The world is under the threat of COVID 19 pandemic, forcing many organizations to switch to remote work. Apart from flexibility, working from home comes with the concern of cybersecurity. This is because not all remote employees have strong cybersecurity measures like the antivirus in place. Top of that, some of them might not be aware of the basic protection. It is the golden opportunity for the threat actors looking to exploit the slight vulnerabilities. And hacking the data from a soft target like a home PC is like a low hanging fruit for them.
According to a Kaspersky survey conducted on 6,000 employees, over 70% of remote employees have not undergone any cybersecurity awareness guidance or training from their company.The survey also concludes that over 20% of them have received COVID 19 related phishing emails.
90% of IT professionals believe that the remote environment is not safe, according to another recent study.
Understanding the Risks Associated with Remote Working
Unlike an average workplace, a remote work environment at home is not that protected. A workplace is protected by several layers of security controls. While not perfect, it is challenging to make a security mistake while at the workplace. However, when computers get away from the perimeter and people work from home, new risks occur for the organizations, and specific security policies become important.
Here are some common cybersecurity issues with remote work.
Accessing Sensitive Data through Unprotected Wi-Fi Networks:
Some employees might be using their home wireless network or accessing their office accounts using unsecured public Wi-Fi. This way, a threat actor nearby can easily spy on the connection to obtain sensitive data. For example, information delivered in an unencrypted form in a plain text might be stolen and encoded by threat actors.
Using Personal Devices for Work:
According to one survey, over 40% of employees admitted to transferring information between work and personal computers when working from home, which is not a safe practice.
Not Being Careful about Physical Security Practices in Public Places:
There might be employees, who talk loudly over the phone while working in public places or expose their laptop’s screen displaying sensitive data. Even worse, the devices can be left unattended.
Using Public Wi-Fi:
Many employees use free Wi-Fi available at their local cafes or libraries. The traffic over such free sources is not encrypted. Needless to say, hackers look for such unencrypted environments to pick their victim.
Most breaches are occurred due to human error. For example, the PC might be left unattended or the passwords are noted in the diary. Such mistakes are on the rise during the remote work.
Simple passwords like “ABCD” are dramatically easy for hackers to figure out, thanks to today’s sophisticated hacking tools, posing risk to remote work. Top of that, if the same password is used across multiple platforms, a hacker can have access to all accounts including corporate logins. In the remote work environment, this makes the data prone to hacking.
Many remote employees communicate over the phone as well as video calls. But they are not safe either. Thanks to the range of insanely advanced video and voice manipulation technologies being used by a malicious actor.
Over 80% of reported security threats comprise of phishing attacks that are widely known as the top data threats for cybersecurity in remote work. And COVID 19 has made this form of attack more widespread as hackers are sending COVID 19 alerts to the employees.
Aiming at both work and personal emails, these emails pose to be from a bank or employers. Though seemingly genuine, these mails let hackers gain quick access to your devices when you click the links or documents in their attachments.
WORK FROM HOME CYBERSECURITY TIPS FOR REMOTE EMPLOYEES
Keep Work Data on Separate Devices:
If you already following cybersecurity measures like using secure Wi-Fi, a VPN, and a virus, this might be fine. However, it can be tempting to utilize your domestic computer for work, especially if your computer is in a different room or it is not working. This can pose a great risk for you and your employer.
At your workplace, your PC is guarded by installing regular updates, running antivirus scans, preventing malicious sites, and so on. And these measures are not run on your PC, making it vulnerable to the threats. Moreover, your employer can afford sophisticated technical controls that you cannot personally.
Without such security layers in the background, your home PC is not safe for processing sensitive information as it can be targeted by cybercriminals.
Therefore, avoid accessing or processing your corporate data on your PC.
Avoid Public Wi-Fi as Possible:
Public Wi-Fi is not safe and introduces a security risk to your information ecosystem.
Prefer a personal hotspot from your phone or other dedicated devices. It will cut out the risk of being hacked by people on the same public Wi-Fi network with your phone. Although it will consume your data, the cost is minimal compared to the significant hack to your sensitive information.
If you don’t have a personal hotspot, using a VPN can protect your traffic. It works as a bulletproof jacket for your internet connection. Apart from encrypting the data being exchanged through the connection, it helps protect your data and can enable private and anonymous web browsing. However, you should still be careful about visiting malicious sites or clicking suspicious links.
