Remote Working - Cyber Security Tips for Working from Home
A few years back, working from home was a luxury. Now, it’s become a necessity for employees, thanks to Coronavirus, people around the world are isolating themselves from the Coronavirus.
In light of this, you and your business may start or you’re already exposed to new forms of cybersecurity risks that try to take advantage of you and your employees while you work from home.
That’s why it’s more important than ever that you start to thinking about your home office security and your employees.
Working from home presents a couple of security challenges which both employees and employers should be aware of. Fortunately, by following best practices for working remotely, most of these threats can be mitigated quite easily.
Here are the top ten things you should be aware of to ensure you and your staff are sticking to a sensible work from home security policy…
1. Secure your home wireless network
A router sits between the Internet and all the computing devices in your home. If hacked, every bad thing you can imagine happening to a computing device now has a higher chance of actually happening.
It’s worth passing this information on to any staff who may also need to safeguard their home Wi-Fi networks.
Here are some simple steps you can take today to enhance the security of your Wi-Fi network at home and protect yourself from forced entries:
- Create a strong, unique password – you can do this by going to your router settings page (type “192.168.1.1 or 192.168.100.1 ” in your browser). Enter your current username and password, then change the password under settings. Choose a password that would be difficult for anyone to guess. It should include a mix of lower-case and upper-case letters, numbers and punctuation.
- Change your SSID – this is the name of your wireless network. This, once again, can be changed on your router settings page. Try to make it something cryptic and difficult to guess. Do not use your name, home address or anything that could be used to identify you. Better yet you can set it such that it’s not broadcasted.
- Enable Network Encryption – this is usually done under security settings on your wireless configuration page. You will have a number of security methods to choose from, such as WEP, WPA and WPA2. The strongest, if you are using newer hardware (more recent than 2006) is WPA2. Do not use WEP.
- Limit access to specific MAC addresses – every device that connects to your network has a unique MAC address (you can find the address for each device by opening Command Prompt, if you have it, and entering “ipconfig/all”). If you know the addresses of verified devices, you can add these to your wireless router’s settings so that only those devices can connect to your Wi-Fi network. We highly recommend this.
2. Cover your webcam and disable your mic when not in use.
Over the coming years, we will more likely than ever be taking part in teleconferences and video calls which will require the use of your webcam.
You should be aware that savvy hackers can easily access your webcam without permission, compromising your privacy.
If your webcam is separate from your device, you should unplug it whenever you are not using it. But, if your webcam is built in, you should take extra measures to protect yourself – there’s no telling when a webcam attack could occur.
When using videoconferencing software, utilize functions such as the “blur background” feature, if your platform has it. This prevents people in your conferences from spying on objects in the background of your home. Which can often include sensitive data about you or your clients.
3. Make sure your company VPN is as strong enough
At this time, you are likely to see more computers than ever connected to your company’s Virtual Private Network (VPN connection) – but this in turn creates a number of new home office safety ‘back doors’ that hackers could potentially expose.
First and foremost, it’s important to remind employees about your organization’s work from home security policy, and ensure staff are following it to the letter.
While they do that, you can focus on other ways to make your VPN more secure, such as:
- Make sure employees are updating their passwords regularly – it doesn’t matter how strong your VPN is. If an employee’s password is compromised, it will give hackers an easy way in. This can be prevented by asking everyone to update their passwords to make them stronger and more secure.
- Make sure employees are logged on via secure networks – when working from home, employees use their home networks and internet connections. Unfortunately, these can also be compromised. Therefore, you must train employees how to configure their wireless routers and personal firewalls, and how to keep their home networks secure
- Enhance your encryption method for VPN access – for instance, if you are only using a Point-to-Point Tunneling Protocol, you may want to think about upgrading to a Layer Two Tunneling Protocol (L2TP).
4. Make sure your passwords are strong and secure
One of the simplest but often most overlooked ways to protect yourself when working from home is to strengthen your passwords and ensure that you have maximized password protection across your devices.
Instead of storing your passwords in your working machine. Consider using password vaults like bitwarden to safely manage your passwords.
5. Refresh phishing warnings and employee trainings
Emails are likely to become the primary means of communication for you and your colleagues during this period. However, emails are also one of the easiest means of communication to exploit and compromise.
Employees will expect to see additional email traffic during this unique period. Accordingly, hackers are deploying new phishing scams and employees are falling prey to them.
To help protect against nefarious actors, remind employees to refrain from clicking on links in any unanticipated email messages; follow company procedures when responding to requests for funds; refrain from buying gift cards from anyone claiming to be a company employee; avoid opening unexpected documents, links or other downloads; and beware of impersonation attempts.
The uptick in phishing is widespread, and hackers are posing as banks offering COVID-19 assistance, entities providing COVID-19 avoidance and health advice, and a myriad of other businesses.
6. Limit access to games and websites on devices used to access employer systems
Many websites and online games provide vulnerability vectors. Therefore, preventing employees from accessing non-work-related sites on devices used to perform work will limit these risks.
7. Formalize work-from-home arrangements and train employees
Employers may find it useful to establish written protocols for remote work arrangements that address information security, privacy, and other work restrictions.
In addition, employers can ensure that these policies require immediate disclosure of any potential information security compromise. Such written policies must protect the employer’s ability to remove employer data from personal devices.
8. Invest in antivirus software
By far the simplest, but nonetheless one of the most effective pieces of advice out there is to invest in a comprehensive antivirus suite for you and your employees.
These attacks could leave you, your business and your employees open to ransomware attacks, DDoS attacks, malware, spyware and other types of breaches.
Antivirus suites take the hard work off your hands by offering automatic remote working security against a host of threats.
How can we help?
You may ask, how is Loginit Technologies involved in this? Since the pandemic and the sudden shift to Work-From-Home, we are helping organizations continue their business seamlessly. We conduct Penetration Tests, Cybersecurity Assessments and Cybersecurity Awareness Employee Training to help organizations identify and mitigate new security risks.
If you need an expert to secure your home Wi-Fi or your employees home Wi-Fi and security in general do no hesitate to call us. We serve Nairobi and Mombasa .