Cyber Security Risks: Best Practices for Working from Home and Remotely
Since the pandemic, working from home has become much more widespread worldwide. Even once the pandemic fades, many predict that remote working will remain prevalent across multiple sectors.
While working from home is convenient and has many benefits, it also exposes both individuals and businesses to a range of cybersecurity risks. That’s why it is essential to give serious consideration to home cybersecurity. By following best practices, you can mitigate most cybersecurity work from home threats quite easily.
How to stay safe when working from home
With the rise in remote working, certain cybersecurity threats – in particular, phishing – have become more prevalent. A key issue is that, in most workplaces, an IT team will take care of cybersecurity within the office. With a distributed workforce working remotely, staff have to pay more attention to cybersecurity threats themselves. Here are the top remote working security tips to ensure you and your staff are working from home safely.
1. Use antivirus and internet security software at home
One of the most effective security tips for working from home is to invest in a comprehensive antivirus suite for you and your employees.
According to sources, the estimated global damage to businesses due to cybercrime is around $1.5 billion per annum. This figure is only likely to increase as hackers look to exploit people's home internet networks and business VPNs to gain access to sensitive files.
These attacks could leave you, your business, and your employees open to ransomware attacks, DDoS attacks, malware, spyware, and other types of breaches.
Antivirus suites take the hard work off your hands by offering automatic remote work security against a host of threats, including:
- Zero-day attacks (viruses taking advantage of security flaws before they are patched)
- Malware, spyware, and viruses
- Trojans and worms
- Phishing scams, including those sent via email
Not only can a comprehensive antivirus suite, such as Kaspersky Total Security, fend off up to 100% of online security threats, but it also automatically updates itself to stay on top of new and emerging threats.
It also runs discreetly in the background of your other operations, so you won’t even notice the hard work it’s doing.
2. Keep family members away from work devices
While you may trust yourself and your tech-savvy employees to keep themselves safe online, it’s worth remembering that working from home means company computers are more likely to be exposed to young children and other members of employees’ families.
Therefore, it’s important to remind staff to keep their devices safe and not allow other household members to access their work laptops, mobiles, and other forms of hardware. It’s also worth reminding them of the importance of password protecting their devices to prevent third parties from accessing sensitive files.
3. Invest in a sliding webcam cover
Working from home usually means taking part in teleconferences and video calls which require the use of your webcam. Unfortunately, savvy hackers can easily access your webcam without permission, compromising your privacy. Worse still, if you have sensitive documents around your physical workspace, hackers may be able to view these by hijacking your webcam.
If your webcam is separate from your device, you should unplug it whenever you are not using it. If your webcam is built-in, you should take extra measures to protect yourself – there’s no telling when a webcam attack could occur.
Sliding webcam covers are easy to find online in all shapes, sizes, and colors to suit your needs. They are typically easy to install, too, as most come with an adhesive layer that fits around your webcam.
While using videoconferencing software, you may also want to use functions such as the "blur background" feature if your platform has it. This can prevent people in your conferences from spying on objects in the background of your home, which can often include sensitive data about you or your clients.
4. Use a VPN
Remote working often means connecting your computer to the company's Virtual Private Network (VPN connection) – but this, in turn, creates new home office safety 'back doors' that hackers could potentially expose.
First and foremost, it’s essential to provide employees with work from home security tips and guidance or policies on being a secure remote worker. Companies should look for ways to make their VPN more secure.
VPN security can be enhanced by using the most robust possible authentication method. Many VPNs use a username and password, but you may want to think about upgrading to the use of smart cards. You can also enhance your encryption method for VPN access, for example, by upgrading from a Point-to-Point Tunnelling Protocol to a Layer Two Tunnelling Protocol (L2TP).
Of course, it doesn’t matter how strong your VPN is: if an employee's password is compromised, it will give hackers an easy way in. So, it’s essential to ensure employees are updating their passwords regularly. You should also remind employees only to use the VPN when they need it, switching it off if they are on their work devices for personal use in the evenings or on weekends.
