The mystery around the COVID-19 crisis hasn’t been solved yet and reports say, it is here to stay in its mutant forms. That means remote working/work from home culture is here to stay too. According to a recent Gartner survey, 47% of organizations will give their employees the choice of working remotely “post the pandemic”. Hopefully, we will see brighter days and the phrase “post the pandemic” becomes a reality soon. But, one reality check is that cybersecurity risks have increased manifolds due to this remote working culture. The primary reason being – a lot of untracked and exposed digital assets.
According to the CISO’s Benchmark Report 2020, businesses are struggling to manage remote workers’ use of phones and other mobile devices. In this blog, we will discuss the nine work-from-home cybersecurity tips for both employers and employees.
Before we deep dive into these cybersecurity tips, we need to look at the alarming cybersecurity statistics and risks that have come up due to remote working:
- According to the Infosecurity Magazine:
- Cybercriminals are leveraging the fear of the COVID-19 crisis, and thus, phishing emails have spiked by over 600% since the end of February 2020.
- Work-from-home has increased the average cost of a data breach by $ 137,000.
- 1 in 5 organizations that had security breaches were due to their remote workers.
- Close to half of those surveyed said they didn’t provide cybersecurity training to their remote working staff.
- According to Google, it blocked 18 million malware and phishing emails due to coronavirus in April 2020.
- HP Inc. in its HP Wolf Security Blurred Lines & Blindspots report said that 70% of office workers surveyed admitted to using their work devices for personal tasks. Almost 30% of the surveyed remote workers have let someone else use their work device.
Now, let’s deep dive into the cybersecurity tips to manage your remote working culture:
Secure Your Attack Surface
For Employees
- Report all the devices (mobiles, laptops, tablets, cloud VPNs, etc.) on which your work to your employer. Help them maintain an inventory.
- Never share your passwords with your family members or others.
- Never let others use your work devices for any kind of work (professional or personal).
- Use multi-factor authentication to access your work data (emails, files, sites, etc). Install and use authenticator apps that provide authentication through one-time passwords.
- Change your passwords frequently.
- Use password managers to store all your login credentials/ passwords.
- Switch your router’s password from the default setting to something else.
For Employers
- Become aware of your attack surface. Continuously discover and manage untracked, exposed, and shadow IT assets, you can use our attack surface management product – NVADR.
- Think beyond IPs and Subdomains, say, Code Repositories, Publicly exposed documents, Docker containers, pastebins, mobile apps, and many more.
- Train your staff on the updated cybersecurity practices.
- Regularly update your IT and IT security policies.
- Make it a mandate to use the points stated above for employees.
Never Delay Your Updates
- Make sure you install the latest software whenever you get a software update alert. Software updates secure your data by fixing security flaws.
- While using your smartphone, always keep a check on the updates and notifications when you use the same mobile for both work and personal purposes.
Don’t Turn-Off Your VPN
- You might access your employer’s network through a VPN (Virtual Private Network). The VPN secures the data between employee and employer as it makes sure that the data in transit stays secure. It keeps away cybercrooks and cyber spies from interpreting sensitive data, such as financial documents and customer information.
- While using a VPN on one of your devices, don’t turn it off while you are working. This is especially more important when you are using a public Wi-Fi network while doing work-related stuff. If you turn it off, the VPN’s security layer won’t be present anymore and this can allow an attacker to eavesdrop/sniff your data.
Look Out For Phishing Scams
- Cybercriminals are capitalising on the remote work wave to flood inboxes with fake e-mails. Cybersecurity experts warn, in particular, about phishing scams tied to the pandemic. You might also receive an email about a corporate policy regarding the coronavirus from your computer. But in reality, it might just be a part of a phishing scam. It includes the attachment or embedded link that the scammer wants you to click on. Clicking that unleashes malware onto your computer or try to lure you into other cyber attacks. Hence, pay heed to which links you click on in any email.
- The Federal Trading Commission said scammer emails may appear to be from a trusted organisation like the employers, to steal account numbers, passwords and other sensitive information.
Strengthen Your Password
- You need to set up a password for opening your devices or accounts. Your Wi-Fi network and router, that connects your internet-based wireless and wired gadgets, should be password protected. We suggest that you create a strong, lengthy password for every online account which you log in to or an employer-issued device. Norton says a password should have at least 10 characters, apart from your real words or personal information. (Like a birthdate).
- You should use complex passwords by compiling uppercase and lowercase letters along with numbers and special characters. Using passwords that repeat numbers (0000000) or have sequences (1234567890) or some common passwords such as “password”, “test1”, “qwerty” and “iloveyou” is not suggestible at all.
Separate Your Devices
- While watching Netflix shows on your tablet, you may pay bills on your home laptop and work from your employer-provided laptop. Maintain it that way. If you do work tasks on your home laptop, you might be jeopardizing sensitive business data in case your personal laptop is short of cybersecurity.
- Make sure you don’t let family or friends use your employer-issued devices. A variety of personal and work gadgets we use at home are tempting targets for cybercriminals. To make things worse they are getting exploited with online learning and adults working remotely.
- It’s no different from any other disaster we’ve seen since we’ve been relying on technology. Bad actors take advantage of a crisis. As we know that a global pandemic is a crisis and cybercriminals are going to make the most out of it because they know that many people are online and are a potential target. There is a target-rich environment seen by bad actors these days.
Use Multi-Factor Authentication
- Multi-factor authentication is an add on to secure an online account (such as your bank account), electronic device or computer network. But, according to the report from the Ponemon Institute and Keeper Security report, 31% of the IT professionals surveyed showed that their organisations did not require remote workers to use any authentication methods at all. Only 35% of the 69% of organisations requiring these measures have made Multiple factor authentication mandatory.
- Multi-factor authentication implies at least two methods before verifying someone’s identity while logging into an account, a device or a network. These measures include passwords, security tokens and biometric identification (like a fingerprint).
- Since targeting tech-savvy users new to working from home is easier, multi-factor authentication stops hackers in their tracks. Since most employees are working with unsecured home and public networks, multi-factor authentication as an extra measure will safeguard and take off some of the burdens from the IT team. This will also help employees that aren’t trained in security, less susceptible to cybercriminals.
Don’t Install Softwares From Untrusted Sources
- Don’t install APKs from unknown or unsolicited source/ third-party sites as they may have hidden malware or spyware.
- Don’t download unknown plugins or software or files from any source to view, use, and manage multi-media content. They could contain malware.
- Don’t download/open free softwares, attachments, and ads via unknown emails, social networking sites or flash drives.
Track Exposed Services on Your Home / Office Network
People often turn on some services (or run software that unknowingly turns on some services) on their machines/servers. These untracked services can allow an attacker to interact and may compromise the resources on your machines/home networks. You can use network monitoring utilities to track and identify if any of such service is open. For externally exposed assets, you can use our Attack Surface Management platform NVADR.
Conclusion
Along with freedom comes the responsibility of maintaining security standards while working from home, which is generally provided in your office. By inculcating safer methods in your daily regime like setting up strong passwords, using multi-factor authentication, and updating your software from time to time, you provide the secure environment, your work deserves.
On the flip side, according to Forbes, 80% of all hacking attempts are based on social engineering and cannot be avoided by any hardware or software use. Businesses are enforcing strict IT security policies inside their IT infrastructure, but these policies are not being enforced or paid attention to due to remote working. Thus, cybersecurity should come from within the employee.
If you want your cybersecurity levels to be intact and manage your organization’s external attack surface in your remote working culture, contact us!