Ten cyber security tips for those working from home
The Covid-19 pandemic has disrupted normal business operations across all industries. Employees are working from home, some for the first time. However, it’s a prime time for cyber-attackers to target businesses. Strathmore University’s @iLabAfrica Security Operations Centre technical lead JOHN OMBAGI shares points on how to minimise cyber attacks during this period.
1. Change your default Wi-Fi passwords
Both portable and home WiFi routers come with a default WiFi password. Most of the default passwords are easily predictable and can put you at risk when you have other unwanted users (attackers) accessing your network.
When it happens, attackers can steal your personal information or misdirect your traffic through an attack known as Man-in-the-middle (MitM) in networks.
Choosing a good password involves something that is easier to remember and hard for an attacker to guess. A good password is something that’s easy to remember and hard to guess.
2. Do regular backups
Ensure to make a copy of any critical projects you are working on. In any case of hardware failure, device loss or a ransomware attack, you can be confident that all your critical data is safe.
Failure to do this can lead to the disruption of your daily operations. If you are using a backup service such as Google Drive, OneDrive or Dropbox, make sure you have file synchronising off.
Save your data manually using these services every noon and evening. This is to protect your backup from corruption in case your PC gets a malware infection.
3. Update the software and operating system
Using old outdated software or an unpatched Operating System (OS) opens the door for attackers into your personal computer (PC).
Attackers exploit these kinds of weaknesses in your PC to gain access to your PC.
nsure you have installed all critical updates available for your computer and all the software that you are using.
Do not install pirated software or OS on your PC. If you cannot afford the software or OS you wish to install, consider checking for an open-source alternative as pirated software and OS are usually bundled with malware.
4. Use a password manager
Now you know how a good password looks like. However, maintaining all the passwords you create for each website you visit can be a daunting task.
This is why you will be tempted to reuse a good password, which is a bad idea.
To avoid password reuse, you can utilise a password manager, which will generate and maintain all the passwords you require.
You will only need to remember a single master password to access the password wallet or vault.
Most of the current password managers can also integrate with your browser to make website authentication easy.
5. Enforce 2FA on your accounts
Two Factor Authentication (2FA) is a security measure that ensures authentication to your personal accounts such as email and online banking are not only relying on passwords, but also another layer of authentication that tries to prove the owner is accessing the account.
Most commonly used online services have an option to add your phone number or email address for a One Time Password (OTP).
You receive the OTP as a text message or an email each time you successfully login to your account.
You will have to enter the OTP just after the password to access features in your personal account.
6. Watch out for phishing
A phishing attack involves an attacker who tries to trick a victim into doing things that will help in achieving a cyberattack.
Working from home involves the use of collaborative technologies and heavy reliance on communication tools including the email and mobile phone.
Cyber attackers are aware of the current shift in business operations. They are taking advantage of unsuspecting users.
The attack is usually in the form of emails, SMS or phone calls that seem to be from a reputable source.
To be safe, do not click links in what seems to be a malicious email or providing information to random people (or someone you have just known via email).
7. Don’t use public Wi-Fi network
When working from home, you might find yourself exposed to free WiFi networks in hotels and other similar public networks.
You can never be sure who else is using the same network; you might have a malicious user connected or even as the provider of the network.
This can lead to a MitM attack. To be safe, restrict all critical operations to your own private network that you can control.
For instance, create a mobile phone hotspot while in the public for your critical operations. Ensure you do not use a default password on your hotspot.
8. Don’t leave sensitive data on USB disks
While in the office, you have file-sharing services that are available at a click of a button. You can move a file from your office network to your PC in an organised way.
This is not the same when you are working from home. You will need to print a file that is on your laptop by physically copying it on a removable drive then plugging it in on your home PC.
Moving sensitive files from one PC to another using a removable drive puts you in a vulnerable position whenever you lose the drive.
Minimise this activity to one special USB that you can wipe now and then after using it or make use of trusted services such as Dropbox, Google Drive and OneDrive.
9. Don’t leave your digital device unattended
Whenever you are working from a public place or facility, ensure you secure your digital devices such as phones, tablets and laptops.
If any of these devices gets lost, it puts you and your organisation at risk. Minimising the impact in such cases involves you having passwords enabled in all your devices and enabling remote wipe options on the devices.
Always enable full disk encryption on your laptops and phones. This helps minimie data exposure in an event of device theft.
More so, this will limit an attacker accessing your organisation if the Virtual Private Network (VPN) is in use or reading sensitive emails.
10. Work separately from your personal activities
Working from home means more freedom on your hands. It requires being ethical, highly committed to your work and creating a manageable work routine with breaks in-between.
You will be using your work PC if your organisation does not provide one. Avoid mixing your personal activities with official activities.
Treat your online workspace as the way you would work in your office. Do not have inappropriate music playing in the background, accessing inappropriate content and multiple tabs.
These kinds of activities can open doors for attackers to infiltrate your system or cause you embarrassment when you use the wrong email for sensitive business communication.