Since the beginning of the pandemic, one of the biggest changes that happened from the business perspective is the transition to the work-from-home (WFH) model.
During the lockdown, some organizations introduced WFH as a mandatory measure, and over time, as the coronavirus measures are tightening and loosening, it emanated different variations.
Many organizations saw benefits and opted for some type of the work-from-home model, whether it is a split-week, at-will, week-by-week, or any other type of hybrid model.
However, the transition which was previously thought would take a few years to implement, happened virtually overnight, which highlighted security risks and the fact that organizations and employees are not properly prepared for this type of threat.
Here we will discuss:
Security challenges of working from home
In addition to the challenges of working from home due to different work styles, different industry types, or lack of face-to-face contact, we have to keep in mind that taking our work home can cause serious security risks.
Taking a work computer home can result in data loss or data theft since there is a lack of the usual built-in security measures.
It raises quite a few concerns. Who has access to your home office? How safe is your network? Can someone steal your laptop?
The most important thing to remember is that you can avoid those risks by simply being responsible and on alert.
3 most common security challenges
1. Unsecured WiFi networks
When working from home, employees will be connecting to their home networks that are more exposed to the risk.
Often lacking security measures built into the company network, such as antivirus programs and firewalls. This makes it an easier target for malware and malicious attacks.
Moreover, when having a number of employees working from home, it is inevitable that some of those employees will ignore the recommended security measures.
2. Phishing scams
Hackers will more likely intensify their fraudulent activities in the near future, including phishing campaigns.
Phishing scams are aimed at stealing your personal information, like password, ID details, bank account details, credit card details, and others.
Hackers are already trying to take advantage of the COVID-19 outbreak to deliver malware, steal bank details, and more- Coronavirus-themed phishing attacks and hacking campaigns are on the rise.
In most cases, a phishing scam is conducted via emails asking you to update your personal information with a link to the site. The link will then guide you to the website that seems legitimate at first.
However, it is actually a fake website, so be sure to check the sender’s email address, check the URL address, and see if there are any discrepancies.
For example, the URL of your bank www.bank.com can slightly differ from www.1bank.com or similar variations while the site looks authentic.
Although you are vulnerable to phishing scams at all times, be even more conscientious when using your company’s laptop or other devices.
Phishing campaigns can also be conducted via SMS (SMS phishing or smishing) and landline telephone (voice phishing or vishing).
3. Using personal devices
You may be tempted to use your personal devices when working from home. However, there is a big possibility that your personal laptop lacks appropriate security measures and backup mechanisms.
This makes you directly responsible for exposing data to the unsecured environment and increasing the risk of potential malware.
10 security tips if you are working from home
1. Do not use your personal computer
It may seem convenient to use your own personal computer because you are more used to it or it performs better.
However, your computer is probably not safeguarded in the way your work computer is, which can increase security risk and cause loss or disclosure of data.
However, that is not the only risk, external devices can be infected with malware, even if you are unaware of it, and infect the secure network once you log in.
Using your own computer can also implicate some privacy risks for you. If you want to access information on your personal computer, you might be worried that the employer will be able to access your sensitive personal information.
This can also apply to the situation where you use the company computer for personal use.
2. Lock your devices
Locking your computer screen is a practice most companies adopted as a rule. Still, there is always that one person that gets into trouble for constantly forgetting to lock their computer when leaving their workstation.
When working from home, this rule is even more important and it is the easiest way to keep your data safe. It doesn’t require much on your part, just to keep your work habits in your home office as well.
If you haven’t already, make sure to protect your business phone with an appropriate password. Avoid using pattern lock since it is more susceptible to different social engineering scams using video footage to replicate your pattern.
Make this your TOP priority if you share your home with a lot of other people or work from a public place.
3. Do not leave your devices unattended
When talking about security risks, we are always more focused on cybersecurity attacks, malware, or other online fraudulent activities. However, your computer can be accessed physically as well.
For example, if you are working from a remote location and leave your computer unattended, this can create an opportunity for someone to gain access to your smartphone or computer or even steal it, so be extra careful.
Once the device is taken or the computer is accessed unauthorized persons can search for data, download it to USB or delete it, and cause you a lot of headaches.
