Once upon a time, working from home was a luxury. Now, it’s become a necessity for employees, as people around the world isolate themselves from the Coronavirus.
But during these unprecedented times, you and your business may start to be exposed to new forms of cybersecurity risks that try to take advantage of you and your employees while you work from home.
That’s why it’s more important than ever that you start to think about your home office security.
Working from home presents a number of security challenges which both employees and employers should be aware of. The good news is, by following best practices for working remotely, most of these threats can be mitigated quite easily.
Here are the top ten things you should be aware of to ensure you and your staff are sticking to a sensible work from home security policy…
1. Invest in comprehensive antivirus software
By far the simplest, but nonetheless one of the most effective pieces of advice out there is to invest in a comprehensive antivirus suite for you and your employees.
According to sources, the estimated global damage to businesses as a result of cybercrime is estimated to be $1.5 billion per annum. There is a strong chance this figure will increase this year, as hackers look to exploit people’s home internet networks and business VPNs to gain access to sensitive files.
These attacks could leave you, your business and your employees open to ransomware attacks, DDoS attacks, malware, spyware and other types of breaches.
Antivirus suites take the hard work off your hands by offering automatic remote working security against a host of threats, including:
- Zero-day attacks (viruses taking advantage of security flaws before they are patched)
- Malware, spyware and viruses
- Trojans and worms
- Phishing scams, including those sent via email
Not only can a comprehensive antivirus suite fend off up to 100% of online security threats, it also automatically updates itself to stay on top of new and emerging threats.
It also runs discreetly in the background of your other operations, so you won’t even notice the hard work it’s doing.
2. Keep family members away from work devices
While you may trust yourself and your tech-savvy employees to keep themselves safe online, it’s worth remembering that during these times company computers are more likely to be exposed to young children and other members of employees’ families.
Therefore, it’s worth your while to subtly remind staff to keep their devices safe and not to allow other members of their households to access their work laptops, mobiles and other forms of hardware. It’s also worth reminding them of the importance of password protecting their devices to prevent other third parties accessing their sensitive files.
3. Invest in a sliding webcam cover
Over the coming weeks and months, you are more likely than ever to be taking part in teleconferences and video calls which will require the use of your webcam.
In fact, many people already in quarantine around the world are starting to find novel uses for their webcams, from having ‘Friday beers’ with their colleagues over chat, to taking part in language lessons during their spare time, and video calling members of their family who they are unable to visit in person.
But you should be aware that savvy hackers can easily access your webcam without permission, compromising your privacy. Worse still, if you have sensitive documents around your physical workspace, hackers may be able to view these by hijacking your webcam.
If your webcam is separate from your device, you should unplug it whenever you are not using it. But, if your webcam is built in, you should take extra measures to protect yourself – there’s no telling when a webcam attack could occur.
Sliding webcam covers are easy to find online in all shapes, sizes and colors to suit your needs. They are typically very easy to install, too, as most come with an adhesive layer that fits around your webcam.
While using videoconferencing software, you may also want to utilize functions such as the “blur background” feature, if your platform has it. This can prevent people in your conferences from spying on objects in the background of your home, which can often include sensitive data about you or your clients.
4. Make sure your company VPN is as strong as can be
At this time, you are likely to see more computers than ever connected to your company’s Virtual Private Network (VPN connection) – but this in turn creates a number of new home office safety ‘back doors’ that hackers could potentially expose.
First and foremost, it’s important to remind employees about your organization’s work from home security policy, and ensure staff are following it to the letter.
While they do that, you can focus on other ways to make your VPN more secure, such as:
- Using the strongest possible authentication method – many VPNs simply use a username and password, but you may want to think about upgrading to the use of smart cards.
- Enhance your encryption method for VPN access – for instance, if you are only using a Point-to-Point Tunneling Protocol, you may want to think about upgrading to a Layer Two Tunneling Protocol (L2TP).
- Make sure employees are updating their passwords regularly – it doesn’t matter how strong your VPN is, if an employee’s password is compromised, it will give hackers an easy way in. This can be prevented by asking everyone to update their passwords to make them stronger and more secure.
- Make sure employees are only using the VPN when they need it – if your employees are using their work laptops for personal jobs in the evenings and weekends, remind them to switch off the VPN.
- Make sure employees are logged on via secure networks – while working from home, employees will be using their home networks and internet connections. Unfortunately, these could also be compromised. Therefore, you must teach employees how to configure their wireless routers and personal firewalls, and how to keep their home networks secure.
And of course, as mentioned earlier in this article, you should invest in a comprehensive security and antivirus software that covers your VPN.
5. Use a centralized storage solution
If your company relies on cloud or server storage, you should make sure all your employees are utilizing this solution. If you feel your employees are not aware or familiar with your storage service, or that they are continuing to store files locally, communicate with them ASAP to ensure they are familiar with the centralized service. That way, if your company is compromised and local files are lost, destroyed or compromised, you are more likely to have a back-up of important documentation. This method also means that important documents are safer, as they will be protected by the firewall attached to your centralized storage solution.
6. Secure your home wireless network
One of the simplest ways to guarantee your safety and security when working from home is to strengthen the security of your home Wi-Fi network.
It’s worth passing this information on to any staff who may also need to safeguard their home Wi-Fi networks when working from home.
Here are some simple steps you can take today to enhance the security of your Wi-Fi network at home and protect yourself from forced entries:
- Create a strong, unique password – you can do this by going to your router settings page (type “192.168.1.1” in your browser) and entering your current username and password, then changing the password under settings. Choose a password that would be difficult for anyone to guess – ideally it should include a mix of lower-case and upper-case letters, numbers and punctuation.