While working from home, employees will be using their home networks and internet connections. Therefore, it is a good idea to teach employees how to configure their wireless routers and personal firewalls and keep their home networks secure.
And, of course, comprehensive security and antivirus software will also cover your VPN.
5. Use a centralized storage solution
If your company relies on cloud or server storage, you should make sure all your employees are using this solution. If you feel your employees are not aware or familiar with your storage service, or are continuing to store files locally, communicate with them to ensure they are familiar with the centralized service. That way, if your company is compromised and local files are lost, destroyed, or compromised, you are more likely to have a back-up of necessary documentation. This method also means that important documents are safer, as they will be protected by the firewall attached to your centralized storage solution.
6. Secure your home Wi-Fi
One of the simplest ways to ensure cybersecurity for remote workers is to strengthen your home Wi-Fi network's security. You can achieve this through some straightforward steps.
Create a strong, unique password, rather than relying on the automatic password your router came with. You can access your router’s settings page by typing “192.168.1.1” into your browser and change the password there. Make sure to choose a password that would be difficult for anyone to guess. You can also change your SSID, the name of your wireless network, on the same settings page to make it more difficult for third parties to identify and access your home Wi-Fi network. Do not use your name, home address, or anything that could be used to identify you.
Ensure you have enabled network encryption, which can usually be done under the security settings on your wireless configuration page. You will have several security methods to choose from, such as WEP, WPA, and WPA2. The strongest, if you are using newer hardware (more recent than 2006), is WPA2.
You can limit network access to specific MAC addresses for additional security. Every device that connects to your network has a unique MAC address (you can find the address for each device by opening Command Prompt, if you have it, and entering “ipconfig/all”). If you know the addresses of verified devices, you can add these to your wireless router’s settings so that only those devices can connect to your Wi-Fi network.
Finally, ensure you are running the latest version of your firmware by regularly visiting your router setting page. Patches and software updates often address potential security concerns.
7. Beware of Zoom and video conferencing
Remote working often means relying on videoconferencing software – which, in turn, creates potential WFH security risks.
For example, in the past, Zoom was compelled to address security flaws after a spate of so-called “Zoom bombing” attacks. In these attacks, uninvited persons gain access to another person’s video conference and enter it to intimidate and harass other users. Although the term "Zoom bombing" derives from the Zoom app, similar incidents have taken place on other platforms.
The risks to your company are that, if your video conferences are being invaded and monitored, sensitive information about your business or your clients may be leaked. Your staff may also suffer personal and potentially traumatizing attacks from hackers.
In response to Zoom bombing attacks, the FBI released advice to help users protect themselves while using video conferencing software. This includes:
- Ensure meetings are private, either by requiring a password for entry or controlling guest access from a waiting room.
- Consider security requirements when selecting vendors. End-to-end encryption offers important privacy and security – so check whether any video conferencing software you use includes this feature.
- Ensure software is up to date by installing the latest patches and software updates.
8. Make sure your passwords are strong and secure
One of the simplest yet often overlooked ways to protect yourself when working from home is to strengthen your passwords and ensure that you have maximized password protection across your devices.
The US Federal Trade Commission offers this advice,
“Use passwords on all your devices and apps. Make sure the passwords are long, strong, and unique: at least 12 characters that are a mix of numbers, symbols, and capital and lower-case letters."
They also recommend adding a password screen every time you access your laptop and other devices so that if your device is breached or falls into the wrong hands, it will be harder for a third-party to access your sensitive files. We recommend using a password manager tool to help keep all your passwords secure.
9. Protect your online banking
If you are responsible for business accounts, it is essential to ensure that money is being stored and transferred in the safest ways possible. The last thing you want is to encounter a security breach in any of your online banking platforms.
First and foremost, it’s essential to use only accredited software and services to handle funds. Use only services you know and are familiar with. If you are unsure about the credibility of a particular platform, search online for reviews and more information before using it. Credible institutions should include information for human contacts on their websites, people who customers can speak to if they have any concerns.
