use some of the many free clouds like OneDrive, Google Drive, or DropBox to do regular backups of your work files.
Be careful of video conferencing attacks
Video conferencing became the norm after Covid-19, so, naturally, cybercriminals started looking for ways to exploit it. The best example of video conferencing attacks were the recent Zoom security issues, which opened our eyes to all that can happen through these video tools. And, Zoom isn’t an isolated example — the same can happen with Microsoft Teams or Google Hangouts.
Of course, avoiding video conferencing is impossible when work requires it, so, unfortunately, we can’t stop using these apps. But, there are always things you can try to maximize your cyber security when using video conference apps:
- Use passwords for people to join a meeting;
- Purchase a webcam cover for when you aren’t using it;
- Always install the latest patches or updates;
- Use the web browser version instead of the desktop version (typically, security updates are implemented faster on the web browser version);
- Look for software with end-to-end encryption.
Choose strong passwords
The fact that you work from a home office doesn’t mean that you should be careless about your passwords. On the contrary, working outside the regulated company IT infrastructure and firewall exposes you to malicious cyber attacks.
So, don’t just use your birth date, marriage date, or company name as a password. Those are very predictable and easily accessible options.
Here’s the official advice from the US Federal Trade Commission:
“ Use passwords on all your devices and apps. Make sure the passwords are long, strong and unique: at least 12 characters that are a mix of numbers, symbols, and capital and lowercase letters. “
Implement this practice for your work files and devices as well as your personal ones. Strong password protection is the simplest yet often underrated way to protect yourself against cyber-attacks and Internet crime.
Working from home means less control and help from the IT department, and it also means dealing with things like app and software updates on your own. For your antivirus or antimalware software to work correctly, stop ignoring the update notifications and download the latest versions of all tools you’re using.
Software updates aren’t just for new features or updated interfaces. They also come with improved security patches that keep you safe against cyber-attacks.
It’s important to understand that no tool or software is perfect, and all of them have a flaw that cybercriminals can eventually crack and abuse. That’s why updates exist — to patch different security flaws and provide increased safety and usability of the tool.
Use two-factor authentication
A two-factor authentication, or even better, a multi-factor identification, is a great measure to prevent cyber-attacks. Failing to set it up is the first mistake in this regard.
However, an even bigger mistake is using your personal phone number or email as a backup identification. Understandably, this practice is often necessary but try to avoid using your private data for work-related purposes as much as possible.
If technically doable, a great way to set up a multi-factor authentication is by using biometrics such as fingerprints, facial recognition, etc.
As an employer, always make sure you have admin access to all your remote employees’ accounts so that you can regain access to company accounts in case of emergencies. Often, an employee can suddenly quit or even intentionally deny you access to company property accounts. Protect your organization by having an admin account with master access.
Use secure APIs
APIs or application user interfaces exist to connect two or more services and make them synchronize, giving the tools and software additional features. However, due to rushing to market or developer errors, these APIs are often open to the world and easy to manipulate, especially for DDoS attacks.
To prevent insecure APIs, developers have to pay attention to the following aspects:
- Create a proper authentication for the API, such as one-time passwords, digital identity profiles, etc.;
- Try using SSL/TLS encryption for data that’s in transit;
- Strengthen the API authorization controls;
- Perform external attack simulations to discover API weaknesses and blind spots.
As a work-from-home employee, be careful when using third-party API integrations. Of course, they have tons of benefits and make us work more efficiently, but they also expose you to many cyber security risks.
Some Key Examples of Cyber-Attacks
Often, even great companies make mistakes and fall victim to cyber-attacks. Here are some famous real-life examples of cyber attacks:
In 2013, hackers stole the passwords of 38 million Adobe customers and published them for sale on the dark web. Unsurprisingly, this was a pivotal point in Internet security history that reinforced the importance of double encryption.
My Fitness Pal (2018)
Over 150 million email addresses and login credentials were leaked in February 2018, when hackers attacked the diet and weight loss app called My Fitness Pal. The company promptly informed its users of the leak since the data popped up for sale on the dark web.
In June 2021, LinkedIn experienced a cyber-attack when hackers stole the data of 700 million users (over 90% of its users back then), and then a part of it leaked on the dark web.
Approximately 533 million Facebook users fell victim to the data breach from Facebook apps, where emails and phone numbers were stolen. Two years later, in 2021, this data became public.
Marriott Hotels (2018)
In 2018, Marriot Hotels was fined 18.4M pounds due to a data leak that went unnoticed for years. In this cyber-attack, about 339M guests had their data compromised.
A Final Word
According to Cybersecurity Ventures, the damages of cybercrime will reach $10.5 trillion annually by 2025. That’s an astonishing amount and more than enough to make us all realize the importance of cyber security, especially for remote workers.
Office workers are not immune to cyber-attacks, but they have an extra security layer behind a safe firewall and IT infrastructure. On the other hand, remote workers don’t enjoy this privilege, so they often have to take additional measures to increase their Internet privacy and security. That’s why I believe educating your remote team members and training them to recognize cyber security threats should be a priority for every organization.
All in all, I hope that the above tips will help you strengthen your privacy game and increase cyber security working from home.
Originally published at https://guptadeepak.com on March 7, 2022.