Cyber Security tips when working from home.

Let us start by saying we hope you and your teams are all in good health and our thoughts are with those who are already impacted by the Coronavirus pandemic. At ADECS-Maple we are doing our utmost to help our clients get back up and running remotely as the government increases its efforts to minimise the impact of the virus.

As such, many of us will be working from home. We thought it would be helpful to share with you and your teams a reminder on cyber security measures and some tips to bear in mind when working remotely.

Before delving into the tips, let’s review a few of the online threats that remote workers should be aware of.

Unsecured WIFI networks

Most people will be working from their home where they can secure their WIFI. But some may have to use unsecured public WIFI networks which are prime spots for malicious parties to spy on internet traffic and collect confidential information.

Using personal devices and networksecured WIFI networks

Many of us will be forced to use personal devices and home networks for work tasks. These will often lack the tools built into business networks such as strong antivirus software, customised firewalls, and automatic online backup tools. This increases the risk of malware finding its way onto devices.

Scams targeting remote workers

We’ll likely see an increase in malicious campaigns targeting remote workers. What’s more, with many employees lacking remote work opportunities, we’ll no doubt see an increase in the prevalence of work-from-home scams so please be prudent when faced with such offers.

Thankfully, armed with the right knowledge and tools, you can stave off many of these threats and continue getting your work done.

Cyber Security tips for staff working remotely.

Note that before you take your own measures to protect your online security, you should check in with your employer to see if they have any Cyber Security protocols in place. In light of the COVID-19 crisis, many companies are hastily putting together work-from-home plans. They may be able to provide you with specific directions on how to handle certain aspects of cybersecurity and perhaps provide access to some of the tools you need.

Here are some helpful tips you can consider when working remotely:

Use strong passwords

Set up two-factor authentication

Use a VPN

Set up firewalls

Use an antivirus software

Secure your home router

Install updates regularly

Back up your data

Beware remote desktop tools

Look out for phising emails and sites

Use encrypted communications

Lock your device

Let’s look at each of these in details:

Use strong passwords

It’s as important as ever to ensure that all accounts are protected with strong passwords. Unfortunately, many people still use the same password across multiple accounts. This means that all it takes is one compromised password for a criminal to take over all of your accounts. They take leaked usernames and passwords and attempt to log into other online accounts, a tactic called credential stuffing.

Passwords should be unique for every account and should comprise a long string of upper and lower case letters, numbers, and special characters.

Set up two-factor authentication

Having a strong password often isn’t enough, for example, if your credentials are leaked in a data breach. Two-factor authentication (2FA) involves an additional step to add an extra layer of protection to your accounts.

The extra step could be an email or text message confirmation, a unique code auto-generated via an app or a biometric method.

Use a VPN

A Virtual Private Network (VPN) has an important role to play in remote-working, and that’s improving your online privacy. Most if not all our clients are set-up to use VPN by Sonicwall through their firewall. A VPN encrypts all of your internet traffic, so that it is unreadable to anyone who intercepts it.

Set up firewalls

Firewalls act as a line defense to prevent threats entering your system. They create a barrier between your device and the internet by closing ports to communication. This can help prevent malicious programs entering and can stop data leaking from your device.

Use an antivirus software

Although a firewall can help, it’s inevitable that threats can get through. A good antivirus software can act as the next line of defense by detecting and blocking known malware.

Even if malware does manage to find its way onto your device, an antivirus may be able to detect and in some cases remove it.

Secure your home router

When was the last time you changed your router password? Many people don’t. This leaves your home network vulnerable. It’s important to take simple steps to protect your home network and prevent malicious parties having access to connected devices.
Changing your router password is a good first step.

Install updates regularly

Updates to device software and other applications can be a source of annoyance. But they really are important. Updates often include patches for security vulnerabilities that have been uncovered since the last iteration of the software was released.

In many cases, you can set updates to run automatically, often while you’re sleeping, so you don’t have to worry about downtime.

Back up your data

Data can be lost in a number of ways, including human error, physical damage to hardware, or a cyberattack. Ransomware and other types of malware can wipe entire systems without you having a chance to spot it.

Ensure you save any company related work data on your work network drives and not just on your desktop, these are backed up and secure!

Beware remote desktop tools

There will be a few of our customers who do not use VPN or are not set-up for this. Please be advised that RDP should be used cautiously as it does not hold the same cyber security measures than VPN’s do via the firewall. We advise a Firewall and VPN set-up if remote working will be an on-going requirement.

Look out for phising emails and sites

Phishing emails, as well as voicemails (vishing) and text messages (smishing) are used by cybercriminals to “phish” for information. This information is usually used in further schemes such as spear phishing campaigns (targeted phishing attacks), credit card fraud, and account takeover fraud.

With the rise in the number of people working from home due to the coronavirus outbreak, no doubt there will be plenty of cybercriminals looking to cash in on the trend. It’s highly likely that phishing emails will target remote workers in a bid to steal their personal information or gain access to company accounts.

To spot a phishing email, check the sender’s email address for spelling errors and look for poor grammar in the subject line and email body. Hover over links to see the URL and don’t click links or attachments unless you trust the sender 100 percent. If in any doubt, contact the alleged sender using a phone number or email address that you find somewhere other than in the suspicious email.

If you do click a link and end up on a legitimate-looking site, be sure to check its credibility before entering any information. Common signs of a phishing site include lack of an HTTPS padlock symbol (although phishing sites increasingly have SSL certificates), misspelled domain names, poor spelling and grammar, lack of an “about” page, and missing contact information.

Use encrypted communications

Of course, there are times when you need to communicate with fellow workers, and it’s common for those emails to include sensitive information. If your company doesn’t already provide you with secure methods of communication such as Microsoft Exchange, you may have to come up with your own options.

Lock your device

Whether you have remoted on via VPN or RDP or you are just using your email portal, please remember to not leave your PC/Laptop unattended without locking the device. Password-locking your device will usually encrypt its contents until someone enters the password.