Remote work presents unique challenges for cybersecurity because remote work environments do not usually have the same safeguards as in the office. When an employee is in the office, their working environment is fortified by layers of preventative security controls. However, when devices leave the perimeter and people go remote, new risks arise for the company.
Therefore, as organizations around the world turn to remote work and learning, cybersecurity hygiene is an important practice to revisit and maintain. Individuals should continue to be vigilant against those looking to steal data, disrupt systems or undermine an organization’s reputation and credibility.
Review and implement the following cybersecurity hygiene areas and actions to protect yourself, your organization, and the organization’s data in a remote environment.
Make yourself aware
Remote work and learning inevitably increases the number of devices and online conferencing tools, like Zoom, Microsoft Teams, Google Hangouts and Slack, that an individual will use on a given workday. That shift simultaneously presents a greater number of potential targets for hackers and other criminals.
Unsurprisingly, cybersecurity firms are predicting a spike in hacks and breaches targeting businesses as the COVID-19 outbreak continues. Even at the beginning of March, security researchers identified multiple phishing scams in which attackers sent emails posing as authorities from places like the Center for Disease Control and Prevention or the World Health Organization in order to trick victims into downloading malicious software or providing their login credentials.
So what can you do to prevent a cyber-intruder from accessing your data or the company’s?
1. Be on the lookout for suspicious emails, texts, phone calls, apps
It is important to be extra vigilant about suspicious emails, texts, calls, or applications. Cybercriminals thrive on crises, so be cautious of phishing emails designed to entice you to click on the latest and greatest offer related to coronavirus protections, or with urgent instructions posing as someone within the Firm. To help combat some of these issues, pay extra attention to website addresses, and block suspicious phone numbers sending text messages or robocalls through your mobile phone.
2. Know the proper email addresses and phone numbers for key contacts (e.g., supervisor, IT helpdesk, information security team) and organization systems.
By verifying proper addresses and phone numbers (as well as saving them in your phone), you can more easily identify suspicious emails, text messages, and phone calls. Furthermore, having direct lines to individuals allows you to confirm any communications you may be unsure of.
3. Rely on your organization’s official website(s) daily for updates
Save your organization website(s) in your browser then use these to access the sites. This prevents you from typing in the website addresses or clicking suspicious-looking links that may resemble links you may see on a normal basis.
4. Report any suspicious communications or events, as well as any systems functioning improperly, to your organization’s IT and/or information security functions, via the approved channels
Overcommunicate here. By bringing any concerns to the attention of the IT professionals, they can assess the situation more thoroughly and take appropriate action. Furthermore, if you raise the alarm on certain shady behaviors or events, it may help protect others in your organization from similar attacks.
Actions you can take now
To help boost your cybersecurity hygiene, there are a number of proactive steps you can take:
- Use multi-factor authentication (MFA) for all possible applications, websites, and devices; where MFA is not available, use long and unique passwords (12+ characters) for applications and websites, and long PINs (6+ characters) for devices.
- Use your organization’s virtual private network (VPN) connection to securely access organizational systems and protect your activity.
- Use unique access codes for every web meeting or conference call; alternatively, if you must reuse the same access code, use a passcode to limit access to the meeting/conference call, especially for sensitive matters.
- Update all software on devices regularly, including operating systems (e.g., Windows, MacOS, Android iOS) and apps, to maintain diligent security protections.
- Update your internet router to ensure it has the proper anti-virus protections in place.
- Back up all critical files on your devices using organization approved systems.
- Follow any company guidelines on internet use and use of our own devices.
What to avoid
Part of your digital awareness is understanding what to avoid. Here are some things to watch out for:
- Do not click on any links in suspicious emails or texts.
- Do not send/reveal personal, financial, or username/password info in emails or texts.
- Do not share organization-owned devices with family and friends.
- Do not use Bluetooth in a public place as it is an easy way for hackers to connect to your device.
- Do not use free tools (e.g., free Gmail/Google Docs) for official sensitive matters.
- Do not use social media for organization work and communications (unless explicitly approved by your organization).
- Do not download new apps on your devices without proper vetting.
- Do not use personal devices to access organization systems and data (unless explicitly approved by your organization).
- Do not use USB drives unless acquired from or approved by your organization.
- Do not use public Wi-Fi. Only work on secure, password-protected internet protections. If you must use public Wi-Fi, be sure to: (1) Verify with the owner that the network is legitimate and password-secured; (2) Connect to the organizational VPN in order to protect your activity; (3) Avoid accessing any confidential or sensitive information.
Additional steps to consider to protect yourself:
- Change your Wi-Fi network password from the default provided by your ISP or router.
- Create a separate Wi-Fi network at home for your organizational devices to use.
- Keep organizational devices stored in a separate secure location in your home.
- Report any lost or stolen devices immediately to minimize the risk of fraud. We also recommend fully shutting down your organizational devices after each use.
Disclaimer: This material has been prepared for informational purposes only, and is not intended to substitute for obtaining accounting, tax, or financial advice from a professional tax planner or financial planner. All information is provided “as is,” with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information.