Nine tips for working safely from home
Even before the coronavirus outbreak, employees increasingly worked from home. According to the Federal Reserve, the percentage of the workforce that works from home has tripled in the past 15 years.
However, since the World Health Organization declared that COVID-19 was a pandemic, many companies are asking their employees to work from home. As more people log into the networks from home, there is an increased risk of opening doors for hackers; that they are using this pandemic as yet another excuse to deploy their attacks. In this environment, it is more important than ever to practice good safety habits.
Here are nine practices to help secure your home work environment:
Check that the sites you visit have SSL / TLS
While browsing the web from home, be sure to visit authorized websites. Different browsers have unique identifiers to show if a website is secure and authenticated. See what a secure website looks like in popular browsers to learn how to distinguish authenticated sites from potential phishing sites.
Secure your network
A hacked network can mean access to the system by unauthorized users. Eliminate this possibility by controlling who can access the network. Use multi-factor authentication (MFA) to ensure that only authorized users can access controlled systems, such as your company’s platform. After all, the home network compared to an enterprise network is generally less secure because there is often a lack of Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS).
Also, working remotely requires a secure and strong Internet connection. When working from home, make sure your home network has a strong password, and if possible try to separate your personal computer network from the network of IoT devices. Follow these eight steps for increased Wi-Fi security for your home network.
If you choose to work from a coffee shop or other public space, be careful with public Wi-Fi and don’t trust open networks (see Dangers of connecting to public Wi-Fi for more details). Make sure your device is not configured to automatically connect to any Wi-Fi signal it finds. If available, use your phone as an access point. You can also disable network search so that your work computer is hidden from other computers on the network.
Secure your email
It may seem basic, but ensuring that you separate your work email from your personal email can protect you from attack. It is quite common for a virus in your personal email to infect a work email as well. You may consider using a different device for each one, or at least a different login.
Secure your physical devices
Cybersecurity and physical security are equally important. Keep your physical workspace safe and store your work devices safely every night. Don’t walk away from your computer with it unlocked. If possible, try using only your work computer to connect to the business environment instead of using your personal computer.
Further, do not allow family members to use your work devices. This is another reason to consider using a different computer for work and personal reasons.
Beware of phishing attacks
As the demand for certain products will increase and the economic effect of this pandemic will apply to everyone, beware of new techniques implemented by attackers to deploy their attacks. Emails with topics like “Best Actions to Invest During a Pandemic,” “Free Supplies Provided by FEMA,” and similar topics are often designed to attract clicks, and also require more security review because they can carry a malicious payload.
It can be difficult to network with colleagues while working remotely. You may consider setting up daily team checks to update project statuses, receive feedback, and discuss how to overcome obstacles. Online collaboration tools can help, but remember that even these tools can open vulnerabilities.
In January Check Point Software found a flaw in Zoom that allowed intruders to spy on Zoom’s private meetings. While the flaw has been resolved, it is important to remain vigilant by using online collaboration tools and monitoring the news. Online video conferencing platforms like Zoom often have authentication functionality for every meeting. Be sure to use this functionality to avoid open meetings where anyone without authentication can join.
Follow company policies
Company guidelines should always be followed, but it is especially important when working from home. Report any suspicious behavior to your IT security department.
Update your emergency contact details
Finally, make sure you have the correct emergency contact information listed so that if your company sends important updates, they go to the correct accounts.
Don’t forget the basics
Working from home means maintaining the same good safety hygiene that we use in the office. Don’t click links in emails from people you don’t know. Many companies offer warnings on emails originating outside the company, so users will not be fooled into trusting a phishing email. Use a VPN when connected remotely to access company resources and to authenticate your machine on the corporate network. Update antivirus software regularly to receive the latest signatures. Keep your laptop updated with security patches (Windows and Mac). And do the same with your phone, which may be receiving email from the company’s network. The best defense is an in-depth defense, so employing various security tools will help maintain a highly secure state and prevent your employer from becoming infected with malware.
While this is not a complete list to ensure total security while working remotely, it is a good start. Simply knowing that working from home can increase your risk of cyber attacks can help employees be on guard. And if employees learn best practices for working remotely now, it can help keep the workplace a little safer both during the COVID-19 pandemic and forever.
By Dean Coclin.
Dean Coclin is the Senior Director of Business Development at DigiCert. Dean brings to the company more than 30 years of experience in business development and product management in software, security and telecommunications. In his role at DigiCert, he is responsible for representing the company in industrial consortia and for driving the company’s strategic alliances with technology partners. He was president of the CA / Browser Foro and is the current vice president. He also chairs the ASC X9 PKI Study Group.