As working from home becomes the new normal, the increase in cyberattacks is also gaining momentum. It seems that cybercriminals are using every possible opportunity to target remote workers as the weakest link within corporations.
2020 has been anything but an ordinary year, especially for companies that had to scramble to continue business operations without excessively disrupting their employees by forcing them to work from home. Well, that meant the security protocols in place at physical premises of an organization were in many cases non-existent for these workers, making them a highly appetizing target to cybercriminals.
Unfortunately, as we speak, a number of companies having no cybersecurity SOPs and policies in place, continue coming under attack.
But can a remote work environment be safe from the myriad of attacks that companies face? Is there anything that remote workers can do to stop or mitigate their risks of getting attacked? As a cybersecurity firm, we’re expounding upon everything we have learned so far in this blog post with our readers.
The online threats to remote workers
Before moving on to cybersecurity tips for remote workers currently working from home, it is important to understand how you, as a remote worker, can be at a greater risk than an agent working from within a centralized organization. Here are some of the most prominent ones.
Using insecure or public WiFi
When the COVID19 pandemic hit, workers were told to continue working from home in isolation. After all, we are social animals, requiring frequent interaction with our peers from time to time. This means working from cafes, restaurants, and other public areas meant a good choice for many remote workers. But beware the consequences.
The public WiFi you’re using for remote work, isn’t just unsafe, it’s also dangerous. Many cybercriminals who are good at what they do, often create WiFi hotspots public places, monitoring your traffic, and then stealing your confidential data such as bank account username/passwords and credit card numbers. This type of attack is called sniffing, and it is very common among attackers focused on delivering ransomware payloads.
If connecting with insecure WiFi is the only option for you, never open your emails or access your bank account information online. We’d suggest using your mobile hotspot or a 4G/5G broadband mobile internet device for use on the go.
Using your personal laptops and devices for work
We understand that in times like pandemic, not every company has extra resources to provide you with a mobile broadband device and a work laptop to continue working from home.
This leads to employees using their personal devices at home for their office work. While there’s nothing wrong in using your personal devices, they often lack the necessary tools such as updated antivirus programs, a strong firewall, encrypted email and automatic online backup tools to keep them safe.
Sadly, cybercriminals know this, and take advantage of the situation for their malware schemes which can include deploying ransomware and exposing both work-related and personal data on the darker side of the internet.
If using your personal devices is the last resort available, we suggest you keep them updated with all the necessary cybersecurity tools provided to you by your IT department so that you can continue working with complete peace of mind.
It’s important you don’t download any files. Use online tools such as Dropbox, Office 365, and G Suite to sync your work to the cloud. Because you’re using your personal devices, if your laptop gets compromised, so will your organizations network.
Online scams such as phishing still an attractive method used by hackers
According to research, phishing is still considered the biggest risk factor for employees either working from home or offices. Google’s Data has also revealed shocking figures:
More than 2 million phishing websites emerged in 2020 alone.
This means that unknowingly, employees submit personal information to phishing websites that look and feel identical to legitimate websites.
But phishing attacks don’t just stop here. There’s another phishing attack gaining traction whereby cybercriminals are successfully bypassing G Suite’s internal defense system, and sending emails to thousands of employees as “back to work” internal memos.
Given the fact that companies have been relying on email communication back and forth with their employees during the pandemic, cyberattacks are pantomiming companies’ HR departments to give an impression that the emails were sent from the company.
Fake but convincing HR compliance forms are also used to send emails and steal employees’ email credentials.
So, just when you thought phishing attacks were not so common, they turn out to be gaining popularity with hackers.
Cybersecurity tips for staff working remotely
In times like these, what should you do? Leave everything and remain safe or continue working at a risk? While there is no method of guaranteeing 100% protection against ransomware and malware attacks, there are methods you can still apply to ensure protection.
