How do organizations successfully maintain a strong cyber security stance, with so many staff members working at home due to the novel coronavirus rules and regulations?
Remote workers are likely to become a growing target for cyber criminals. The following guidelines are designed to help you conduct a cyber security risks assessment and then minimize potential cyber security threats.
Unsecured Wi-Fi Networks: Most workers will be working in their homes, where they have secure Wi-Fi. However, some individuals may need to use unsecured public Wi-Fi networks, which are prime spots from which malicious parties could spy on Internet traffic and collect confidential information.
Using Personal Devices and Networks: Personal devices and home networks often lack the security tools that are built into business networks, such as strong antivirus software, customized firewalls, and automatic online backup tools. This increases the risk of malware finding its way into devices - meaning that potentially both personal and work-related information could be leaked.
Use Strong Passwords: It is as important as ever to ensure that all accounts are protected with strong passwords. Passwords should be unique for every account and should comprise a long string of uppercase and lowercase letters, numbers, and special characters.
Set Up Two-Factor Authentication: Two-factor authentication (2FA) and two-step verification (2SV) involve an additional step that adds an extra layer of protection to your accounts.
Use a VPN: Using a virtual private network (VPN) can slow down Internet speeds; keep this in mind if you need to perform high-bandwidth tasks such as holding video conference calls.
Set Up Firewalls: Your device’s operating system typically will have a built-in firewall. In addition, hardware firewalls are built into many routers. Make sure that yours are enabled.
Use an Antivirus Software: Even if malware does manage to find its way onto your device, an antivirus may be able to detect it, and in some cases the antivirus may remove it.
Install Updates Regularly: Updates often include patches for security vulnerabilities that have been uncovered since the last iteration of the software was released.
Back-up Your Data: Data can be lost in a number of ways, including human error, physical damage to hardware, or a cyber attack. Ransomware and other types of malware can wipe out entire systems without you having a chance to spot it. Make sure to back-up your data either on the organization’s cloud or on dedicated hardware.
To spot a phishing email, check the sender’s email address for spelling errors and look for poor grammar in the subject line and email body.
Hover over links to see the URL and don’t click links or attachments unless you trust the sender 100 percent. If in any doubt, contact the alleged sender using a phone number or email address that you find somewhere other than in the suspicious email.
If you do click a link and end up on a legitimate-looking site, be sure to check its credibility before entering any information. Common signs of a phishing site include lack of an HTTPS padlock symbol (although phishing sites increasingly have SSL certificates), misspelled domain names, poor spelling and grammar, lack of an “About” page, and missing contact information.
Use Encrypted Communications: Use secure methods of communication. Thankfully, many mainstream messaging services such as Signal, WhatsApp, and Telegram come with end-to-end encryption as default or as an option.
Lock Your Device: If you do have to work in a public space, or if you live with people who you can’t share work information with, then it’s important to keep your device secure. Password-locking your device will usually encrypt its contents until someone enters the password.
For an extra layer of encryption protection, you can use an additional full disk encryption tool such as VeraCrypt or BitLocker.
If you need to physically lock your device, for example, at a library or hospital, a Kensington lock is a great option.