Amidst the coronavirus pandemic, many organizations have opted for remote work to prevent the spread of the virus and to keep their employees safe. This way, they can limit the impact on their business and keep serving their customers as usual. On the other hand, remote work comes various cybersecurity challenges for which companies are not prepared to deal with, considering how quickly their infrastructure was setup for remote work. Hackers are taking advantage of the Coronavirus, as shown by recent attacks on healthcare agencies and the rises in COVID-themed phishing attacks, so it’s important for organizations and employees to be prepared to prevent any potential incidents.
Here are 9 cybersecurity best practices for remote workers:
1. Use a VPN (Virtual Private Network)
A VPN (Virtual Private Network), while useful for online privacy, can also protect your traffic from being intercepted by hackers. This virtual internet tunnel encrypts all of your internet traffic to ensure that any data shared with your company’s internal networks and technologies are safe from attackers. It is recommended to use a paid version of a VPN, as a high volume of users are using free VPN’s for work, which will slow down internet speeds considerably and lower your productivity.
2. Use Good Password Hygiene
Good password management is often neglected when it comes to mitigating cybersecurity risks, but all it takes is one compromised password for a hacker to take over your accounts and gain access to critical systems for your organization. When a database is breached, such as the Linkedin data breach, attackers will incorporate leaked passwords and user names into their tools to perform advanced types of attacks, such as brute force attacks, attempting millions of password and username combinations in a matter of seconds. According to statistics, nearly 1/3 of adults re-use passwords for their accounts. Should their password be leaked on the dark web following a data breach, they will put their entire company at risk. Working remotely should not be an excuse to neglect password best practices, as employees are surrounded by their relatives. It is inadvisable to leave password hanging around their computers with passwords that allows anyone to connect into critical company accounts.
While working from home, employees should use password managers such as Lastpass, to generate strong passwords and to ensure that no password is being re-used. This will remove the need to remember each password used for work or to write them down and will allow them to remain productive. Now is the best time to reset all passwords and to start practicing good password hygiene.
3. Setup Two-factor Authentication
Having a strong password often isn’t enough to mitigate cybersecurity risks, for example, if your credentials are not properly encrypted within your company’s systems or if an attacker is able to “guess” using advanced hacking tools. Two-factor authentication (2FA) provides an extra layer of protection to your accounts and validates the employee’s identity with little room for error. The extra step could be an email, a text message, a randomly generated PIN, which only the employee would be able to provide. While two-step authentication is not hacker-proof, it will add yet another protection to prevent an unauthorized intrusion into your company accounts and systems. Many distant connection alerts will be disregarded by your IT teams in these following weeks. Two-factor authentication will help limit the risks that an unauthorized connection is being ignored and will act as a second “gate” that will discourage hackers.
4. Use Strong Anti-virus Software
Although Windows has decent built-in virus protection (Windows Defender), it is not sufficient to protect your computer from infections. Remote workers should be vigilant and install strong anti-virus software, such as Bitdefender, and perform regular scans to identify and malware that could be lurking on their devices. They should also verify that the built-in firewall on their routers is activated to secure all potential entry points for hackers targeting remote workers. This can easily be validated through the admin dashboard on their routers, generally accessible by typing 192.168.0.1 into your browser’s address bar.
5. Beware of Phishing Scams
Hackers are taking advantage of the pandemic to send phishing emails in mass. Using the fear and susceptibility surrounding the virus to create convincing scenarios, they attempt to coerce employees into submitting their authentication information or to download malware that will allow hackers to perform further malicious acts. Some recent phishing campaigns are attempting to replicate official government documents regarding the COVID-19 virus, allowing hackers to infiltrate malware onto the user’s computer. Some types of malware can be used to spy on the users, capture sensitive information and data. Since a majority of communications are now performed through emails for COVID-19 remote workers, they are much more susceptible to fall for these attacks.
To spot a phishing email, check the sender’s email address for spelling errors and look for poor grammar in the subject line and email body. Hover over links to see the URL and don’t click links or attachments unless you trust the sender 100%. If in any doubt, contact the alleged sender using a phone number or email address that you can find on an official and trusted source.
Find out if phishing represents a risk for your organizations by performing a phishing test with your employees.
6. Install Updates Regularly
Updates can often be seen as an annoyance for many, causing downtimes and delays for remote workers. But they are crucial, as updates are often released to patch security vulnerabilities that have been uncovered since the last iteration of the software was released. For instance, Microsoft recently released a security update to patch a vulnerability that could allow hackers to gain full access to any systems that were not updated. It is even more important now that many employees are connecting to their company’s systems and accounts through their personal computers, as they could pose an important risk to the confidentiality of their company’s information.
7. Keep Work Data on Work Computers
If you work at an organization with an efficient IT team, they may be installing regular updates, running antivirus scans, blocking malicious sites, etc., and these activities may be transparent to you. There is a good chance you have not followed the same protocols with your personal computer as are mandatory at work. Furthermore, your company can likely afford higher-end technical controls that you cannot. Without those running in the background, your personal computer is generally less safe for work and could easily be compromised. When possible, employees should limit the use of their personal devices for work and refrain from downloading any sensitive information to their computer, as those files could easily be compromised by a malicious file that has been roaming on your computer without your knowledge.
8. Secure Your Personal Network
In most cases, home routers are left with default passwords since their first installation (username: admin – password: admin). Default credentials for every type of devices are well known by modern cybercriminals and will be one of the first things they will attempt when hacking into your network. Changing your router’s password is an easy but important step to protect your personal network to prevent malicious intrusions into any connected devices, such as the computer used for remote working. You should also make sure that your router’s firmware is up to date, for the same reasons mentioned previously. Hackers are well aware of vulnerabilities available within outdated versions of various technologies, which only acts as another part of their toolset they will use when attempting to attack personal networks. These vulnerabilities will be exploited much more frequently with many companies now opting for remote work to prevent the spread of COVID-19. Another easy step you can take to keep hackers at bay is to make sure that your network’s encryption is set to WPA 2 or 3, which is much harder to crack than traditional WEP encryption. Futhermore, as mentioned in a previous point, it is crucial to have a firewall activated on your router (usually built into the device) to limit the risk of various attacks targeting personal networks.
9. Beware of remote desktop tools
Many employers now allow their employees to connect remotely to their internal networks to keep working from home, considering that they have no other ways to access the systems they use for their daily operations. While there are many secure options for remote access, such as Microsoft’s RDP, there is a multitude of malicious remote access software trying to benefit from the COVID-19 pandemic to infiltrate corporate networks. From internal networks, cybercriminals will attempt to infiltrate deeper layers of security to exfiltrate sensitive information or to infect the network with ransomware.