Since the pandemic, working from home has become much more widespread worldwide. Even once the pandemic fades, many predict that remote working will remain prevalent across multiple sectors.
While working from home is convenient and has many benefits, it also exposes both individuals and businesses to a range of cybersecurity risks. That’s why it is essential to give serious consideration to home cybersecurity. By following best practices, you can mitigate most cybersecurity work from home threats quite easily.
With the rise in remote working, certain cybersecurity threats – in particular, phishing – have become more prevalent. A key issue is that, in most workplaces, an IT team will take care of cybersecurity within the office. With a distributed workforce working remotely, staff have to pay more attention to cybersecurity threats themselves. Here are the top remote working security tips to ensure you and your staff are working from home safely.
One of the most effective security tips for working from home is to invest in a comprehensive antivirus suite for you and your employees.
According to the UK government, the damage to the economy due to cybercrime is estimated at £27bn. This figure is only likely to increase as hackers look to exploit people's home internet networks and business VPNs to gain access to sensitive files.
These attacks could leave you, your business, and your employees open to ransomware attacks, DDoS attacks, malware, spyware, and other types of breaches.
Antivirus suites take the hard work off your hands by offering automatic remote work security against a host of threats, including:
Not only can a comprehensive antivirus suite fend off up to 100% of online security threats, but it also automatically updates itself to stay on top of new and emerging threats.
It also runs discreetly in the background of your other operations, so you won’t even notice the hard work it’s doing.
While you may trust yourself and your tech-savvy employees to keep themselves safe online, it’s worth remembering that working from home means company computers are more likely to be exposed to young children and other members of employees’ families.
Therefore, it’s important to remind staff to keep their devices safe and not allow other household members to access their work laptops, mobiles, and other forms of hardware. It’s also worth reminding them of the importance of password protecting their devices to prevent third parties from accessing sensitive files.
Working from home usually means taking part in teleconferences and video calls which require the use of your webcam. Unfortunately, savvy hackers can easily access your webcam without permission, compromising your privacy. Worse still, if you have sensitive documents around your physical workspace, hackers may be able to view these by hijacking your webcam.
If your webcam is separate from your device, you should unplug it whenever you are not using it. If your webcam is built-in, you should take extra measures to protect yourself – there’s no telling when a webcam attack could occur.
Sliding webcam covers are easy to find online in all shapes, sizes, and colors to suit your needs. They are typically easy to install, too, as most come with an adhesive layer that fits around your webcam.
While using videoconferencing software, you may also want to use functions such as the "blur background" feature if your platform has it. This can prevent people in your conferences from spying on objects in the background of your home, which can often include sensitive data about you or your clients.
Remote working often means connecting your computer to the company's Virtual Private Network (VPN connection) – but this, in turn, creates new home office safety 'back doors' that hackers could potentially expose.
First and foremost, it’s essential to provide employees with work from home security tips and guidance or policies on being a secure remote worker. Companies should look for ways to make their VPN more secure.
VPN security can be enhanced by using the most robust possible authentication method. Many VPNs use a username and password, but you may want to think about upgrading to the use of smart cards. You can also enhance your encryption method for VPN access, for example, by upgrading from a Point-to-Point Tunnelling Protocol to a Layer Two Tunnelling Protocol (L2TP).
Of course, it doesn’t matter how strong your VPN is: if an employee's password is compromised, it will give hackers an easy way in. So, it’s essential to ensure employees are updating their passwords regularly. You should also remind employees only to use the VPN when they need it, switching it off if they are on their work devices for personal use in the evenings or on weekends.
While working from home, employees will be using their home networks and internet connections. Therefore, it is a good idea to teach employees how to configure their wireless routers and personal firewalls and keep their home networks secure.
If your company relies on cloud or server storage, you should make sure all your employees are using this solution. If you feel your employees are not aware or familiar with your storage service, or are continuing to store files locally, communicate with them to ensure they are familiar with the centralized service. That way, if your company is compromised and local files are lost, destroyed, or compromised, you are more likely to have a back-up of necessary documentation. This method also means that important documents are safer, as they will be protected by the firewall attached to your centralized storage solution.