When accessing a banking website, make sure you are logged on via a Secure Hypertext Transfer Protocol. This means the URL should include https:// rather than just http:// at the beginning. You should also see a lock on the left of the URL bar of most internet browsers, indicating that website has an authenticated security certificate.
You can increase the security of your business and personal bank accounts by tightening passwords, adding memorable information, and, if possible, asking your bank for a card reader to ensure that all online payments require a physical payment card. If you can switch to mobile banking, many platforms now require a verified fingerprint to log in, which can enhance security even further.
Hackers, scammers, and phishers may try to target you via email, social media ads, or over the phone. They may request your bank details on the basis that they want to help you make large purchases or donations. Do not give your bank details to anyone, or transfer funds to any unsolicited vendors, unless you are absolutely sure that they are who they say they are.
Remember that scammers may try to mimic your colleagues, clients, or professional organizations, including your bank, to trick you into giving away sensitive information or transfer funds. Be vigilant, and don’t be afraid to ask anyone for additional proof they are who they claim to be.
10. Be wary of email scams and your email security
Emails are essential for communication between colleagues. However, emails are also one of the easiest means of communication to exploit and compromise.
The UK’s National Cybersecurity Centre (NCSC) has made numerous recommendations for helping protect staff while working from home, including in the use of emails.
As well as calling attention to phishing scams which are becoming more prevalent, they advise the following measures for protecting email accounts:
- Make sure emails can only be accessed securely via your company's VPN, which creates an encrypted network connection that authenticates the user and/or device and encrypts data in transit between the user and your services. If you already use a VPN, make sure it is fully patched.
- Staff are more likely to have their devices stolen (or lose them) when they are away from the office or home. Ensure their devices encrypt data while at rest, which will protect email data on the device if it’s lost or stolen. Most modern devices have encryption built-in, but encryption may still need to be turned on and configured.
- Beware of phishing attacks which appear to be taking an ever-growing number of forms.
Working from Home Security Tips for Staff
In summary, to ensure working from home safely, remote workers can use these tips as a checklist:
- Are you using a comprehensive antivirus and internet security software at home?
- Have you secured your devices – by keeping them safe from family members and ensuring that encryption is turned on and configured? Have you enabled “Find my device” and remote wipe on all your devices?
- Have you invested in a web cam cover? If your webcam is external, do you unplug it when not in use?
- Are you using a VPN?
- Have you secured your home Wi-Fi?
- Have you made sure that your passwords are strong and secure?
- Are you alert to the dangers of phishing scams, avoiding clicking on links or opening attachments in any emails you are unsure of?
- Are you using a supported operating system, and do you keep your operating system up to date?
- Do you keep all software up to date?
- Have you enabled two-factor authentication where appropriate, or considered the use of an authenticator app such as Google Authenticator or Authy?
- During video calls, do you take care not to over share your screen and are you mindful of what might be in the background?
Working from Home Security Tips for Employers
Employers considering remote work security best practices can use these tips as a checklist:
- Do you have a documented work from home security policy? A good example from the Information Commissioner’s Office can be found here.
- Do you have a BYOD (Bring Your Own Device) policy?
- Do you provide cyber security awareness training to employees?
- In particular, do you train staff to be alert to phishing attacks and how to avoid falling victim to them?
- Are you ensuring that staff use a VPN, and is this set up correctly and kept up to date with security patches?
- Is the platform you use for staff video teleconferencing secure with end-to-end encryption?
- Do you use a centralized storage solution – i.e. safe data storage in the cloud – and encourage staff to backup data regularly?
- Are company devices secured by company-approved antivirus software?
- Do you encourage employees to have strong and safe passwords, and have you considered the use of a Password Manager?
- Do you encourage the use of two-factor authentication to validate credentials?
- Do you use encryption software to protect company data by barring access to any unauthorized users?
- Do you advise staff to use corporate email solutions and not to rely on their own email or messaging accounts for the storage or transmission of personal data?
As working from home has increased worldwide, cybersecurity for remote workers has become a hot topic. By following cybersecurity remote work best practices, individuals and organizations can avoid risks and ensure safety.