Cyber-criminals won’t stop trying to gain access to your organization’s resources, just because you are away from the office. In fact, that’s when you are more likely to give them what they want. It’s natural to feel nervous about working away from the office, especially in times of change.
“90% of remote workers do not act securely according to IT professionals. 36% of surveyed organizations have been hacked as a result of the actions of a remote worker. 25% of employees use the same password over and over.”
Here are 10 things about internet security you should keep in mind when setting up to work from home or while actually working from home from our Chief Technology Officer, Mikael Vinding:
1. Identify and secure your remote workspace.
Some organizations provide devices for you to use, while others expect you to use your own devices when working remotely. Confirm expectations with your employer. Ask about tools and services you will need to utilize a proper setup that is as efficient as it is secure. Find a place that allows you to maximize productivity while being comfortable at home. Remember you are working, so establishing workplaces with minimal distractions is imperative.
2. Keep work and personal life separate.
Use your corporate services for all email communications and other data exchanges. Your employer most likely employs updated security measures on company products that are not present on your personal email or cloud. Using these products also projects a more professional image to external audiences.
3. Watch those emails.
There are many types of malicious emails – from phishing for personal information, and pretending to be someone with your company, to sending malicious attachments that will be disguised in a variety of clever ways. Email is the most common way that a corporate network is breached and so it should be monitored continuously.
4. Make sure your logins are secured.
Passwords and two-factor authentication are important! Use unique passwords – or even better, passphrases. Consider using a password manager. Two-factor authentication is one of the best security measures you can implement.
5. Make sure your local network and internet connections are secure.
Enable security settings on your router. Change default passwords and activate a firewall.
6. Update your software.
Keeping the software updated on your devices and router is the easiest way to plug security holes. Remember, even seemingly innocent devices such as your smart home camera can be used against you in a cyber-attack. If possible, keep two separate home networks.
7. Always be alert.
Cybercriminals are creative when it comes to targeting you. They use social engineering and many types of phishing information. Be extra-vigilant when working in a public space. There are many sneaky ways that you may be targeted in addition to emails. Mobile texts, social media, ‘dropped’ USB drives and official sounding phone calls are just a few examples. For criminals, it is a simple matter to fake a caller ID or to spoof anyone’s email address.
8. Use a VPN.
Especially when working over publish wifi or connecting to your company’s resources, you should utilize a Virtual Private Network (VPN). This helps ensure there are no eavesdropping or ‘man-in-the-middle’ attacks.
9. Lock your computer when you leave.
Whether going to the bathroom at a coffee shop, taking a call while walking around, or even at home – lock your computer screen! This way, no one can get into your computer…or worse – the cat send your CEO a message.
10. Training is always important!
Even experienced security professionals get thrown off-balance with new scams and security tricks – stay alert. Many companies provide security training and there are many resources online. NIST maintains a list of free and low cost training.
Utilize these tips and you will be much more secure than the average remote ninja. And remember, following these guidelines will protect your personal data as much as your organization’s data. That’s good for everyone, except the bad guys.