4. Use passwords
By that, we mean use strong passwords, and while you might laugh it off, we think it has to be said once again; don’t leave post-its with your password around your computer.
When looking at the most common passwords the UK’s National Cyber Security Centre (NCSC) survey showed just how predictable and unaware of potential security risks we are.
NCSC’s breach analysis finds 23.2 million victim accounts worldwide used 123456 as a password.
Password “123456789” was used by 7.7 million, while “qwerty” and “password” were each used by more than 3 million accounts.
So use your imagination to create more elaborate passwords that include other symbols or numbers (ideally both).
If you don’t have an automatic periodical reminder to change your password on your computer, set notifications on your calendar to remind you to do so. The recommended frequency can range from every 30, 60, to 90 days.
However, changing your passwords often can lead to challenges in your password management. After a while, it gets very exhausting to memorize all your passwords, so a lot of people find workaround solutions like weaker passwords, saving passwords on their browsers, or writing them down.
That is why our recommendation is to use password managers, like KeePass software which can also help you create strong configurable passwords, while at the same time saving you the trouble of remembering them.
5. Avoid unsecured WiFi networks
Encrypted WiFi channels secure the data from interception, and safeguard connected computers or the connection from unauthorized users. An unsecured WiFi connection has no security encryption.
Differentiating one from another is easy, a secure WiFi network will always ask for your password. When using unsecured WiFi, one of the major security risks is data interception and network intrusion.
If you are using an unsecured WiFi connection refrain from using your login information because your data can be intercepted by third parties. Your instant messages, emails, login information can all be intercepted.
Hosting unsecured WiFi puts in danger the data stored on your company’s computers, and depending on how many unauthorized users are connected, authorized users may experience lag.
Read more about What Are the Dangers of Using Unsecured WiFi?
6. Use VPN
According to Norton VPN or Virtual Private Network gives you online privacy and anonymity by creating a private network from a public internet connection.
VPNs mask your internet protocol (IP) address so your online actions are virtually untraceable. Most important, VPN services establish secure and encrypted connections to provide greater privacy than even a secured Wi-Fi hotspot.
Most companies working remotely use VPN to secure their data and protect online privacy by encryption.
The obligation to provide VPN is on the employer side, so if you are a security expert in your company make sure to enable your employees working from home to do so via VPN.
7. Beware of the phishing emails
We already mentioned what phishing emails are, but how to spot a suspicious email? You should always be cautious and look for these 6 details that can reveal a phishing scam
- Check the senders’ email address
- Check the URL of the website
- Look for poor grammar
- Do not open attachments
- Do not reply to the phishing email
- Send a copy of the mail to the bank or credit card company that allegedly sent it
Also, alert your co-workers so they can also be prepared if such an email crosses their inbox.
8. Use antivirus programs and firewalls
Firewalls are often referred to as the first line of defense. It is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
Firewalls prevent malicious programs from entering your device or network and can block data leaks. Most likely, your device and router have a built-in firewall, so make sure you turn them on.
An antivirus program is the second line of defense, it detects malicious software and removes it (hopefully).
9. Back up your data
Since you are more vulnerable to cyberattacks when working from home, make sure to back up your data to prevent data loss in case something goes wrong.
Your computer can be damaged, the cause can be a human error or you can infect the system with malware. Whatever the scenario it is safer to back up your data in a secure cloud environment or on your companies servers via the VPN connection.
10. Educate and share information about cybersecurity
If your company has a security officer that conducts periodical educations on cybersecurity, make sure to attend, pay attention, and soak in all information- human error is the most common security risk, so it is always best to be on alert.
However, if for any reason you are not familiar with what your responsibilities are when working from home, ask your IT department, security expert, or your supervisor for guidelines and report any suspicious activity.
Organizations should take measures
If your organizations have employees working from home, you have to take all appropriate and necessary measures to ensure the same working conditions as your other employees and this includes security.
Create remote working policies and guidelines that will help your employees adapt and navigate through possible security incidents.
Your policies should include both technical and organizational measures that will explain how to create strong passwords, how to handle and protect devices like phones and laptops, how to log into the network, what to do in a case of a security or cybersecurity incident, and more.
