Category: Articles
30 WORK FROM HOME CYBERSECURITY TIPS
TABLE OF CONTENT :
Cybersecurity Tips
Since the COVID-19 pandemic, working from home has become the norm to keep everyone safe from infection. Even with the pandemic dying, more people are leaning towards working from home.
But working from home requires being connected to the internet, and with that comes a lot of cybersecurity risks. To keep you safe, we’ll be discussing helpful work-from-home cybersecurity tips to maintain an uninterrupted and safe work environment.
Here’s a list of 30 work-from-home cybersecurity tips:
Tip #1: Keep All Devices Updated
Software developers try to fix security loopholes or other service issues with frequent updates. Whenever there is an update prompt from the software dev, you should immediately update the device or the system the device is running on.
With frequent updates, all the security issues get patched out, and your devices stay safe.
Tip #2: Use A VPN
A VPN (Virtual Private Network) passes all the data on your device through a private, encrypted network tunnel. The tunnel is established across any kind of network you’re connected to at that moment.
Using a VPN keeps your data secure at public network access points and even at home. The encryption provided by a VPN makes it much harder to snoop on your traffic, location, or activity.
Tip #3: Keep Your Devices Separate
You should always keep your personal and work devices separate. If possible, keep your private network separate from the network you use to sign in to work.
That way, in case your network is compromised in any way, the hackers will not find a way into your work data.
The idea may seem very cumbersome, but it is safe in the long run because you never know which of your devices has already been compromised.
Tip #4: Don’t Use One Email For All Accounts
It’s not just about separating the devices for work and personal use. You should separate your work and personal email addresses as well.
That way, when one of your accounts is compromised, it will not affect the other accounts or other sectors, for that matter.
Another benefit of having a different email for work is that it’s a clear sign of professionalism. No one wants that awkward situation when they’re introducing themselves with an embarrassing email address in the workplace.
It’s a great practice to have separate emails for different uses. It doesn’t have to be exclusively for work or personal life. Just don’t overdo it to the point where you’re forgetting or mixing up your account credentials, which can lead to security breaches regardless of the precaution.
Tip #5: Enable Device Encryption
Encryption is the process where all the data is encoded, and the authorization for said data is only granted to specific individuals.
Even if your company doesn’t tell you to encrypt your data, you should do it anyway as an added precaution. Different systems have different methods of data encryption.
- For Windows: BitLocker
- For iOS: FileVault
- Linux: dm-crypt
- Android: Enabled by default ever since Android 6
- iOS: Auto-enabled since iOS 8
Tip #6: Secure Your Home Office
If you have a separate room set up as your home office, it’s best to secure the room with locks and remember to keep all your devices in check.
Devices can get stolen from home if left unattended, and anyone can walk into your office and cause you one form of harm or another, even when you are using separate devices for work purposes.
Tip #7: Secure Your Home Network
When working from home, it’s best to access work from a separate network, and access work from that network.
Even then, applying the best security practices for networks is the way to go if you’re trying to ensure your network will not be compromised.
Tip #8: Use Antivirus Programs
Antivirus software is an easy way to keep your device and network safe from
- Malware
- Ransomware
- Rootkit
- Spyware
- Trojan
An ideal antivirus program will work behind the scenes to protect your computer from all sorts of malware attacks and will resolve any issues regarding a virus that has infected your devices or systems.
Tip #9: Use Supported OS
Over time, new vulnerabilities and exploits are discovered regarding all different types of operating systems, and some of these exploits can impact older versions heavily.
Since supporting all versions of an operating system at the same time is expensive, developers of a system only support the last few major versions of a system.
If you’re using an older version of any operating system or an OS that is no longer supported by its developers, you’re putting your device at risk. It’s best to use an OS that has ongoing support and updates.
Tip #10: Keep Your System Updated
Even with a supported OS, there can be a delay between the disclosure and mitigation of a vulnerability. In this case, your system can fall victim to zero-day exploits.
To mitigate this issue, developers provide quick security patches. To minimize the risk to your data and other sensitive information, it’s best to apply security patches to all devices as soon as possible.
Though most modern devices apply automatic updates, you’ll need to remember to restart the devices for the patches to activate properly.
Tip #11: Enable Auto-Locking
When you’re walking away from your device, lock the device before leaving it. In case you forget, you should enable auto-locking for all your devices.
Make sure to set a convenient and reasonable timer delay when configuring the auto-locking. It’s automatically enabled on almost all modern devices.