- Change your SSID – this is the name of your wireless network. This, once again, can be changed on your router settings page. Try to make it something cryptic and difficult to guess. Do not use your name, home address or anything that could be used to identify you.
- Enable Network Encryption – this can usually be done under security settings on your wireless configuration page. You will have a number of security methods to choose from, such as WEP, WPA and WPA2. The strongest, if you are using newer hardware (more recent than 2006) is WPA2.
- Limit access to specific MAC addresses – every device that connects to your network has a unique MAC address (you can find the address for each device by opening Command Prompt, if you have it, and entering “ipconfig/all”). If you know the addresses of verified devices, you can add these to your wireless router’s settings so that only those devices can connect to your Wi-Fi network.
- Upgrade your firmware – your wireless network provider will occasionally release patches and software updates. These can sometimes include important security updates. Make sure you’re running the latest version of your firmware by visiting your router setting page regularly.
7. Be aware of videoconferencing security risks
If your workforce is going to be based at home for the foreseeable future, it’s likely that you and your employees are going to be relying on videoconferencing software.
However, you may have heard that certain videoconferencing services have recently experienced security breaches.
The popular videoconferencing platform Zoom has admitted that security flaws in its software are being urgently addressed, and the company’s CEO has pooled all resources to concentrate on improving privacy and security. This is due to a spate of so-called “Zoom-bombing”. Where an uncited person gains access to another person’s video conference and enters it to intimidate and harass the other user (this has already happened to a number of users). If you and your company are utilizing Zoom as you primary videoconferencing tool, be aware of these potential breaches.
The risks to your company are that, if your video conferences are being invaded and monitored, sensitive information about your business and/or your clients may be leaked. Your staff may also suffer personal and potentially traumatizing attacks from hackers.
In response to attacks on the Zoom platform, the FBI has released advice to help users protect themselves while they are using videoconferencing software.
- Ensuring meetings are private, either by requiring a password for entry or controlling guest access from a waiting room.
- Considering security requirements when selecting vendors. For example, if end-to-end encryption is necessary, does the vendor offer it?
- Ensuring VTC software is up to date by installing the latest patches and software updates.
Many reporters have commented that Zoom does not use end-to-end encryption, so if you are looking for a more secure option try Webex, Microsoft Teams or Google Duo.
8. Make sure your passwords are strong and secure
One of the simplest but often most overlooked ways to protect yourself when working from home is to strengthen your passwords and ensure that you have maximized password protection across your devices.
“Use passwords on all your devices and apps. Make sure the passwords are long, strong and unique: at least 12 characters that are a mix of numbers, symbols and capital and lowercase letters.”
They also recommend adding a password screen every time you access your laptop and other devices, so that if your device is breached or falls into the wrong hands, it will be harder for a third-party to access your sensitive files.
9. Maximize security around online banking
If you are in a position of responsibility over business accounts, you will want to be sure you are doing everything in your power to ensure your money is being stored and transferred in the safest ways possible. The last thing you want during this period is to encounter a security breach in any of your online banking platforms.
First and foremost, it’s important to only use credited software and services to handle funds. Use only services you know and are familiar with. If you’re unsure about the credibility of a particular platform, search online for reviews and more information before using it. Credible institutions should include information for human contacts on their websites who can speak to in order to ease any concerns.
When accessing a banking website, make sure you are logged on via a Secure Hypertext Transfer Protocol. This means the URL should include https:// rather than just http:// at the beginning. You should also see a lock on the left of the URL bar of most internet browsers, indicating that website has an authenticated security certificate.
You should also take this opportunity to increase the security of your business and personal bank accounts. Tighten passwords, add memorable information and, if possible, ask your bank for a card reader to ensure that all online payments require a physical payment card. If you have the option to switch to mobile banking, many platforms now require a verified fingerprint to log in, which can enhance security even further.
This period of crisis has unfortunately opened the door to many new types of hackers, scammers and phishers. These tricksters may try to target you via email, social media ads or over the phone. They may request your bank details on the provision that they want to help you make large purchases or donations. Do not give your bank details to anyone, or transfer funds to any unsolicited vendors, unless you are absolutely sure that they are who they say they are.
Remember that scammers may try to mimic your colleagues, clients or professional organizations including your bank in order to trick you into giving away sensitive information or transfer funds. Be extra vigilant at this time and don’t be afraid to ask anyone for additional proof they are who they claim to be.
10. Pay attention to email security
Emails are likely to become the primary means of communication for you and your colleagues during this period. However, emails are also one of the easiest means of communication to exploit and compromise.
The UK’s National Cybersecurity Centre (NCSC) has made numerous recommendations for helping protect staff while working from home, including in the use of emails.
As well as calling attention to phishing scams which are becoming more prevalent, they advise the following measures for protecting email accounts:
- Make sure emails can only be securely accessed via your company’s VPN, which creates an encrypted network connection that authenticates the user and/or device and encrypts data in transit between the user and your services. If you already use a VPN, make sure it is fully patched.
- Staff are more likely to have their devices stolen (or lose them) when they are away from the office or home. Make sure their devices encrypt data whilst at rest, which will protect email data on the device if it’s lost or stolen. Most modern devices have encryption built in, but encryption may still need to be turned on and configured. If your staff will be using their own devices to access emails and other sensitive files, the NCSC has published individual guidelines to help you safeguard these devices too.
- Beware of phishing attacks which appear to be taking an ever-growing number of forms. The NCSC has published guidelines for how to spot and handle these — it’s worth communicating this advice to your employees too.