Don’t Use Random Flash Drives:
A tried and tested hacking method is to drop several large capacity flash drives near the company to be attacked. An average employee will pick up the flash drive and use it. If you are a hacker, you couldn’t ask for more. But if you are a potential victim, you need to be careful. Although a hacker might or might not drop flash drives near your home, you can be gifted the drives through many methods. If you don’t know where the drives have come from, avoid using them.
Enable Multi-Factor Authentication for Added Security:
In multi-factor authentication, a computer user gets access only after successfully presenting two or more pieces of verifying factors. It can be a password coupled with an OTP. It means that one needs to enter a security code or other requirements apart from a password to access the account. And this is useful if someone cracks your password. It ensures peace of mind that you have an added layer of security.
Use Strong Passwords:
Using a strong password might seem the most basic piece of advice on this list. But it is one of the most important cybersecurity practices for remote employees. And it is equally true that many people are still not serious about their password protection. Even some of them use the same password for multiple accounts.
Make sure to keep a complicated and unique password for every account. Don’t note down the password on your desk or some rough papers lying near you. Instead, you can use good password manager tools to keep your all passwords in one place.
Set Up Firewalls:
A firewall is a basic defence to keep threats at a bay. They act as a barrier between your device and the internet by blocking ports of communication, thereby preventing malicious programs entering your device. Your OS comes with a built-in firewall. Many routers have also firewalls—thus, make sure to enable them.
Invest in Good Antivirus Software:
Although a firewall can ensure security, it’s not a guaranteed way to fight the sophisticated attacks. Therefore, it calls for reliable antivirus software that can add another layer of security to your system. Even if malware manages its way to your device, an antivirus can detect it and in some cases remove it.
While some antivirus products are free, you can use paid tools for the devices containing extremely sensitive data.
Secure Your Home Router:
When was the last time you changed your router password?
If you haven’t changed it yet, you are asking for trouble. In other words, a default or a regular password weakens your home network. Luckily, it is not rocket science to protect your home network. Make sure to update your router password. Besides, check if firmware updates are installed so that the security vulnerability can be fixed. Make sure to set the encryption to WPA2 or WPA3.
Back up Your Data:
Even though you have the best security practices in place, it would be better if you backup your data frequently. You never know when your computer is damaged or stolen. The data can be lost in other ways too, including ransomware and cyber-attack. You can use a separate HDD. Some cloud storage services offer free cloud storage up to certain limits. Even Google Drive comes with up to 15 GB of free space. Why not use it?
Don’t Respond to Phishing Emails and Sites:
As we have told you before that phishing emails are used to trick you into giving personal details or account info. With over 50% of the workforce working from home due to COVID 19 outbreak, cybercriminals have better chances to lure the victims. And their work is easier this time, thanks to the lack of office-like cybersecurity at the home.
But you can avoid getting trapped by ignoring the suspicious emails or links.
Take Care of Physical Security:
Virtual methods are not the only way to lose your information. You can’t sideline the traditional method of stealing, including peeping and lifting. Here are some ways to deal with such physical or real-world risks:
Close the Doors:
That might seem odd over here, but it is a valuable tip to follow. You never know when someone visits your home only to see your passwords or another confidential piece of information. Above all, your computer or HDD can be stolen. To keep such risks at bay, make sure to lock your door whenever you leave the desk.
Avoid Leaving Your Devices or Laptop in the Vehicle:
Make sure to carry your laptops and devices at all times while on the road or out of the house. Even your car is not safe for keeping your laptop.
Block the Sight Lines:
Be careful about the sightlines when in public. Your laptop screen can be visible to someone sitting behind you. And the trained eyes of a cybercriminal can decipher what you type.
Work from home has become a new normal for the corporate world, especially for IT and data firms. While work from home facility ensures flexibility, the risk of data incident can’t be overlooked due to little to no security measures in place.
You as a remote worker are liable for your security. If any security incident takes place and the company loses its data, then facing penalties and losing the jobs are quite real. Therefore, your business Data security is as important as your productivity. We hope that the abovementioned tips will help you consolidate your remote work environment security.
What do you think? Please let us know by commenting below! All the best!!!