IT Security When Working From Home
WORKING FROM HOME? IS YOUR ORGANIZATION SECURE?
Work from home has been a massive shift for many businesses. In the rush to adjust to the new normal, many companies have left security low on the list of priorities, focusing instead on collaboration, productivity, and simply keeping the organization running.
Even if your business hasn’t suffered a major breach yet, that doesn’t mean it can continue to neglect its cybersecurity responsibilities. With complicated vaccine roll-outs and many looking to continue working from home in a post-pandemic world, these work-from-home security gaps still pose major risks.
Due to the ever-growing impact of cyber attacks and a continually evolving threat landscape, it seems like it’s only a matter of time before organizations that overlook their cybersecurity responsibilities face a devastating attack. While companies need to have the right policies, training and tools in place for their protection, employees also need to do their part.
HOW CAN EMPLOYEES SECURE THEIR WORK-FROM-HOME ENVIRONMENTS?
There are a number of different steps that employees should take to secure both themselves and the company when working from home:
COVER YOUR WEBCAM WHEN NOT IN USE
If your computer or device gets infected by malware, you face a wide range of problems. One of these is that an attacker could access your camera and monitor whatever it is that you are doing. For your own privacy, and the company’s protection, a good defense is to simply cover up the camera when it isn’t in use. There are a range of commercial covers you can use for your phone or computer, or you can try something as simply as tape or a Post-it note.
KEEP YOUR DEVICES SAFE FROM MALWARE
It’s even better to prevent malware from infecting your computer in the first place. Taking the following steps should keep you safe from most attacks:
Keep your software up-to-date – Updates can often seem like a hassle, but they often contain important security updates. If you delay installing them, your device will remain vulnerable to the latest attacks that the patches protect against.
Stay away from suspicious websites – The internet is a minefield, but the threats tend to congregate on the dodgier parts of the web. Staying away from adult content, gambling platforms and torrenting sites will help to minimize the amount of malware you come across.
Don’t click on links or attachments if you don’t know what they are – Cybercriminals often use phishing to gain a foothold in their attacks. If you receive suspicious emails with links or attachments, do not click on them.
If you use Windows, run antivirus programs like Windows Defender or Malwarebytes.
USE UNIQUE PASSWORDS FOR EACH OF YOUR ACCOUNTS
If you have paid attention to password recommendations over the years, you have probably heard a lot of bad advice. If you are like many people, you probably use the same thing for all of your accounts, because it’s too hard to remember different ones.
This is incredibly dangerous, because data breaches are constantly happening. One or more of these past breaches may have included your username and password, and this information could have then fallen into the hands of attackers. You can check if your password has been involved in a publicly known breach at haveibeenpawned.com.
When your password is the same for all of your accounts, this presents a tremendous threat to your security. Hackers can simply try the password and username that have been breached on every other major platform. This can result in them having complete access to your online life, including your banking, email, and social media.
The solution is to use a password manager like LastPass or Keepass. These programs will help you create a strong password for each account, as well as store them for you. All you have to do is remember a single master password, and the password manager will keep all of the others secure. When you use unique passwords for each account, an attacker won’t be able to use the details from one breach to gain access to all of your accounts.
NIST does not currently recommend enforcing regular password changes, because this can often lead to users creating poor passwords. However, passwords should be changed whenever compromises are suspected, and it can’t hurt to change important passwords every year or so, as long as strong and unique passwords are used.
KEEP COMPANY DATA SAFE
When you leave your computer unattended, make sure to lock it to prevent its data from being accessed. On Windows, this can be done by pressing the Windows and L key at the same time.
Avoid storing sensitive documents locally, unless they are encrypted. The best solution will depend on your organization’s security needs. It may have its own secure cloud provider for data storage. For less-sensitive information, a mass-market offering like Dropbox or OneDrive may be acceptable.
FOLLOW YOUR ORGANIZATION’S SECURITY POLICIES
Every company is different, each with its own assets to protect and facing varying threat levels. These unique situations make it hard to give a comprehensive security rundown that applies to every organization. While the above tips will help to bolster your security, they are no replacement for a work-from-home security policy that was designed for your business’ unique circumstances.
If your company lacks an existing security policy, it leaves itself open to threats. Analyzing your organization’s unique situation can be complex, but VTS can take care of it for you. We offer security planning and implementation services that help to protect your company from the latest threats. Contact us now to find out how we can keep you safe from costly breaches.