Best Practices For Working Remotely
As the Coronavirus spreads, more and more employees are taking safety precautions by working remotely from home. During these stressful times, it’s important to not overlook or slack on the safety and security of your company’s network and data. Here’s our best practices for working remotely:
1. KEEP WORK DATA ON WORK DEVICES
It’s tempting to use your home computer, tablet, and mobile device to work remotely, but keep in mind that this is a huge security risk for your company. There’s a good chance that your personal devices aren’t running regular updates and antivirus scans or blocking malicious sites which makes you an easy target for hackers. When working remotely, you should take the follow precautions: always use your work computer and devices, secure Wi-Fi, and a VPN, all of which will be discussed in further detail below.
That being said, do not use your family computer as your work computer. According to our Systems Engineer, Michael Tarasuik, “A VPN is a hole opened in your company’s network. It’s no more secure than bringing your personal computer to work and plugging it in. I can’t stress enough how risky this is. Even with my skill set, I don’t mix work and personal computers. You need one machine for work and an entirely different machine for personal.” On the same note, your kids should not be given access or granted permission to use your work devices, as they are not trained to spot risky and malicious links and emails, and tend to click on everything which could open your network up to malicious attacks.
2. MAKE SURE YOUR DEVICES ARE UPDATED
It is incredibly important to always run regular system updates in order to repair any bugs or abnormalities within your system. This applies not only to your computer, but your phone, tablet, etc. as well! If you neglect to update your system, those vulnerabilities are likely to be extorted by hackers. Hackers take advantage of these weaknesses by writing code specifically targeting the vulnerabilities in your system.
Software updates repair security holes and vulnerabilities, fixes or removes bugs, and can even add new features and remove outdated ones. Software updates will make your system more stable and often boost your system’s program performance as well.
This goes for your anti-virus, anti-spyware, and anti-malware software as well. Your system is regularly threatened by new viruses, spyware, and malware. These software updates contain the latest files needed to combat the newest threats that could potentially cripple your system.
3. USE TWO-FACTOR AUTHENTICATION
What is two-factor authentication? Two-factor authentication increases the safety of your online accounts by requiring two types of information. The first step is to use your username and password. Instead of immediately gaining access to your account at this point, you will have to provide another piece of information which could be:
- Something you know, such as a PIN or an answer to a security question
- Something you have, like a credit card or a smartphone
- Something you are, like your fingerprint or an iris scan
Sure, the extra step for two-factor authentication may take a little extra time and may be of slight annoyance, but it is well worth it to protect your online accounts.
Are you ready to get started with two-factor authentication?
For other online accounts, check out the TwoFactorAuth.org website. For work specific accounts, check with your IT department.
4. AVOID PUBLIC AND UNSECURED Wi-Fi NETWORKS
Using public and / or unsecured Wi-Fi networks puts yourself and your company at risk as your traffic, including sensitive data and login credentials, can be intercepted by a cyber criminal. These networks can also be used to distribute malware and ransomware.
- Never access sensitive or personal data. That includes: banking information, work and personal email, social media, etc.
- Never leave your computer, phone, or tablet unattended or unlocked.
- Never shop online using public WiFi. When entering your credit card information and address, you can easily be hacked.
- Whenever possible, use your Virtual Private Network (VPN). VPN can encrypt all the data and information you send and receive while using public WiFi.
- Turn your Bluetooth off when you’re not using it. Hackers look for open Bluetooth signals to gain access to your devices.
- Turn off the automatic WiFi Connectivity when you aren’t in a safe place like home or work. Although this is an extremely convenient feature, it allows your device to seamlessly connect to unsecured WiFi hot spots without your knowledge or consent.
If you are working in public, remember to block sight lines… if someone is sitting close enough or behind you, they can easily see what data you’re accessing or watch you type in login credentials.
5. BE AWARE OF ‘JUICE JACKING’
What is ‘Juice Jacking’? ‘Juice Jacking’ is when criminals load malware onto public charging stations and/ or cables, which will infect the phones and other electronic devices of unsuspecting users. These charging stations can be in hotels, airports, or even malls. Once connected, the malware will install itself to export data and passwords or even lock the device.
So, how can you prevent it?
- Never use public charging stations
- Travel with your own AC charging adapter and cables to use when you need a battery boost
- Never use someone else’s computer or cables to charge your phone
If you travel frequently, here’s a few more cybersecurity tips to keep in mind:
- Take time to update all of your operating systems, software, and apps. Having to install these while you’re on the road can be a real pain and use up valuable data.
