Cyber-criminals won’t stop trying to gain access to your organization’s resources, just because working remotely or “working from anywhere” has become the new normal. In fact, this is when you and your employees are more likely to give them what they want.
This sudden shift to remote work means that sensitive information once accessible only on-site is now open and accessible from anywhere.
Scary… And we haven’t got to this yet:
“90% of remote workers do not act securely according to IT professionals. 36% of surveyed organizations have been hacked as a result of the actions of a remote worker. 25% of employees use the same password over and over¹.”
So, are you ready for the good news? Here it is: You are not alone. Many other businesses and business owners, by and large, are worried about cybercrime and ultimately the shift to remote work.
That’s why we sat down with our Chief Technology Officer, Mikael Vinding, and asked him to give us the 10 best and (most important) cyber security best practices for shifting to a remote workplace. We hope this helps and will help to set you and your business up to work from home.
1. Identify and secure your remote workspace
Some organizations provide devices for you to use, while others expect you to use your own devices when working remotely. Confirm expectations with your employer. Ask about tools and services you will need to utilize a proper setup that is as efficient as it is secure. Find a place that allows you to maximize productivity while being comfortable at home. Remember you are working, so establishing workplaces with minimal distractions is imperative.
2. Keep work and personal life separate
Use your corporate services for all email communications and other data exchanges. Your employer most likely employs updated security measures on company products that are not present on your personal email or cloud. Using these products also projects a more professional image to external audiences.
3. Watch those emails
There are many types of malicious emails – from phishing for personal information, and pretending to be someone with your company, to sending malicious attachments that will be disguised in a variety of clever ways. Email is the most common way that a corporate network is breached and so it should be monitored continuously.
4. Make sure your logins are secured
Passwords and two-factor authentication are important! Use unique passwords – or even better, passphrases. Consider using a password manager. Two-factor authentication is one of the best security measures you can implement.
5. Make sure your local network and internet connections are secure
Enable security settings on your router. Change default passwords and activate a firewall.
6. Update your software
Keeping the software updated on your devices and router is the easiest way to plug security holes. Remember, even seemingly innocent devices such as your smart home camera can be used against you in a cyber-attack. If possible, keep two separate home networks.
7. Always be alert
Cybercriminals are creative when it comes to targeting you. They use social engineering and many types of phishing information. Be extra-vigilant when working in a public space. There are many sneaky ways that you may be targeted in addition to emails. Mobile texts, social media, ‘dropped’ USB drives and official sounding phone calls are just a few examples. For criminals, it is a simple matter to fake a caller ID or to spoof anyone’s email address.
8. Use a VPN
Especially when working over publish WIFI or connecting to your company’s resources, you should utilize a Virtual Private Network (VPN). This helps ensure there are no eavesdropping or ‘man-in-the-middle’ attacks.
9. Lock your computer when you leave
Whether going to the bathroom at a coffee shop, taking a call while walking around, or even at home – lock your computer screen! This way, no one can get into your computer…or worse – the cat send your CEO a message.
10. Training is always important!
Even experienced security professionals get thrown off-balance with new scams and security tricks – stay alert. Many companies provide security training and there are many resources online. NIST maintains a list of free and low cost training.
Utilize these tips and you will be much more secure than the average remote ninja. And remember, following these guidelines will protect your personal data as much as your organization’s data. That’s good for everyone, except the bad guys.