Here are some of the most important and must-have essential cybersecurity tips for staff working remotely from home:
1. Ensure physical security of your home office
Just as you would lock the doors after leaving your office, you should do the same for your home office too. There have been increased reports of crime and forgery where laptops, hard disks and smartphones were stolen from home offices. It isn’t the cybercriminals, but also lunatics you have to be vigilant of.
2. Check with your organization for a cybersecurity policy in place
It is always your employer’s responsibility to provide you with all the necessary tools to work from home. Always confirm with your company about any cybersecurity policy or SOPs that they may have in place.
Due to the COVID19 pandemic, a number of companies are rushing to have a complete cybersecurity plan in place. Once they share that policy with you, make sure to implement it at home.
3. Use a VPN
With skyrocketing cases of ransomware attacks in 2020, there is no doubt that VPNs have also equally surged in popularity over the past year. Some VPN providers even provide discounts on yearly plans. Nevertheless, contact your company to provide you with a VPN subscription or a proprietary corporate private network to use.
VPN stands for Virtual Private Network, which creates an extra layer of security between you and your online activities. This extra layer makes it harder (not impossible) and more time consuming for hackers to track your activities, because you will be using a location spoof method to change your location.
Moreover, the traffic from a VPN goes through a secure and encrypted network, making it extremely difficult for hackers to intercept and decrypt your private and sensitive data.
4. Use a secure WiFi
Your Home WiFi network is somewhat more secure than public networks. Make sure you use a strong password so that it is not easily cracked by hackers. Generally you want to be certain that you are not using older methods of password encryption on your SSID such as WEP which are easily defeated. You may also want to disable WPS authentication on your access point.
Many people never change their router’s default password which usually is “12345678” or “eeeeee” or “aaaaaa” etc. This often results in embarrassing situations when the network is compromised and data stored your laptop is stolen and encrypted.
5. Use updated antivirus programs
Needless to say, your antivirus programs need to be regularly updated whenever a new patch is pushed by the company. This is super important to ensure that all of the latest strains of viruses and ransomware are caught before causing catastrophic damage to your system and network.
6. Setup 2FA (Two Factor Authentication)
Two Factor Authentication, also stylized as 2FA or Two Step Verification (2SV) adds an extra layer of security just like a VPN, whereby even if your credentials are leaked, the hackers would still need access to your phone and/or a secret recovery email for a passcode to login. Make it compulsory to log in to your G Suite, Gmail, Outlook, and Remote access.
It is always helpful to have an added layer of security between you and the hackers.
7. Regularly backup your data
Data is a precious commodity these days. There is no loss greater than the loss of data when your personal devices are stolen or compromised. Hence, it’s important to ensure that your data is regularly backed up to secure cloud networks with another copy in an offline external hard drive. It is time consuming to backup data on two devices simultaneously, but it’s always worth the extra time and effort.
8. Beware of COVID19 related scams and emails
COVID19 dominated news headlines, and table talks throughout 2020 and so did phishing attacks where criminals exploited this topic for their personal gain.
The way it works is simple. Cybercriminals send emails appearing to be from a legitimate source such as the WHO, healthcare facilities, and pharmaceutical companies demanding you to click on links redirecting to COVID19 safety tips. If you receive such emails, do not open any attachments or click on any links therein.
9. Encrypt your devices
Encryption provides a secure and safe way of safeguarding your data from the prying eyes of hackers so that only you have access to it. Here is how to encrypt your devices for safety:
- Turn on FileVault (For MacOS)
- Turn on Bitlocker (For Windows OS)
- Encryption enabled by default for Android and iOS
10. Separate work devices from personal devices
If you’re staying at home, it’s likely your other family members are forced to do the same. During lockdowns and quarantines, global internet usage has increased. But if you are working from home, it is better to keep your work devices such as a work computer separate from home computer.
How can you do that?
- By keeping all work-related activities on your work computer only. A few tips to remember:
- Do not use online banking to pay bills from your work computer
- Do not use your personal email address on a work computer
- Do not use your work computer for online education such as submitting assignments for your children.
Stay safe and happy working from home 🙂