6 tips to maximize security while working from home
Cyberattacks are on the rise as cybercriminals look to exploit the current COVID-19 pandemic which has left an unprecedented amount of people working from home which is highly unlike any normal working from home situation. As many begin to adjust to life away from the office, it is critical that people remain vigilant and have the knowledge of basic cybersecurity practices which can be easily implemented while working remotely.
Here are some of our top tips for how you can remain digitally secure while working from home and reduce your risk of becoming a victim of a cybercrime.
Most collaborative platforms, such as Slack and Zoom, are relatively safe when they are used to simply facilitate the day to day connectivity between teams. However, it is important to remember the need to take a holistic approach if you are utilizing these platforms. For maximum security, users should modify these applications away from their default settings.
For example, when using Zoom you should consider making the following configuration changes:
- Enable a waiting room, to protect against uninvited guests and don’t forget to close once everyone has arrived
- Make sure only the host can present and designate co-hosts prior to meetings
- Enable a meeting password and avoid using a static meeting ID
It is critical that you remain aware of when meetings are recorded and have a clear understanding of how these recordings may be shared and stored (and for how long).
When it comes, however, to sharing secure and private information, such as company finances and employee data, you should be using more secure communication channels.
'Free' programs in response to COVID19
In direct response to COVID19, there has been a surge in the number of companies offering free software programs to support remote workers. Before you decide to use any of these free programs on behalf of your company, it is extremely important that you first liaise with your IT and security departments to make sure that these programs are secure and viable to use. Nothing is for free and with the adoption of these 'free programs', vulnerability risk management remains key. Companies must keep track of how many resources are required to manage such solutions and as always security must remain usable. This means organizations must reject complexity when deciding on security solutions.
Acceptable Use Policy
Your company may already have their own acceptable use policy in place. If they do, you should continue to consult with and follow this as best as possible while working from home. If you do not have this as a guide, here are some tips to follow:
- Do not allow others to use your work computer while it is logged in with your company identity and credentials. This could allow others access to classified information.
- Do not leave your work computer unlocked and unattended.
- Avoid accessing and downloading low accredited news articles or software onto your work computer.
Be aware of other users on your personal network
When using a company device on your own personal network, it is critical that you remain aware (if you can) of what others within your network are accessing. Individuals can be subject to a data breach as a result of the actions of others who are using the same network. For example, a device within your network could download an unsecure application which could gain access to all other devices connected to that network. If possible, while working from home, you may want to consider adding a segmented WIFI access to your home network which is for your work devices only. This will help isolate you from any potential threats or risks that may arise within your network.
Connecting work and personal devices
Remote working will see an increase in the number of personal devices such as printers, USB devices and home assistant smart devices, being connected to work PCs. This will expose many work devices to increased amounts of potential risk. Using applications such as Microsoft Intune can help enforce secure policies by checking that all devices that become connected have the latest anti-virus encryption software. It is also important to be aware of what information could be shared when doing a Miracast, AppleTV or Chromecast.
Communication Remains Key
Maintaining strong communication with your team(s) while working remotely is one of the most preeminent things you can do to reduce the risk of a cyberattack. The more people talk, the less likely attackers are to get the opportunity to take advantage. Stay vigilant and be cautious of everything you receive. Verify tasks with others especially where financial data has been requested. Empower employees to not be afraid to ask for advice.
For any remote worker whether an employee, third-party vendor, partner, or contractor, organizations must adopt the right security strategy so they can perform their business tasks and stay productive while at the same time reduce the risk of cyber-attacks. Cybersecurity needs to be a priority in order to reduce the risks from cyber threats as much as possible. That being said, security should never be complex, and it must be usable so employees will accept it.
Joseph Carson is Chief Security Scientist and Advisory CISO at Thycotic. A Cyber Security Professional with 25+ years’ experience in Enterprise Security & Infrastructure, Joseph is a Certified Information Systems Security Professional (CISSP).