Cybersecurity in remote work: 8 tips to feel safe
April 20, 2021
The freedom to work remotely from home during a pandemic must be accompanied by safety standards that would typically be provided while working in the office. By developing good habits – such as setting up strong passwords, applying multi-factor authentication and regular software updates – you can help create a secure work environment.
Table of Contents:
Remote work during the pandemic
Enabling remote work due to Covid-19 has given companies and employees more flexibility. But also has brought a growing threat in terms of cybersecurity. Many remote workers – full-time, part-time or freelancers – are unaware of all threats that are present in the internet era.
The fact that employees use computers and other personal devices while working from home is one of the greatest dangers. Devices used for remote work rarely have the same security features as the corporate ones. They often lack robust antivirus software, customised firewalls and online automated backup tools built into business networks. It increases the risk of exfiltration of both personal data and compromises the company’s security.
The same applies to mobile devices – like the use of personal smartphones for professional purposes. And working in a public place and availing a random unsecured Wi-Fi network – the risk of a security breach increases.
In August 2020, Interpol, the international police agency, warned against an increase in online cybercrimes, especially working from home. With organizations and businesses rapidly deploying remote systems and networks to support staff working from home, criminals are also taking advantage of increased security vulnerabilities to steal data, generate profits and cause disruption.
How to protect data during remote work?
When remote workers use unsecured devices and networks, cybercriminals massively exploit the resulting vulnerabilities, gaining access to sensitive data. How can company employees, freelancers, clients, business partners properly embed security in the remote working phase and feel safe? Here are 8 tips to make that happen.
1. Install software updates
Software and applications can be vulnerable to attacks, and so can the web browser. Installing regular updates can help protect against potential security holes. Fortunately, most of them are now installed automatically. You can choose when to do them (for example, while sleeping) without interrupting your work.
When you receive notification of the latest updates on any of your devices, install them as soon as possible. Moreover, you should run and update antivirus software. It is one of the easiest ways to detect and remove potential malware quickly. However, even if it does manage to infiltrate an employee’s device, an antivirus program can prevent it.
The same applies to a smartphone. Using one phone for both work and personal life, it is essential to pay attention to the notifications you receive. Especially the ones concerning operating software updates and changes affecting applications.
2. Have a VPN turned on
Employees working remotely should use a Virtual Private Network (VPN) when working. It hides your IP address and protects your online identity. VPN aims at encrypting all internet traffic, making it unreadable to anyone who intercepts it. It means that no one can find out where the VPN user is, so it prevents hackers from tracking someone’s activity.
However, it’s worth mentioning that using a VPN can slow down your internet speed. It may potentially affect the quality of bandwidth-intensive tasks like video calls.
Nevertheless, a VPN is valuable because it protects the employer and employee’s information using the so-called data encryption. In this way, it prevents cybercriminals from intercepting confidential and proprietary information, such as financial documents and customer data.
3. Beware of phishing scams
Email messages that appear to come from an ISP that ask for contact information or contain malicious attachments are common phishing forms. Misspellings or poor grammar are common signs of these. Always double-check the sender’s address, subject and content before opening any email attachment.
Typically, such a message contains an attachment or an embedded link. The scammer wants the recipient to click it, which unleashes malware on the device. Instead of clicking on them, you have to hover over them to see the Destination URL. If it doesn’t point to the provider’s official site, this is a blatant scam.
The Federal Trade Commission warns that scammers send phishing emails, which appear to come from a trusted organisation such as an employer, to steal account numbers, passwords and other sensitive information.
4. Tweak your passwords
All home devices for remote work, as well as networks that connect wireless and wired devices to the Internet, and all accounts, must always require a password. And what is important – they were protected by strong passwords. Unfortunately, many people often use the same password for multiple accounts. It means that one compromised password is enough for a cybercriminal to take over all your data.
UpGuard (an Australian cybersecurity company) notes that you need to make sure that your router’s password is changed from the default setting to unique. It also cautions against using passwords that repeat numbers (000000), contains sequences (123456), or are frequently used. The National Cyber Security Alliance recommends creating a strong and lengthy password for each online account that a remote worker logs in to an employer-issued device.
Norton says that the password should be at least 10 characters long, excluding real words or related to personal information such as name, address and date of birth. “By combining uppercase and lowercase letters with numbers and special characters, such as ‘&’ or ‘$,’ you can increase the complexity of your password and help decrease the chances of someone potentially hacking into your account.”
Of course, remembering many passwords may not be easy, especially if they are complex. It should not impede access to the work system or sharing accounts. In this case, you can use trusted programs – password managers. They generate strong passwords for all your accounts and save them in one place. Depending on the device they are secured with an additional password, Touch ID or Face ID.
5. Lock and secure your devices
By doing remote work on a private laptop, you expose confidential business data if it is not prepared for all circumstances. When working outside the home, be aware that unsecured Wi-Fi networks in public places are exposed to Internet spyware and confidential information collection. Avoid using public Wi-Fi networks when accessing work accounts unless you are logged in to your employer’s VPN.
Also, if someone works in such places or lives with people outside of work, it is crucial to lock the device. Since it’s easy to forget about it, it’s recommended to turn on the autoblock. In the case of a laptop, a few minutes is usually a safe time before the lock is activated; on a cell phone – 30 seconds is recommended.
On the other hand, if someone works on a laptop provided by an employer, family and friends should not be able to use it. Nor should it be used to watch programs or movies, use social media, make transfers, etc.
6. Consider multi-factor authentication
According to the Ponemon Institute and Keeper Security report, 31% of IT professionals surveyed indicated that their companies did not require remote employees to use any authentication method. Among the 69% of organisations that did require those methods, only 35% of the IT professionals said multi-factor was mandatory.
Two-factor authentication and two-step verification create an additional layer of protection for accounts, devices, or networks. Multi-factor authentication methods include passwords and security tokens. An extra step can be the confirmation via email or SMS or a biometric identification method such as facial recognition or fingerprint scanning.
This type of authentication adds a layer of security to an internet account (e.g. a bank account), electronic device, or computer network. “As hackers look to target less tech-savvy users that are new to working at home, multi-factor authentication stops hackers in their tracks.” (Help Net Security)
7. Encrypt your device
Device encryption prevents unauthorised access and helps protect sensitive information. For example, if a laptop is stolen, encrypted files will make it much more difficult for another person to access the data without a password.
You can achieve it by using disk encryption programs – in the case of Windows, e.g. BitLocker, for macOS, e.g. FileVault. Devices using Android 6 or iOS 8 and above are encrypted by default, so it’s good knowing what version you have. To ensure no one has access to private conversations, it is good practice to install communication encryption tools for email and chat. Many popular instant messengers are encrypted by default (it’s worth checking).
When a remote worker provides confidential information to co-workers or supervisors, their device requires up-to-date encryption tools. Some messaging services come with end-to-end encryption either by default or as an option.
8. Create backups
You should back up any important files regularly. Otherwise, in the worst-case scenario you will fall under the clutches of a ransomware attack. In this case, without a backup, you can lose everything. One of the most convenient and cost-effective ways to back up your important files is to implement a cloud-access-security broker.
Regardless of what the remote worker can do on their own or within limits set by the employer, cybersecurity teams need to re-evaluate the risks of moving to a small digital work environment. All companies should implement the necessary technology and applicable guidelines, plans and policies for secure remote work.
An employee should know whether the company’s IT infrastructure can handle a large number of remote employees. And whether it follows new guidelines for the security of employment (e.g. concerning using employees’ personal devices in the company or remote access to company information).