Tip #12: Manage Your Passwords
Even with all the precautions mentioned above in place, hackers can get access to your device in one way or another. To ensure maximum security, you should assign a strong password to all your devices.
Don’t use passwords that are too easy to guess, or too obvious (your birthday, cellphone number, etc.). Make your passwords entirely random, so any attacker will have a harder time guessing the right combination.
Tip #13: Use Authentication Locks For All Devices
Two-factor authentication is where an individual is granted access after submitting two pieces of evidence to the authentication mechanism in place.
The two-factor authentication method reduces the chances of most attacks since the attacker can’t access your devices even when they have your password.
You might receive a push notification on your phone, or it could be an SMS to your phone. Or it could generate a one-time security key in an authenticator app.
Important note: while it may sound convenient, SMS is not a great choice for a two-factor authentication process.
Tip #14: Enable Find My Device And Remote Wipe For All Devices
In case you lose one of your devices, being able to remotely find your device is a crucial part of information security. When you are also able to remotely wipe the device, you can rest assured that the data will never be intercepted by any malicious third party.
Here's how to enable “find my device” for different operating systems and devices:
- Windows: Enable in Settings > Update & Security & Find my device.
- macOS: Set up iCloud on your device by going to Settings > Your Name > iCloud > Find My Mac.
- Linux: is not built into the operating system and requires a third-party app
- Android: Set up a Google account on the device, and it will be enabled by default.
- iOS: Set up iCloud on your device by going to Settings > Your Name > iCloud > Find My iPhone/iPad.
Tip #15: Wipe Any Device Before Getting Rid Of It
Maybe you aren’t selling or throwing your phone away. Maybe you’re just lending it to one of your acquaintances for a few days. Even for such a short exchange, make sure to restore your device to factory settings.
Once you do so, there’s no chance for anyone to access your data, or to have any control over your device, whether it be temporary or permanent.
But before you wipe your device or devices, always make sure to create a backup or transfer all the important data from the device you are about to wipe.
Tip #16: Train Your Employees
All the best practices adopted by an organization can still fail if all the employees are not trained properly in cybersecurity practices.
Cybercriminals are always looking for security loopholes, and taking advantage of an employee who’s not trained enough is one of the major reasons most companies get compromised.
If you are the head of an organization, here are a few topics you can organize training programs on:
- Avoid suspicious emails that are used in email scams and schemes
- Recognizing different types of phishing attempts
- Protecting employee social media accounts with operations security
- Training to use only verified and well-established SaaS applications
- Identifying different types of hijacking attacks
- Avoid installing third-party applications or software that come from an unreliable source
- Avoid installing browser plugins that come from an unreliable source
Tip #17: Always Monitor Third Party Vendors
The security of your organization is tied to the parties that you deal with beyond your organization as well. One of the third-party vendors with a weak security posture could lead to your organization getting infiltrated over time.
As the owner of a company, you should always invest in vendor risk management, as well as third-party risk management. There are security programs for this exact purpose as well.
Tip #18: Implement Email Security Practices
Every account you manage is ultimately tied to an email account. So securing the email accounts that are tied to your workplace, or the rest of your employees is of utmost importance.
Major hacking attempts start by hacking into an email account and using that email account to take over one or more accounts tied to that email.
Once email credentials have been secured, it’s time to turn your attention to email security against email spoofs and phishing attempts. Malicious emails are still a large medium for spreading ransomware and potentially harmful programs that can either damage or take over devices and systems.
When working on or updating your company policies, ensure to place a decent amount of SPF, DKIM, and DMARC policies to prevent email spoofing.
Tip #19: Implement Access Controls
Access control policies can be a lifesaver at times. Role-Based Access Control (RBAC) assigns permissions to end-users based on the roles you assign them within the organization.
This may seem like a simple step, but implementing RBAC restricts and limits data flow access only to those who are authorized to access it, resulting in lower risks of data breaches and leaks.
A good way to distribute access to employees using RBAC is to follow the principle of least privilege.
Tip #20: Cyber Hygiene Is Important
Cyber hygiene is the equivalent of personal hygiene but in terms of cybersecurity. Once it’s implemented in the daily routine of your organization, the risks of being affected by a cyberattack are reduced.
All you need to do is perform occasional checkups to ensure all the safety practices are in order.
Tip #21: Use Web Applications With HSTS
HTTP Strict Transport Security (HSTS) is a web security policy mechanism. If a website has HSTS enabled, the website can only be accessed via secure connections.