- Make sure you backup all of your data in case your device is damaged, lost, or stolen.
- Be careful with your travel plans on social media and definitely don’t announce your vacation dates. You don’t want criminals to know when your home is empty.
- Be wary of the public unsecured Wi-Fi at airports, hotels, restaurants, etc. If you have to access the Wi-Fi, never access sensitive data. If you need to do any online shopping, access your banking account, etc., use VPN.
- Never use public computers to access sensitive data.
6. USE A VIRTUAL PRIVATE NETWORK (VPN)
VPNs mask your IP address in order to provide privacy and anonymity. Every business should ensure that their employees are accessing the company network and all key applications via VPN from a business provided device. If your business hasn’t provided a device to access the company’s network, you should fully understand the risks involved, which was discussed above in section #1.
Keep in mind that VPNs can possibly slow down internet speeds so practice patience when using a VPN to work remotely.
7. SET UP A FIREWALL
Firewalls work as a line of defense for your computer when accessing the internet. Firewalls can be programmed to block malicious websites and programs as well as prevent transmission of sensitive data from your network.
Your device and router likely has a firewall built in, but you should have your IT team confirm this and make sure it’s enabled before working remotely.
8. REMOTE SECURITY PROTOCOL
While working remotely, follow the same protocol that you would while working in the office. That includes:
- Never use your personal email for work purposes
- Never use non-vetted software or online messaging, which can pose security risks
- Ensure your antivirus and security software is in place and fully updated
9. DETECT AND REPORT PHISHING ATTEMPTS
What is a phishing email? The most common online threat, a cyber criminal attempts to trick you by creating and sending fake emails, that appear to be authentic, in order to infect your computer with a virus or malware and to capture your credentials.
Quickly spot a phishing email by looking out for these tell-tale signs:
- Is the email asking for sensitive email? Legitimate companies do not request passwords, credit card information, credit scores, etc., via emails. Chances are if you get an email asking for any of this information, especially when it’s unsolicited, it’s a scam.
- Is the email addressing you by your name? If the email addresses you as ‘valued member’, ‘account member’, ‘customer’, it’s probably a phishing email. Legitimate companies have your information and will address you by your name.
- Double check the domain name! Check the email address by hovering your mouse over the ‘from’ address and go through letter by letter, number by number, to make sure there were no alterations. Also, look for public email domain names… no legitimate company is going to contact you via a ‘@gmail.com’.
- How’s the grammar? An email received by a legitimate company will be well written. If there are multiple misspellings and grammatical errors, then it’s most likely a phishing email.
- Be wary of links! Always hover over the link with your mouse to see the website before you click the link. Also as a heads up, some cyber criminals will create phishing emails that are coded entirely as a hyperlink – be careful not to click!
- Is there an attachment? If you receive an unsolicited email with an attachment, be wary as it could contain a virus or malware. Be on the lookout for high risk file types including: .exe, .com, .scr, and .zip. If you have even the slightest inkling something is off, contact that company via phone to confirm legitimacy.
- Is there a sense of urgency? Many cyber criminals will ask you to ‘act now or else’ hoping you’ll click on the link or download the attachment without checking for the legitimacy of the email. This is especially effective in the workplace.
10. BACK UP YOUR DATA REGULARLY
Data loss is not only caused by natural disasters but can also be lost, corrupted, compromised, or stolen through hardware failure, human error, hacking, and malware. Backing up your data regularly is important to do while working at the office as well, not just when working remotely.
11. USE STRONG PASSWORDS
Usernames and passwords represent the keys to the kingdom for malicious attackers. Criminals who know how to penetrate a company’s defenses can easily steal hundreds or even thousands of credentials at a time, each one representing another potential entry point to compromise your organization’s network and data.
Did you know that 76% of people will use the same passwords for most, if not all, websites?
Make sure your passwords are complex and lengthy and never use the same password for multiple accounts. We highly recommend that you change them regularly as well.
While implementing all of the best practices above will certainly help to keep your company’s data safe, working remotely still poses a risk to your company. Make sure you stay in constant contact with your IT team and management to ensure that you’re following all company security policies and alert them immediately if you suspect any threats.
4332 Wheeler Road #105, Augusta GA 30907