Cyber security safety tips while working from home
Covid-19 pandemic has disrupted normal business operations across all sectors, with some employees working from home for the first time as businesses opt for this kind of arrangement to enable continuity while meeting their employees’ safety as well. However, in this new normal, the firewalls are also down presenting cyber-attackers with the best opportunity to target businesses.
Change your default Wi-Fi passwords
Both portable and home Wi-Fi routers come with a default Wi-Fi password. Most of the default passwords are easily predictable and can put you at risk when you have other unwanted users (attackers) using your network.
When attackers have access to your private network, they can steal your personal information or misdirect your traffic through an attack known as Man-in-the-middle (MitM) in networks.
Choosing a good password involves something that is easier to remember and hard for an attacker to guess.
For instance "DX^&AJ(A_+2020"is an example of a bad password because it seems hard to guess but not easy to remember.
A good password is something like, "YouShouldRemberThisPassword_2020" is easy to remember and hard to guess.
Ensure to make a copy of any critical projects you are working on. In case of hardware failure, device loss or a ransomware attack, you can be confident that all your critical data is safe.
Failure to do this can lead to the disruption of your daily operations. If you are using a backup service like Google Drive, OneDrive, or Dropbox, make sure you have file synchronizing off.
Save your data manually using these services every noon and evening. This is to protect your backup from corruption in case your PC gets a malware infection.
Update your Software and Operating System
Using old outdated software or an unpatched Operating System (OS) opens the door for attackers into your PC.
Attackers exploit these kinds of weaknesses in your PC to gain access. Ensure you have installed all critical updates available for your PC and all the software that you are using.
Do not install pirated software or OS on your PC. If you cannot afford the Software or OS you wish to install, consider checking for an Open-Source alternative as Pirated software and OS are usually bundled with malware.
Use a password manager
Maintaining all the passwords you create for each website you visit can be a daunting task.
This is why you will be tempted to reuse a good password, which is a bad idea.
To avoid password reuse, you can utilise a password manager, which will generate and maintain all the passwords you require.
You will only need to remember a single master password to access the password wallet or vault.
Most of the current password managers can also integrate with your browser to make website authentication easy.
Enforce 2FA on your accounts
2FA stands for Two Factor Authentication. This is a security measure that ensures authentication to your personal accounts like email and online banking are not only relying on passwords but also another layer of authentication that tries to prove the owner is accessing the account.
Most commonly used online services have an option to add your phone number or email address for a One Time Password (OTP).
You receive the OTP as a text message or an email each time you successfully login to your account.
Watch out for phishing attacks
Phishing happens when attackers try to trick victims into doing things that will help in achieving a cyberattack.
Working from home involves the use of collaborative technologies and heavy reliance on communication tools like email and phone.
Cyber attackers are aware of the current shift in business operations. They are taking advantage of unsuspecting users.
The attack is usually in the form of emails, SMS or phone calls that seem to be from a reputable source.
To be safe, do not click links in what seems to be a malicious email or providing information to random people.
Your employer should define the Standard Operating Procedures (SOPs) during this period of the Covid-19 pandemic.
Avoid public networks for critical operations
When working from home you might find yourself exposed to free Wi-Fi networks, hotels, and other similar public networks.
You can never be sure who else is using the same network; you might have a malicious user connected or even as the provider of the network. This can lead to a Man-in-the-Middle attack.
To be safe, restrict all critical operations like business transactions and email access to your own private network that you can control.
For instance, create a mobile phone hotspot while in the public for your critical operations and dont use default password.
Don’t leave sensitive data on USB disks
While in the office, you have file-sharing services that are available at a click of a button.
You can move a file from your office network to your PC in an organized way. This is not the same when you are working from home.
You will need to print a file that is on your laptop by physically copying it on a removable drive then plugging it in on your home PC.
Moving sensitive files from one PC to another using a removable drive like a USB puts you in a vulnerable position whenever you lose the USB.
Minimize this activity to one special USB that you can wipe now and then after using it or make use of trusted services like Dropbox, Google Drive, and OneDrive.
Make sure you encrypt the files whenever you store them on your disk.
Don’t leave digital device unattended in public
Whenever you are working while in a public place or facility, make sure to secure your digital devices like phones, tablets, and laptops.
If any of these devices get lost, it puts you and your organization at risk. Minimizing the impact in such cases involves you having passwords enabled in all your devices and enabling remote wipe options on the devices.
Digital products from Apple and Samsung have features that enable the device to wipe off any data on the disk after a number of failed login attempts.
In addition, they provide remote device control, which can help you find your lost device.
Always enable full disk encryption on your laptops and phones. This helps minimize data exposure in an event of device theft.
More so, this will limit an attacker accessing your organization if the VPN is in use or reading sensitive emails.
Keep your work separate from your personal activities
Working from home means more freedom on your hands. It requires being ethical, highly committed to your work and creating a manageable work routine with breaks in between.
You will be using your work PC or your home PC if your organisation does not provide one.
Avoid mixing your personal activities with official activities. Treat your online workspace as the way you would work in your office.
Do not have inappropriate music playing in the background, accessing inappropriate content, and multiple email Gmail account tabs, etc.
These kinds of activities can open doors for attackers to infiltrate your organization or simply cause you embarrassment when you use the wrong email for sensitive business communication.