HSTS can help a site with the website’s overall protection and prevent users from cookie hijacking and protocol downgrade attacks.
Tip #22: Monitor Security Metrics For All Employees
Security metrics or cybersecurity metrics are measurable values that demonstrate how well a company is achieving its cybersecurity risk reduction goals. Organizations use security metrics at multiple levels to evaluate how well they are meeting their security standards and information security management requirements.
With staff working from home, it's crucial to set up metrics that monitor how well your staff is adhering to your information security policies while working from home.
Tip #23: Maintain a Strict Password Policy For Employee Devices
Ensure that your staff uses strong passwords by enforcing password requirements on company devices.
Tip #24: Encrypt All Company Devices
Encryption is the process of encoding information so that only authorized parties can access it. While it doesn't prevent interference and man-in-the-middle attacks, it does deny intelligible content to the interceptor.
Ensure that all company devices are encrypted as well.
Tip #25: Don’t Share Personal Information In Messages
When at your workplace, remember not to share any form of personal information through messages or emails from your workplace devices.
Even if someone asks you for your personal information, make sure the source is authenticated and can be trusted with the information.
Another thing to note is not to share photos of your remote work equipment anywhere. There’s a chance a perpetrator will collect information from the photo in one way or another.
You should also adopt the same precautions for your webcam. Don’t leave it turned on unless you’re using the camera, as hackers can access cameras and collect visual information about you or your family members.
Tip #26: Don’t Overshare Your Screen
When you’re in an online meeting, be careful not to share any window you don’t want others to see. To play it safe, close all unwanted windows during the meeting, instead of minimizing them.
While it can be awkward, it can also expose information about you that someone else can exploit personally.
Sometimes a member of the meeting can be a rogue employee, or the online meeting can be compromised by some sort of outside attack. In that case, oversharing your screen is the equivalent of handing the data to the hackers willingly.
Tip #27: Make Sure Your Video Conferences Are Secured
As the previous point suggested, video conferencing can be compromised. A great example of attacks like these is the “Zoom Bombing” attacks during the COVID-19 crisis.
During the beginning of the pandemic, online meetings and video conferencing were the safest options to keep workflows continuing while maintaining safety guidelines. However, hackers saw this as a new opportunity to trouble the general public.
Zoom bombing is when an unauthorized person or party joins a Zoom video conference, bypasses all security controls, and gains access to the entire chat.
Though there are precautions in place for incidents like these, personal caution is always a better option. To secure your chat, always assign a password for your Zoom meeting link, which will only authorize the required members to join the meeting.
You can also ensure that each employee has a unique ID and restrict their controls in the meeting room so that they can only participate in the meeting and nothing else.
Tip #28: Recharge Yourself Mentally
During COVID-19 times, everyone received a copious amount of hits to their mental health. As a result, you may find yourself mentally overwhelmed quite often. If you’re exhausted, it’s best to keep yourself away from work until you feel better.
This may sound entirely out of place, but your mental exhaustion can affect your security to a great extent. When you’re mentally feeling down, your brain isn’t fully operating, and you are not paying attention to details.
When you make mistakes or slip-ups in security details, you compromise your security, along with the security and credibility of the organization you are managing/ working with.
Working from home can sound easy to deal with, but it can be overwhelming at times. Make sure to mentally “recharge” yourself from time to time before you tend to more pressing matters.
Tip #29: Maintain A Good Working Environment
Just like the previous tip, a tip related to ergonomics can seem heavily out of place too. But this one is just as important.
If you are getting distracted every once in a while during work hours, you become more vulnerable to security breach attempts and opening malicious content while being distracted.
Along with mentally recharging yourself, don’t be shy about taking breaks to bring your focus back to work.
Tip #30: Keep The Company Security Guidelines Updated
Every remote organization should have a cybersecurity guideline that they follow accordingly.
If you’re the owner of a remote company, you should always prioritize updating your cybersecurity guidelines with the utmost precautions and safeguards.
These safety measures, when put in place, help you safeguard both your employees and sensitive data regarding the organization.
If you’re uncertain about any rules or regulations, always collaborate with your IT team and ensure the best rules are in practice.
Wrapping It All Up
Keeping yourself mentally prepared and knowledgeable can save you from most cybersecurity attacks, no matter if you are at home or at a workplace outside of your home.
Implement the best practices that suit your situation, and keep yourself secure from unwanted harm.