9 Security Tips for Working Remotely
With the increase of cyber invasions aimed at remote and home workplaces, a place your employees must defend themselves, it is crucial to have the right security measures in place. As an organisation, you must help your remote workers to secure their working environment.Authors: Günther Lemmens, Jens Desmet & Sonja Noben
The progress in technology has made it trivial to carry out most of our regular duties from the comfort of our couch. Many people already work full-time from their home or local coffee shop. That said, this luxury comes with certain downsides. Online security threats are omnipresent. Remote workers not only have their personal privacy put at risk but working from home could result in a company security breach.
Online threats to remote workers
There are several common security threats that remote workers should be aware of:
- Unsecured Wi-Fi networks: most people will be working out their home where they can secure their Wi-Fi. But some may have to use unsecured public Wi-Fi networks which are prime spots for malicious parties to spy on internet traffic and collect confidential information.
- Using personal devices and networks: employees not having mobile equipment from the company will be forced to use personal devices and home networks for work tasks. These often lack the built-in measures that make business networks secure, e.g. antivirus software, customised firewalls, and automatic online backup tools. The lack of these extra security layers increases the risk of malware finding its way onto devices, leading to both personal and work-related information leakages.
- Scams targeting remote workers: there is an increase in malicious campaigns targeting remote workers specifically. Scammers became skilled in recreating corporate email or phone communication. We will no doubt see an increase in the prevalence of work-from-home scams.
Luckily, with the right knowledge and tools, many of these threats are mitigable. Günther Lemmens
Measures against cybersecurity threats
Even if most prevention actions situate at the home of your employees, you as an organisation have a role to play. To avoid cybercrime entering from home networks, you need to inform and direct your employees continuously on what they should do to protect their context against cyberthreats. These are nine different actions you should suggest to your employees.
Use strong passwords
All accounts need strong passwords that combine upper and lower case letters, numbers, and special characters (e.g. qQ32W85!&HC4). This measure seems like hyper evident, though many people tend to use relatively simple passwords. Also, create a different password per account. As such, when one password gets compromised, other accounts remain safe.
Remembering strong and unique passwords is impossible for most humans. Yet you also want to avoid people writing passwords down on a piece of paper or txt file. Therefore, recommend a password manager to your employees to store these passwords safely. LastPass or 1Password are popular cross-platform password managers, though many other reasonable alternatives exist. The most important is to have one.
Enforce two-factor authentication
Advice employees to use two-factor authentication wherever possible. It adds an extra hard to hack second step in the authentication process link. This extra step can be a text message confirmation, a security app such as Microsoft Authenticator or ItsMe, an ID card, a biometrics method (facial recognition or fingerprint) or a USB key.
Use a VPN
A VPN encrypts all internet traffic so that it is unreadable to anyone who intercepts it. Best is that as an organisation, you offer a VPN to your employees. Verify the quality of service that is possible over this VPN in terms of speed, reliability, and bandwidth. As today’s communication also comprises video streaming, the quality of service must be excellent to avoid frustration.
Set up firewalls
Firewalls are your first line of defence that prevent threats from entering your system. They create a hardware or software barrier between the internet and the devices of your organisation by specifically configuring allowed access paths and closing all other communication. Firewalls prevent external programs to enter your network and leak data from your devices.
Most operating systems have built-in firewalls. When your employees use their own devices, advice your employees to verify that the operating system firewalls are adequately set and activated. If you do not have access to a built-in firewall or are looking for some added protection, there are plenty of third-party firewalls available. Some great free options include ZoneAlarm Free Firewall 2019 and AVS Firewall.
Use an antivirus software
The firewalls do their best, but inevitably threats pass through. The second line of defence is antivirus software. This software detects, quarantines and blocks known malware. As the “known” in the latter is essential, it should be frequently updated. Norton, McAfee, Bitdefender, Avast Security and Malwarebytes are some options you can recommend your employees.
Regular updates of software
Software updates often include patches for security vulnerabilities uncovered since the last iteration of the software was released. Mostly these patches can be run automatically, so advice employees to check whether this option is activated.
Create data backups
Data is one of the most valuable assets of an organisation. When people work remote, they sometimes store data locally to integrate later on with the organisation’s data stores. Cyberattacks but also human error can cause loss of or damage to data.
Advice your employees to regularly integrate critical data to the organisation’s data stores and have a proper backup mechanism for local data. The most convenient solution is to store your data in the cloud. A condition is to use also here strong passwords to access your cloud storage, including two-factor authentication. Also, ensure that data transfer is done in an encrypted way to avoid spoofing.
Create cybercrime awareness
Cybercriminals target home workers through phishing practices. All channels are threat-sensitive: emails, texts messages, voice messages, and internet. Avoid your remote employees getting entangled in a ransom situation and inform how they can avoid phishing.
For emails, the advice is to check the sender’s email address for spelling errors and look for poor grammar in the subject line and email body. In the mail itself before clicking hover over the links to verify the URL and don’t click links or attachments unless you trust the sender 100 per cent.
On internet sites, advise your employees to verify the trustworthiness of the website before sharing any information on that website. Common signs of a phishing site include lack of an HTTPS padlock symbol (although phishing sites increasingly have SSL certificates), misspelt domain names, poor spelling and grammar, lack of an “about” page, and missing contact information.
Next, warn your employees to look out for calls where the caller asks for personal information or possible upfront payments. Legitimate businesses will never request such information over the telephone.
Use encrypted communications
Be clear to your employees how they can communicate and exchange data with each other. Best is to provide these means yourself so you can control the security levels (like Skype or Teams). Advice on tools that provide for secure communication with end-to-end encryption. WhatsApp is such an option you could suggest.
Keeping environments secure has become ever more critical in today’s context of increased remote work. Both employees, as the employer, have a vital role to play in terms of day-to-day security. Security awareness and measures are the first steps towards a better defence against malicious attacks. DigitalScaler has hands-on experience with increasing first and second line of defences, making organisations more secure. By having a holistic strategy that incorporates security and digital elements, we can increase the overall protection of systems, environments and data.