One of the simplest ways to ensure cybersecurity for remote workers is to strengthen your home Wi-Fi network's security. You can achieve this through some straightforward steps.
Create a strong, unique password, rather than relying on the automatic password your router came with. You can access your router’s settings page by typing “192.168.1.1” into your browser and change the password there. Make sure to choose a password that would be difficult for anyone to guess. You can also change your SSID, the name of your wireless network, on the same settings page to make it more difficult for third parties to identify and access your home Wi-Fi network. Do not use your name, home address, or anything that could be used to identify you.
Ensure you have enabled network encryption, which can usually be done under the security settings on your wireless configuration page. You will have several security methods to choose from, such as WEP, WPA, and WPA2. The strongest, if you are using newer hardware (more recent than 2006), is WPA2.
You can limit network access to specific MAC addresses for additional security. Every device that connects to your network has a unique MAC address (you can find the address for each device by opening Command Prompt, if you have it, and entering “ipconfig/all”). If you know the addresses of verified devices, you can add these to your wireless router’s settings so that only those devices can connect to your Wi-Fi network.
Finally, ensure you are running the latest version of your firmware by regularly visiting your router setting page. Patches and software updates often address potential security concerns.
Remote working often means relying on videoconferencing software – which, in turn, creates potential WFH security risks.
For example, in the past, Zoom was compelled to address security flaws after a spate of so-called “Zoom bombing” attacks. In these attacks, uninvited persons gain access to another person’s video conference and enter it to intimidate and harass other users. Although the term "Zoom bombing" derives from the Zoom app, similar incidents have taken place on other platforms.
The risks to your company are that, if your video conferences are being invaded and monitored, sensitive information about your business or your clients may be leaked. Your staff may also suffer personal and potentially traumatizing attacks from hackers.
In response to Zoom bombing attacks, the FBI released advice to help users protect themselves while using video conferencing software. This includes:
One of the simplest yet often overlooked ways to protect yourself when working from home is to strengthen your passwords and ensure that you have maximized password protection across your devices.
"Passwords generated from three random words help users to create unique passwords that are strong enough for many purposes, and can be remembered much more easily."
If you are responsible for business accounts, it is essential to ensure that money is being stored and transferred in the safest ways possible. The last thing you want is to encounter a security breach in any of your online banking platforms.
First and foremost, it’s essential to use only accredited software and services to handle funds. Use only services you know and are familiar with. If you are unsure about the credibility of a particular platform, search online for reviews and more information before using it. Credible institutions should include information for human contacts on their websites, people who customers can speak to if they have any concerns.
When accessing a banking website, make sure you are logged on via a Secure Hypertext Transfer Protocol. This means the URL should include https:// rather than just http:// at the beginning. You should also see a lock on the left of the URL bar of most internet browsers, indicating that website has an authenticated security certificate.
You can increase the security of your business and personal bank accounts by tightening passwords, adding memorable information, and, if possible, asking your bank for a card reader to ensure that all online payments require a physical payment card. If you can switch to mobile banking, many platforms now require a verified fingerprint to log in, which can enhance security even further.
Hackers, scammers, and phishers may try to target you via email, social media ads, or over the phone. They may request your bank details on the basis that they want to help you make large purchases or donations. Do not give your bank details to anyone, or transfer funds to any unsolicited vendors, unless you are absolutely sure that they are who they say they are.
Remember that scammers may try to mimic your colleagues, clients, or professional organizations, including your bank, to trick you into giving away sensitive information or transfer funds. Be vigilant, and don’t be afraid to ask anyone for additional proof they are who they claim to be.
Emails are essential for communication between colleagues. However, emails are also one of the easiest means of communication to exploit and compromise.
The UK’s National Cybersecurity Centre (NCSC) has made numerous recommendations for helping protect staff while working from home, including in the use of emails.
As well as calling attention to phishing scams which are becoming more prevalent, they advise the following measures for protecting email accounts:
In summary, to ensure working from home safely, remote workers can use these tips as a checklist:
Employers considering remote work security best practices can use these tips as a checklist:
As working from home has increased worldwide, cybersecurity for remote workers has become a hot topic. By following cybersecurity remote work best practices, individuals and organizations can avoid risks and ensure safety.