Courtesy of Sans.org
Top 5 Tips for Working from Home Securely
With the coronavirus disrupting communities across the globe, many businesses have implemented work-from-home policies. For many of you, working from home is new, perhaps even overwhelming. Plus, you may be working in environments you’re not used to, using technologies and networks you’re not familiar with, exposing yourself to greater cyber threats.
Fortunately, there are five simple — yet critical — steps you can take to ensure you can work remotely from home as securely as possible. Even more, they will help you make a far more safe and secure home for you and your family moving forward.
1. Trust your instincts.
First and foremost, remember that technology alone cannot fully protect you — you are the best defense. Cyber criminals have learned that the easiest way to get what they want is to target you, rather than your computer or other devices. These are called social engineering attacks.
If attackers want your password, work data or control of your computer, they’ll most often attempt to trick you into giving it to them by creating a sense of urgency. For example, they may send you a message pretending to be Microsoft technical support, claiming that that your computer is infected and they need access to your computer right away. Or they may email you claiming that your package cannot be delivered unless you confirm your mailing address by clicking on a link, which ultimately allows them to hack into your computer.
The most common indicators of a social engineering attack include:
Urgency: Someone creating a tremendous sense of urgency, often through fear, intimidation, a crisis or an important deadline. Cyber attackers are good at creating convincing messages that appear to come from trusted organizations, such as banks, government or international organizations.
Policies: Pressure to bypass or ignore security policies or procedures, or an offer too good to be true (no, you did not win the lottery!).
Contacts: A message from a friend or co-worker in which the signature, tone of voice or wording does not sound like them.
2. Secure your home’s wireless network.
Almost every home network starts with a wireless (or Wi-Fi) network. This is what enables all of your devices to connect to the Internet. Most home wireless networks are controlled by either your Internet router or a separate, dedicated wireless access point. Either way, they work by broadcasting wireless signals to which your devices connect. To secure your wireless network, do the following:
Change the default administrator password. The administrator account is what allows you to configure the settings for your wireless network. An attacker can easily discover the default password that the manufacturer has provided.
Only let people you trust connect to your network. Do this by enabling strong network security, which requires a password for anyone to connect to your wireless network. It will encrypt their activity once they are connected.
Make passwords strong. The passwords people use to connect to your wireless network must be strong and different from the administrator password. Remember, you only need to enter the password once for each of your devices, as they store and remember the password. Not sure how to do these steps? Ask your Internet Service Provider, check their website, check the documentation that came with your wireless access point, or refer to the vendor’s website.
3. Create a strong passphrase.
When a site asks you to create a password, create a strong and unique passphrase instead. A good password is long, the more characters it has the stronger it is. This is why we recommend that you create a singular passphrase by simply using a series of words that are easy to remember, such as “beehoneybourbon.” Be sure to use a different passphrase for each device or online account. This way, if one passphrase is compromised, all of your other accounts and devices are still safe.
Worried you won’t be able to remember all those passphrases? Use a password manager, which is a specialized program that securely stores all your passphrases in an encrypted format (and also has lots of other great features).
Finally, enable two-step verification (also called two-factor or multi-factor authentication) whenever possible. It uses your password, but also adds a second step, such as a code sent to your smartphone or an app that generates the code for you. Two-step verification is probably the most important step you can take to protect your online accounts, and it’s much easier than you may think.
4. Ensure your devices, programs and apps are running the latest version of software.
Cyber attackers are constantly looking for new software vulnerabilities, and when they discover them, they use special programs to exploit them and hack into the devices you are using. Meanwhile, the companies that create software are hard at work fixing their products by releasing software updates.
By making sure to install the latest software updates promptly, you make it much harder for someone to hack you. To stay current, simply enable automatic updating whenever possible. This rule applies to almost any technology connected to a network, including Internet-connected TV’s, baby monitors, security cameras, home routers, gaming consoles or even your car.
5. Don’t let anyone else use your work devices.
Something you most likely don’t have to worry about at the office is children, guests or other family members interrupting your work or using your work laptop or other devices.
Make sure your family and friends understand they cannot use your work devices as they can accidentally erase or modify information or, perhaps even worse, accidentally infect the device. If you have any questions about how to most securely work remotely from home, please don’t hesitate to contact us. We are here to help you!
Four Simple Steps to Being Secure
Making Passwords Simple
Wired Review of Best Password Managers