Everybody is suddenly working from home — and that can be a problem.
Many of us are already used to work remotely, be it from home, from hotels or in co-working offices. Some on a daily basis, some only partly.
The COVID-19 pandemic outbreak forced many more people as usually to work from home because companies were forced to close, businesses and offices had to shut down and almost everybody is supposed to stay home. Often this happened overnight with little time to prepare, or setup all these homeoffices with careful planning and security instructions. In fact, quite the opposite was the case.
With this in mind I think it is important to take a moment to reflect on the basic security measures everybody should implement and why cybersecurity is now more important than ever.
When working remotely we are accessing corporate resources and internal data from unsecured, personal networks. As this is currently indispensable in many companies, a lot of people are potentially exposing their company to cyber-attacks right now, all over the globe. Everybody is now more open to data breaches, scams, phishing and malware than usual.
The simple truth: Lots of people are using devices that were never meant for professional use and very few of the “new-comers” to remote working had time to prepare themselves properly beforehand or receive security training.
So without further ado here are some examples and recommendation on how we can improve security when working remotely:
Secure your home network
All of a sudden the webbrowser running on our own computer connected to our own personal WiFi became one of our most used business tools — and cybercriminals taking advantage of using network and device vulnerabilities of the fact that right now most people are creating, editing, and changing corporate data from an unsecured network. Under the current circumstances, there is an increased likelihood to steal and gain access to data that normally would be protected by security tools working on a secured company network.
Just to show that the threat is very real, here are some recently discovered browser vulnerabilities for three of the major browsers:
Microsoft recently released about 99 security updates for software vulnerabilities in the Internet Explorer (the most critical vulnerabilities could allow remote code execution). In January 2020 they found a zero day vulnerability in Firefox and a vulnerability was fixed just this week in Chrome that allowed arbitrary code execution in all google chrome versions prior to version 81.
Remember, many people work on their devices from 9 am to 5 pm, only to use the same device to watch Netflix & Co. then. Just as an example for the additional risk this poses: According to The Guardian more than 700 scam websites were identified as mimicking Netflix /Disney+ signup pages in the wake of the international lockdown.
So, before anything else: Make sure your browser is up to date! (and everything else too.)
But besides this probably most commonly followed advice, here are some other relevant elements everybody should keep in mind to make your home network more secure:
Securing your home router:
- Make sure you change your router default administrator password and network name!
- Secure your router with a secure password, working on a corporate network you forced to change your password periodically why not to apply the rule to your home network.
- Make sure your router Firewall is activated.
- WiFi encryption — hacking tools like pixydust or aircrack can hack weak encrypted WiFi. Therefore, make sure to strengthen use WPA2 with AES encryption.
- Make sure the Universal Plug and Play (UPnP) protocol is disabled.
UPnP is designed only to work within the local network in your home. It allows devices to configure themselves automatically, advertise what services they provide to everyone else on the network, and connect to other devices and if necessary modify your router to allow for device access from outside of your network. An UPnP client can obtain the external IP address of your network and add new port forwarding mappings as part of its setup process.
- Hide your network name (SSID), and if possible set up separate work and personal networks.
Securing your device:
- Make sure your OS automatic updates is enabled. If an automatic update is not an option, we highly recommend to check as often as possible if a new security update is available.
- Use antivirus software and make sure it’s always up to date.
- When accessing corporate resources and data use a VPN if possible.
Secure your Video Conferences
Working remotely and moving the meetings from the office meeting room to the home couch creates potential risks of exposing confidential and personal information.
Just lately “Zoom” got a lot of backlash from many security specialists and data privacy for its many flaws in security, from the non-existing end to end encrypting, “zoom-bombing” and to stealing user personal data.
But even when using secure software, there are multiple points to consider for video conferences:
- Always protect your meetings with a password.
- Make sure to verify all attendees in the meeting especially those without Video.
- Be aware of your environment: When having a video conference or online meeting make sure you have privacy. If you’re working from home this may be easier than working from a coffee shop or any other public place.
- If you work remotely from a public place like a café make sure you are clear from “shoulder surfing” and eavesdropping. This is especially relevant if you are using noise-canceling headphones.
- If a private place is not an option make a use of a screen protection, this will make it difficult for people around to read your screen.
- Prefer encrypted video platforms whenever possible.
- Verify links that are shared in the chat, don’t click if you are not sure.
- To be sure, or if you cannot follow all of the above for any reasons: Do not share classified information via video conference at all.
What else can you do?
The least you can do is follow the recommendations for basic online security and tell your employees and colleagues to follow them as well. But often that is not enough. Many technical solutions can’t be set up that easily, maybe you can’t force everybody to use a VPN, and you certainly cannot control the security of everyone’s home WiFi, personal devices and surroundings.
What you can do is give thorough security trainings to your employees. Because we all are human and we often are the weakest link when it comes to cybersecurity. But we can learn.
And we at re:think Innovations can help: Contact us now for custom tailored security solutions and security trainings.