Since the pandemic, working from home has become much more widespread worldwide and many companies around the world have embraced both remote and flexible ways of working. As the pandemic fades, many predict that remote working will remain prevalent across multiple sectors.
It’s no secret that working from home or remote work is convenient and has many benefits, it also exposes both individuals and businesses to a range of cybersecurity risks. That’s why it is essential to give serious consideration to home cybersecurity. By following best practices, you can mitigate most cybersecurity threats related to working from home threats quite easily.
Threat to your security when working from home
Whenever we are online, we’re at risk – but when you’re at work, in the office, you’re usually using a network that has antivirus software, firewalls, and automatic online backup capabilities. This makes it hard for any malware to access your device or for any personal information to be uncovered.
But if you’re working from home, even though your connection is probably secure, most people simply don’t have the same security tools. And if you’re working from your local coffee shop – or from any unsecured public Wi-Fi network – the risk of security breaches rises rapidly. Here are the top remote working security tips to ensure you and your staff are working from home safely:
1. Use a VPN
Using a Virtual Private Network (VPN) is a great idea, particularly if you ever have to use unsecured or public networks. Because it encrypts all your internet traffic, a VPN means no-one can eavesdrop on what you’re doing. It also means websites can’t figure out where you are and prevents your internet provider, government agencies or hackers from keeping tabs on your activity. Using a VPN can slow down internet speeds, potentially affecting the quality of bandwidth-intensive tasks like video calls. Search for VPNs renown for speed and stability. Read this VPN review to learn more.
VPN security can be enhanced by using the most robust possible authentication method. Many VPNs use a username and password, but you may want to think about upgrading to the use of smart cards. You can also enhance your encryption method for VPN access, for example, by upgrading from a Point-to-Point Tunneling Protocol to a Layer Two Tunneling Protocol (L2TP).
2. Install regular updates
It can be annoying when a pop-up appears asking you to update your software or operating system – but skip these at your own risk! The software and apps you use can be vulnerable, as can your internet browser, and installing regular updates can protect yourself from potential security weaknesses. Luckily, most updates are installed automatically these days, and you can also choose when the update occurs (i.e.. while you’re asleep), so there’s little to no interruption to your work.
3. Lock your device
If you ever work in public places like coffee shops – or you live with people you don’t work with – it’s important to lock your device. It’s easy to forget this, so enable automatic locking. This means if you pop to the bathroom or to get a drink, your device will lock until someone enters the password. For a laptop, a few minutes is usually a safe amount of time before the lock kicks in; for a mobile phone, 30 seconds is advisable.
4. Get antivirus software
And set routine updates! Running antivirus software on your machine is one of the easiest ways to quickly detect and defuse potential malware. Norton, McAfee and Webroot are all household names, but there are a ton of reliable antivirus providers out there worth investigating.
5. Encrypt your devices
Encrypting your devices helps keep your information safe because it prevents unapproved access. If your laptop is stolen, for example, having encrypted files makes it much harder for a thief or any other person to access your data without the password. For Windows, check out BitLocker, and for macOS File Vault. Devices using Android 6 and iOS 8 and above are encrypted by default, so check to see what version you’re using. It’s also good practice to seek out encrypted communication tools for email and instant chat to make sure no one can access your private conversations. Thankfully, many mainstream instant messengers are encrypted by default, including Signal and Telegram.
6. Use a password manager
Obviously, it can be hard to remember multiple passwords, particularly when they’re complex… But that shouldn’t make accessing your work system or sharing accounts a chore. Password managers create strong passwords for you and then help you remember them. Tools like NordPass, Dashlane, 1Password, LastPass and KeePass save your login info in one secure space for easy access, and allow you to share them securely with colleagues, family or friends for quick and convenient access.
7. Be aware of phishing
More people working from home means there’s a greater chance of being hit by a phishing scam. Phishing emails are pretty common, and most of us will have received one before; emails that look like they’re from an online service provider asking for your contact details, or emails containing infected attachments, are common forms of phishing. Always carefully check the sender’s email address and the subject line, as well as the contents of the email itself; spelling mistakes or bad grammar are telltale signs of phishing scams. Instead of clicking any included links, hover over them to reveal their destination URL – if they don’t direct to a provider’s official site, it’s a blatant scam.
8. Keep family members away from work devices
While you may trust yourself and your tech-savvy employees to keep themselves safe online, it’s worth remembering that working from home means company computers are more likely to be exposed to young children and other members of employees’ families.
Therefore, it’s important to remind staff to keep their devices safe and not allow other household members to access their work laptops, mobiles, and other forms of hardware. It’s also worth reminding them of the importance of password protecting their devices to prevent third parties from accessing sensitive files.
9. Beware of Zoom and video conferencing
working from home often means relying on videoconferencing software – which, in turn, creates potential WFH security risks.
For example, in the past, Zoom was compelled to address security flaws after a spate of so-called “Zoom bombing” attacks. In these attacks, uninvited persons gain access to another person’s video conference and enter it to intimidate and harass other users. Although the term “Zoom bombing” derives from the Zoom app, similar incidents have taken place on other platforms.
The risks to your company are that, if your video conferences are being invaded and monitored, sensitive information about your business or your clients may be leaked. Your staff may also suffer personal and potentially traumatizing attacks from hackers.
In response to Zoom bombing attacks, the FBI released advice to help users protect themselves while using video conferencing software. This includes:
Ensure meetings are private, either by requiring a password for entry or controlling guest access from a waiting room.
Consider security requirements when selecting vendors. End-to-end encryption offers important privacy and security – so check whether any video conferencing software you use includes this feature. Ensure software is up to date by installing the latest patches and software updates
10. Use strong passwords
It’s obvious, but essential. Pick a strong password that’s entirely unrelated to your personal details – so no names, addresses or dates of birth. Always include upper and lowercase letters, numbers and special characters – consider using a free password generator to help you out here. Above all, make your passwords single-use; using the same password for multiple accounts puts you at risk of credential stuffing, where a criminal is able to use one leaked password to access all your other accounts. Don’t risk it.
For an additional layer of protection, enable two-factor authentication (2FA) across your accounts. This usually involves entering a one-off code each time you log in, which you receive via email, text or an app, like Google Authenticator.
Working from home is a win for businesses and a win for employees, but it’s not perfect although many believe that the benefits of working from home outweigh its risks. There are still plenty of hazards and downfalls that go along with working from home. Instead of letting your employees navigate these alone, work with them to create habits and routines that will keep them safe and healthy.