How to maintain good cybersecurity hygiene when working remotely
If you are a remote worker connecting to your organization’s information technology (IT) resources, your home effectively becomes an extension of your office, and thus, any vulnerabilities on your personal devices or network become security risks for your organization as well. Disregarding your organization’s security policies and procedures just because you are working remotely can lead to consequences just as serious as failing to follow those policies in the office. Fortunately, following some basic guidelines will dramatically reduce cybersecurity risks and help protect your personal network(s) and devices as well as those of your employer’s.
Secure your home network and devices.
There are online tools readily available to hackers that scan for and identify Wi-Fi routers using the router’s default administrative credentials. If those default credentials are not changed, that becomes an entry point for malicious activity. Check your router’s password and, if it’s using the default, change it to a complex password with at least 8 characters using numerals, upper- and lower-case letters, and special characters (such as the symbols atop the keyboard number keys). While you’re at it, disable remote management functionality and change the router’s name if it, too, is still the default setting. The default router name often reveals enough information to allow cybercriminals and malicious actors to identify the make and model, and exploit any known vulnerabilities associated with that particular router or networking device. If you don’t know how to change those settings, you can find instructions online by searching using the router’s make and model, which can usually be found on a sticker affixed to the back or side of the device.
Your router should also be running WPA2 or WPA3 encryption. If it isn’t, your resources and those of your employer are not sufficiently protected. If those encryption protocols are not available on your current router, consider upgrading to a more modern, secure router. If your Internet service provider (ISP) furnished the router, they may upgrade it at little or no cost to you.
Make sure your computers and other devices connected to your home network are set to download and install security patches and updates automatically. Also, ensure that they are running malware protection applications and that those are set to update and run periodic scans automatically. If a device on your network gets infected or compromised due to an unpatched vulnerability, it could put your personal devices and information AND your company resources at risk. Indeed, regardless of whether you connect to company resources, you should still follow these steps to increase your personal security.
Connect using authorized devices and secure connection methods.
If your employer has provided a computer for you to use, only use that device to connect to the company network. Do not connect unauthorized devices to your company resources, as they may not meet organizational security standards. If you are using a personal device to connect to a company resource, ensure that it has been vetted and pre-authorized for corporate use by your company’s IT staff.
Hopefully, your employer has provided you with a virtual private network (VPN) or similar secure functionality when remotely connecting to organizational resources. If so, be sure to use it! A VPN creates a secure, encrypted tunnel between your machine and the resource to which it is connected. The data flowing to and from that resource travels through that secure tunnel and is rendered useless to anyone other than the intended recipient.
Keep company-owned devices secure.
Don’t allow other members of the household to access and use company-owned devices. Accidents happen. Others likely aren’t familiar with company security policies and may access sites that they shouldn’t or may install unauthorized applications. They may also access confidential data inadvertently which typically still carries ramifications for you as the employee. Never leave your company computer unattended. If you must, then ensure the lock screen is enabled.
Know and adhere to your organization’s security policies.
Multiple studies conducted since the dramatic shift to mass remote work in 2020 have revealed that significant percentages of remote workers have developed bad habits when it comes to cybersecurity. At the same time, the number of ransomware and social engineering attacks, especially phishing, has risen significantly, with most of these attacks now targeting the remote workforce.
Remember, your home network effectively becomes a branch office when you connect to your employer’s resources. Read and follow your company’s security policies and procedures, regardless of your location or what devices you are using. Hopefully, your organization has updated policies available to you that provide additional guidance for remote workers. Since a significant number of attacks aimed at remote workers are phishing attacks, remember to never click on links or open attachments in emails unless you know and trust the senders. Always make sure to carefully check email addresses in an email; more sophisticated phishing attacks will show a legitimate email sender (in the email’s “Display As” field), but a more scrutinizing look at the address associated to that sender may contain an extra character or even a character from another language that looks very similar to that character in English (for example, an é with an accent as opposed to the letter ‘e’ on its own).
Report any issues immediately
If you notice anything suspicious, follow your organization’s procedures for reporting your observations. Make sure you know how to quickly get in touch with your IT or IT Security team. Most organizations have a special email or way to contact the right team when you need to report or inquire about potential or actual suspicious activity. If your computer (or phone) exhibits any strange or unusual behavior, this could indicate a security issue and should be reported right away.
Don’t be concerned about over-reporting or reporting something that turns out not to be an issue. It’s always better to raise the red flag – and quickly – than to fall victim and unleash untold havoc across your organization. Your IT staff will appreciate your diligence. Professional IT and IT Security teams would rather be inundated with numerous false alarms than miss that one critical event.
Now that remote work, teleworking and hybrid work environments have become the new norm, many employers are realizing significant benefits, including savings on office costs and utilities. Many remote workers also enjoy savings on travel time, commuting costs, childcare expenses and more. If employers and their employees work together to maintain good cybersecurity practices within their environments and ensure that security policies and procedures are followed, all parties can continue to benefit from these new work models for a long time to come.
For over a decade before the recent shift to remote work, BIA’s cyber experts have been helping law firms and corporations keep their data secure. Whether you need help remedying a data breach, or simply want a consult on setting-up a corporate BYOD or MDM/MAM policy, we are here to help and we invite you to reach out today.