As of September 2020, nearly 60% of full-time and part-time workers in the U.S. were doing their jobs remotely at least some of the time during the coronavirus pandemic. And many of them would like to keep doing so. This work-from-home pivot makes some employers’ IT professionals nervous, though.
A global study released in October 2020 by Ponemon Institute LLC and Keeper Security, Inc. found that 44% of these professionals were confident of their organizations’ ability to fend off cyberattacks during the pandemic, compared with 71% before the pandemic. What’s bothering them most? A lack of physical security in the workspaces of remote workers (47%), the threat of remote workers’ devices being infected with malware (32%) and the risk of cybercrooks accessing sensitive data on remote workers’ devices (24%).
IT professionals have reason to be concerned. In August, Interpol, the international police agency, warned of an uptick in cybercrimes amid the work-from-home movement. “With organizations and businesses rapidly deploying remote systems and networks to support staff working from home, criminals are also taking advantage of increased security vulnerabilities to steal data, generate profits and cause disruption,” Interpol reported.
So, if you’re a remote worker, what can you do to shore up your work-from-home cybersecurity? Check out these six tips that could help keep your data and your devices safe, courtesy of cybersecurity software providers MonsterCloud, Norton and UpGuard, and the National Cyber Security Alliance.
1. Don’t Delay Updates
If you’re alerted about a software update on any of your devices, be sure to install the latest software as soon as possible. Software updates (including those for antivirus programs) fix security flaws and help safeguard your data.
On your smartphone, it’s important to pay attention to notifications you receive for operating software updates and for changes that affect your apps, especially if you use a single phone to manage both your work and your personal life.
2. Don’t Turn Off the VPN
You may be accessing your employer’s network through a VPN, or virtual private network. A VPN secures information transmitted between employer and employee through what’s known as data encryption. It’s designed to prevent cybercrooks and cyberspies from intercepting sensitive data, such as financial documents and customer information.
If you’re using a VPN on one of your devices, don’t turn it off when you’re working. Otherwise, you’ll lose a tool that could block an attempt to steal proprietary information.
Also, be sure to avoid using public Wi-Fi networks when you’re accessing work-related accounts, unless you’ve signed in to your employer’s VPN.
3. Watch Out for Phishing Scams
Cybercriminals are capitalizing on the remote-work wave to flood inboxes with fake emails.
Cybersecurity experts warn, in particular, about phishing scams tied to the pandemic. “These emails are designed to take advantage of people’s curiosity and thirst for knowledge about pandemic-related topics,” MonsterCloud says.
Norton offers this example: You receive an email that seems to be from your company about a new corporate policy regarding the coronavirus. But the email is actually part of a phishing scam. The email includes an attachment or embedded link that the scammer wants you to click on. That click could unleash malware onto your device. As such, be careful about clicking on any attachments or links in any email.
The Federal Trade Commission says scammers send phishing emails that appear to be from a trusted organization, such as an employer, in order to steal account numbers, passwords and other sensitive information.
“Most of the things that they could gain access to could absolutely make life miserable for you,” says Kelvin Coleman, executive director of the National Cyber Security Alliance.
4. Pump Up the Passwords
Your devices should require entering a password before anyone can use them. Your Wi-Fi network and router, which connects your internet-enabled wireless and wired devices, also should be password-protected. UpGuard notes that you should be sure to switch your router’s password from the default setting to a unique setting.
The National Cyber Security Alliance recommends creating a strong, lengthy password for every online account you log in to on an employer-issued device. Norton says a password should be at least 10 characters, excluding real words or personal information (like a birthdate).
“By combining uppercase and lowercase letters with numbers and special characters, such as ‘&’ or ‘$,’ you can increase the complexity of your password and help decrease the chances of someone potentially hacking into your account,” Norton says.
UpGuard cautions against using passwords that repeat numbers (000000), or contain sequences (123456) or are frequently used. Common passwords include “password,” “test1,” “qwerty” and “iloveyou.”
5. Keep Your Devices Separate
Let’s say you watch Netflix shows on your tablet, pay bills on your home laptop and do work on your employer-provided laptop. If so, keep it that way. When you do work tasks on your home laptop, for instance, you might be jeopardizing sensitive business data if your personal laptop lacks the proper security. In addition, family and friends shouldn’t be allowed to use your employer-issued devices.
Coleman notes that the various personal and work devices we use at home are tempting targets for cybercriminals. To make matters worse, those devices may be getting more of a workout these days, with kids learning remotely and adults working remotely, he says.
“It’s not unlike any other disaster that we’ve seen since we’ve been relying on technology. Bad actors take advantage of a crisis. A global pandemic is a crisis,” Coleman says. “They’re going to take advantage of this because they know so many more people are online. There is a target-rich environment that bad actors see these days.”
6. Consider Multi-Factor Authentication
Multi-factor authentication adds a layer of security to an online account (such as your bank account), electronic device or computer network. But, according to the report from the Ponemon Institute and Keeper Security, 31% of IT professionals who were surveyed indicated their organizations didn’t require remote workers to use any authentication methods at all. Among the 69% of organizations that did require those methods, only 35% of the IT professionals said multi-factor authentication was mandated.
Multi-factor authentication depends on at least two methods of verifying someone’s identity before they can log in to an account, log on to a device or log in to a network. Those methods include passwords, security tokens and biometric identification (like a fingerprint).
“As hackers look to target less tech-savvy users that are new to working at home, multi-factor authentication stops hackers in their tracks,” information security website Help Net Security says. “In a time where most employees are working on unsecured home and public networks, having multi-factor authentication as an extra safeguard will not only take some burden off the IT team but will also help make employees that aren’t trained in security less susceptible to cybercriminals.”
The freedom that comes with working from home is accompanied by a responsibility to maintain security standards that would normally be provided for you when you work in an office. By developing good habits—such as establishing strong passwords, using multi-factor authentication and performing regular software updates—you can help provide the secure environment your work deserves.
Article By: John Egan and Daphne Foreman