Amidst the coronavirus pandemic, many organizations have opted for remote work to prevent the spread of the virus and to keep their employees safe. This way, they can limit the impact on their business and keep serving their customers as usual. On the other hand, remote work brings various cybersecurity challenges for which companies are not prepared to deal with, considering how quickly their network infrastructure was setup for remote work. Hackers are taking advantage of the Coronavirus, as shown by recent attacks on healthcare agencies and the rises in COVID-themed phishing attacks, so it’s important for organizations and employees to be prepared to prevent any potential incidents.
Here are 9 cybersecurity best practices for remote workers:
1. Use a VPN (Virtual Private Network)
A VPN (Virtual Private Network), while useful for online privacy, can also protect your traffic from being intercepted by hackers. This virtual internet tunnel encrypts all of your internet traffic to ensure that any data shared with your company’s internal networks and technologies are safe from attackers. It is recommended to use a paid version of a VPN, as a high volume of users are using free VPN’s for work, which will slow down internet speeds considerably and lower your productivity.
2. Use Good Password Hygiene
Good password management is often neglected when it comes to mitigating cybersecurity risks. All it takes is one compromised password for a hacker to take over your accounts and gain access to critical systems for your organization. When a database is breached, for instance the Linkedin data breach, attackers will incorporate all the leaked passwords and user names into their tools to perform brute force attacks, attempting millions of password and username combinations in a matter of seconds. According to research, nearly 1/3 of adults re-use passwords for their accounts, whether it’s for work or their personal accounts. When your employee’s password is leaked on the dark web following a data breach, it’s very likely that your company becomes at risk of an incident. Working remotely should not be an excuse to neglect password best practices. Your IT team should enforce the use of a strong password policy that considers all of these factors, to ensure that it is respected even if employees are working remotely.
On another note, it is also inadvisable for remote workers to leave passwords hanging around their computers, allowing anyone to connect into critical company accounts. For this reason, it is highly recommended to use password managers such as Lastpass, to generate strong passwords and to ensure that no password is being re-used. This will remove the need to remember each password used for work or to write them down and will allow them to remain productive. Now is the best time to reset all passwords and to start practicing good password hygiene.
3. Setup Two-factor Authentication
Having a strong password, although it reduces your risks drastically, often isn’t enough to mitigate cybersecurity risks altogether. For example, it’s possible that your credentials are not properly encrypted while transiting within your company’s systems. Additionally, an attacker might be able to “guess” them using advanced hacking tools that leverage machine learning and large dictionaries. This is where two-factor authentication (2FA) comes into play. It provides an extra layer of protection to your accounts and validates the employee’s identity with little room for error. The extra step could be an email, a text message, a randomly generated PIN, which only the employee would be able to provide. While two-step authentication is not 100% hacker-proof, it will add yet another protection to prevent an unauthorized intrusion into your company accounts and systems. As remote work slowly becomes the norm, distant connection alerts will potentially be ignored by your IT teams. Two-factor authentication will help limit the risks that an unauthorized connection is being ignored and will act as a second “gate” to your technologies.
4. Use Strong Anti-virus Software
Although Windows has decent built-in virus protection (Windows Defender), it is not sufficient to protect your computer from infections. Because of this, remote workers should be vigilant and install strong anti-virus software, such as Bitdefender. Besides, they should perform regular scans to identify and malware that could be lurking on their devices. They should also double check that the built-in firewall on their routers is activated to secure all potential entry points for hackers targeting remote workers. This can easily be validated through the admin dashboard on their routers, generally accessible by typing 192.168.0.1 into your browser’s address bar.
5. Beware of Phishing Scams
Hackers are taking advantage of the pandemic to distribute phishing emails in mass, as shown by the 667% increase in phishing attacks recorded only in one month during the global epidemic. Using the fear and susceptibility surrounding the virus to create convincing scenarios, they attempt to coerce employees into submitting their authentication information or to download malware that will allow hackers to perform further malicious acts. Some recent phishing campaigns are attempting to replicate official government documents regarding the COVID-19 pandemic, allowing hackers to infiltrate malware onto the user’s computer. Some types of malware can be used to spy on the users, capture sensitive information or even encrypt access to any devices on the network to demand a ransom, known as a ransomware attack. Since a majority of communications are now performed through emails for COVID-19 remote workers, they are much more susceptible to fall for these attacks.
To spot a phishing email, always check the sender’s email address for spelling errors and look for poor grammar in the subject line and email body. Hover over links to see the URL and don’t click on any links or attachments unless you trust the sender 100%. If in any doubt, contact the alleged sender using a phone number or email address that you can find on an official and trusted source.
You can find out if phishing represents a real risk for your organizations by performing a phishing simulation with your employees.
6. Install Updates Regularly
Updates can often be seen as an annoyance for many, causing downtimes and delays for remote workers. With that being said, they are crucial, as updates are often released to patch security vulnerabilities that have been uncovered since the last iteration of the software was released. For instance, Microsoft recently released a security update to patch a vulnerability that could allow hackers to gain full access to any systems that were not updated. It is even more important now that many employees are connecting to their company’s systems and accounts through their personal computers, as they could pose an important risk to the confidentiality of their company’s information.
7. Keep Work Data on Work Computers
If you work at an organization with an efficient IT team, they may be installing regular updates, running antivirus scans, blocking malicious sites, etc., and these activities may be transparent to you. There is a good chance you have not followed the same protocols with your personal computer as are mandatory at work. Furthermore, your company can likely afford higher-end technical controls that you cannot. Without those running in the background, your personal computer is generally less safe for work and could easily be compromised. When possible, employees should limit the use of their personal devices for work and refrain from downloading any sensitive information to their computer, as those files could easily be compromised by a malicious file that has been roaming on your computer without your knowledge.
8. Secure Your Personal Network
In most cases, home routers are left with default passwords since their first installation (username: admin – password: admin). Default credentials for every type of devices are well known by modern cybercriminals and will be one of the first things they will attempt when hacking into your network. Changing your router’s password is an easy but important step to protect your personal network to prevent malicious intrusions into any connected devices, such as the computer used for remote working. You should also make sure that your router’s firmware is up to date, for the same reasons mentioned previously. Hackers are well aware of vulnerabilities available within outdated versions of various technologies, which only acts as another part of their toolset they will use when attempting to attack personal networks. These vulnerabilities will be exploited much more frequently with many companies now opting for remote work to prevent the spread of COVID-19. Another easy step you can take to keep hackers at bay is to make sure that your network’s encryption is set to WPA 2 or 3, which is much harder to crack than traditional WEP encryption. Futhermore, as mentioned in a previous point, it is crucial to have a firewall activated on your router (usually built into the device) to limit the risk of various attacks targeting personal networks.
9. Beware of remote desktop tools
Many employers now allow their employees to connect remotely to their internal networks to keep working from home, considering that they have no other ways to access the systems they use for their daily operations. While there are many secure options for remote access, such as Microsoft’s RDP, there is a multitude of malicious remote access software trying to benefit from the COVID-19 pandemic to infiltrate corporate networks. From internal networks, cybercriminals will attempt to infiltrate deeper layers of security to exfiltrate sensitive information or to infect the network with ransomware.