Authored by: Dean Coclin, Senior Director of Business Development at DigiCert
Even before the coronavirus outbreak, employees were increasingly working from home. Since the World Health Organization declared COVID-19 a pandemic, many companies are asking their employees to work from home. As more people log into networks from home, there is an increased risk of opening doors to hackers. Additionally, hackers are using this pandemic as yet another surface to deploy their attacks. In this environment, it is more important than ever to practice good security habits.
Here are nine best practices to help secure your at-home work environment:
Check the Sites You Visit for TLS/SSL
While browsing the web from home, make sure you are visiting authorized websites. Different browsers have unique identifiers to show if a website is secure and authenticated. View what a secure website looks like on popular browsers to know how to distinguish authenticated from potential phishing sites.
Secure Your Network
A hacked network can mean access to the system by unauthorized users. Eliminate this chance through controlling who can access the network. Use multi-factor authentication (MFA) to ensure that only authorized users can access controlled systems such as your enterprise platform. After all, the home network when compared to an enterprise network is generally less secure because often there is a lack of Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS) in a home environment.
Additionally, working remotely requires a strong, secure internet connection. When working from home, ensure that your home network has a strong password, and if possible, try to separate your personal computer network with your IoT devices network. Follow these eight steps to stronger Wi-Fi security to secure your home network.
If you choose to work from a coffee shop or other public space, beware of public Wi-Fi and don’t trust open networks (read Dangers of Connecting to Public Wi-Fi for more details). Make sure your device is not set to auto-connect to any Wi-Fi signal it encounters. If available, use your phone as a hotspot instead. You can also turn off network discovery so that your work computer is hidden from other computers on the network.
Secure Your Email
It might seem basic, but ensuring that you separate your work email from your personal email can protect you from attacks. It’s quite common for a virus from your personal email to infect a work email as well. You may consider using a different device for each, or at least a different login.
MailRoute gave more tips for securing your email in a recent press release.
Secure Your Physical Devices
Cybersecurity and physical security are equally important. Keep your physical workspace secure and safely store your work devices each night. Don’t step away from your computer with it unlocked. If possible, try to solely use your work computer to connect to the enterprise environment instead of using your personal computer.
Additionally. don’t allow family members to use your work devices. This is another reason to consider using a different computer for work and personal reasons.
Beware of Phishing Attacks
As demand for certain products is going to rise and economic effect of this pandemic is going to apply to everyone, beware of new techniques implemented by attackers to utilize this surface to deploy their attacks. Emails with subjects such as “Best Stocks to invest in during pandemic,” “Free supplies provided by FEMA,” and similar topics are often designed to attract clicks, and they also require more security review because they might carry a malicious payload.
It can be difficult to engage with colleagues while working remotely. You may consider setting up daily team check-ins to update project statuses, receive feedback and discuss how to overcome roadblocks. Online collaboration tools can help but remember even these tools can open vulnerabilities.
In January, Check Point Software found a flaw in Zoom which allowed intruders to eavesdrop on private Zoom meetings. While the flaw has been resolved, it’s important to remain vigilant when using online collaboration tools and to monitor the news for any developments. Online video conference platforms like Zoom often have an authentication functionality for each meeting. Make sure you use this functionality to prevent open meetings where anyone without authentication can join.
Follow Company Policies
Company guidelines should always be followed, but it’s especially important when working from home. Report any suspicious behavior to your IT security department.
Update Your Emergency Contact Details
Finally, make sure that you have the correct emergency contact information listed so that if your company sends out important updates they go to the right accounts.
Don’t Forget the Basics
Working from home means maintaining the same good security hygiene that we employ at the office. Do not click on links in emails from people you don’t know. Many companies provide warnings in emails that originate outside the company, so users won’t be tricked in trusting a phishing email. Use a VPN when connecting remotely to access company resources and to authenticate your machine to the corporate network. Update anti-virus software regularly to receive the latest signatures. Keep your laptop up to date with security patches (Windows and Mac). And do the same for your phone, which may be receiving email from the company network. The best defense is a defense in depth, so employing various security tools will help maintain a high-security status and keep your employer from getting infected with malware.
While this is not a comprehensive list to ensure total security while working remotely, it is a good start. Simply being aware that working from home can increase your risk of cyberattacks can help employees be on guard. And if employees learn best practices for working remotely now, it may help keep the workplace a little more secure both during the COVID-19 pandemic and always.