However, since the World Health Organization declared COVID-19 a pandemic, many companies are asking their employees to work from home. As more people log into networks from their homes, there is an increased risk of opening doors to hackers; who are using this pandemic as yet another excuse to deploy their attacks. In this environment, it is more important than ever to practice good security habits.
Here are nine practices to help secure your work-from-home environment:
Verify that the sites you visit have SSL / TLS
While browsing the web from your home, make sure to visit authorized websites. Different browsers have unique identifiers to show whether a website is secure and authenticated. See how a secure website looks in popular browsers to know how to distinguish authenticated sites from potential phishing sites.
Secure your network
A hacked network can mean system access by unauthorized users. Eliminate this possibility by controlling who can access the network. Use multi-factor authentication (MFA) to ensure that only authorized users can access controlled systems, such as your company's platform. After all, a home network compared to a corporate network is generally less secure because there is often a lack of Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS).
Additionally, working remotely requires a secure and robust Internet connection. When working from home, make sure your home network has a strong password and, if possible, try to separate your personal computer network from your IoT devices network.Follow these eight steps for enhanced Wi-Fi security for your home network.
If you choose to work from a café or other public space, be careful with public Wi-Fi and do not trust open networks.(read Dangers of Connecting to Public Wi-Fi for more details) . Make sure your device is not configured to automatically connect to any Wi-Fi signal it finds. If available, use your phone as a hotspot. You can also disable network discovery so your work computer is hidden from other computers on the network.
Secure your email
It may seem basic, but ensuring that you separate your work email from your personal email can protect you from attacks. It's quite common for a virus from your personal email to also infect a work email. You may consider using a different device for each one, or at least a different login.
MailRoute gave more tips for protecting your email in a recent press release.
Secure your physical devices
Cybersecurity and physical security are equally important. Keep your physical workspace secure and store your work devices safely every night. Don't step away from your computer with it unlocked. If possible, try to use only your work computer to connect to the business environment rather than using your personal computer.
Additionally, do not allow family members to use your work devices. This is another reason to consider using a different computer for work and personal reasons.
Beware of phishing attacks
As the demand for certain products will increase and the economic effect of this pandemic will apply to everyone, be careful of new techniques implemented by attackers to deploy their attacks. Emails with subjects like "Best stocks to invest in during a pandemic," "Free supplies provided by FEMA," and similar topics are often designed to attract clicks, and also require more security review because they may carry a malicious payload.
Collaborate remotely
It can be difficult to connect with colleagues while working remotely. You may consider setting up daily team check-ins to update project statuses, receive feedback, and discuss how to overcome obstacles. Online collaboration tools can help, but remember that even these tools can open vulnerabilities.
In January,Check Point Software found a flaw in Zoom that allowed intruders to spy on private Zoom meetings. While the vulnerability has been resolved, it is important to remain vigilant when using online collaboration tools and to monitor the news. Online videoconferencing platforms like Zoom often have authentication functionality for each meeting. Make sure to use this functionality to prevent open meetings where anyone without authentication can join.
Follow company policies
Company guidelines should always be followed, but it is especially important when working from home. Report any suspicious behavior to your IT security department.
Update your emergency contact information
Finally, make sure you have the correct emergency contact information listed so that if your company sends important updates, they go to the correct accounts.
Don't forget the basics
Working from home means maintaining the same good security hygiene we employ in the office. Don't click on links in emails from people you don't know. Many companies offer warnings on emails that originate outside the company, so users won't be tricked into trusting a phishing email. Use a VPN when connecting remotely to access company resources and to authenticate your machine on the corporate network. Update antivirus software regularly to receive the latest signatures. Keep your laptop updated with security patches (Windows and Mac). And do the same with your phone, which may be receiving email from the company network. The best defense is defense in depth, so employing multiple security tools will help maintain a high security posture and prevent your employer from being infected with malware.
While this is not a complete list to guarantee total security while working remotely, it's a good start. Simply knowing that working from home can increase your risk of cyberattacks can help employees stay on guard. And if employees learn best practices for working remotely now, it can help keep the workplace a little safer both during the COVID-19 pandemic and always.
By Dean Coclin
Dean Coclin is the Senior Director of Business Development at DigiCert. Dean brings to the company over 30 years of experience in business development and product management in software, security and telecommunications. In his role at DigiCert, he is responsible for representing the company in industry consortia and conducting the company's strategic partnerships with technology partners. He was president of the CA/Browser Forum and is the current vice president. He also chairs the ASC X9 PKI Study Group.