Best Practices to Support Remote Work and Computer Safety

by | Jun 2, 2020

Checkrun and QuickBooks Online two-way sync for all payments.

Cyber-criminals won’t stop trying to gain access to your organization’s resources, just because working remotely or “working from anywhere” has become the new normal. In fact, this is when you and your employees are more likely to give them what they want.

This sudden shift to remote work means that sensitive information once accessible only on-site is now open and accessible from anywhere.

Scary… And we haven’t got to this yet:

90% of remote workers do not act securely according to IT professionals. 36% of surveyed organizations have been hacked as a result of the actions of a remote worker. 25% of employees use the same password over and over¹.”

So, are you ready for the good news? Here it is: You are not alone. Many other businesses and business owners, by and large, are worried about cybercrime and ultimately the shift to remote work.

That’s why we sat down with our Chief Technology Officer, Mikael Vinding, and asked him to give us the 10 best and (most important) cyber security best practices for shifting to a remote workplace. We hope this helps and will help to set you and your business up to work from home.

1. Identify and secure your remote workspace

Some organizations provide devices for you to use, while others expect you to use your own devices when working remotely. Confirm expectations with your employer. Ask about tools and services you will need to utilize a proper setup that is as efficient as it is secure. Find a place that allows you to maximize productivity while being comfortable at home. Remember you are working, so establishing workplaces with minimal distractions is imperative.

2. Keep work and personal life separate

Use your corporate services for all email communications and other data exchanges. Your employer most likely employs updated security measures on company products that are not present on your personal email or cloud. Using these products also projects a more professional image to external audiences.

3. Watch those emails

There are many types of malicious emails – from phishing for personal information, and pretending to be someone with your company, to sending malicious attachments that will be disguised in a variety of clever ways. Email is the most common way that a corporate network is breached and so it should be monitored continuously.

4. Make sure your logins are secured

Passwords and two-factor authentication are important! Use unique passwords – or even better, passphrases. Consider using a password manager. Two-factor authentication is one of the best security measures you can implement.

5. Make sure your local network and internet connections are secure

Enable security settings on your router. Change default passwords and activate a firewall.

6. Update your software

Keeping the software updated on your devices and router is the easiest way to plug security holes. Remember, even seemingly innocent devices such as your smart home camera can be used against you in a cyber-attack. If possible, keep two separate home networks.

7. Always be alert

Cybercriminals are creative when it comes to targeting you. They use social engineering and many types of phishing information. Be extra-vigilant when working in a public space. There are many sneaky ways that you may be targeted in addition to emails. Mobile texts, social media, ‘dropped’ USB drives and official sounding phone calls are just a few examples. For criminals, it is a simple matter to fake a caller ID or to spoof anyone’s email address.

8. Use a VPN

Especially when working over publish WIFI or connecting to your company’s resources, you should utilize a Virtual Private Network (VPN). This helps ensure there are no eavesdropping or ‘man-in-the-middle’ attacks.

9. Lock your computer when you leave

Whether going to the bathroom at a coffee shop, taking a call while walking around, or even at home – lock your computer screen! This way, no one can get into your computer…or worse – the cat send your CEO a message.

10. Training is always important!

Even experienced security professionals get thrown off-balance with new scams and security tricks – stay alert. Many companies provide security training and there are many resources online. NIST maintains a list of free and low cost training.

Utilize these tips and you will be much more secure than the average remote ninja. And remember, following these guidelines will protect your personal data as much as your organization’s data. That’s good for everyone, except the bad guys.

Mendoza, N., 2020. How To Maintain Safe Cybersecurity Practices While Transitioning Workers From The Office To Remote Workstations. [online] TechRepublic. Witkowski, W., 2020. Working From Home Because Of Coronavirus? Don’T Give Your Company A Different Kind Of Virus. [online] MarketWatch. Souppaya, M. and Scarfone, K., 2016. Guide To Enterprise Telework, Remote Access, And Bring Your Own Device (BYOD) Security. [online] NIST.