Gone are the days when going to work meant sitting in a dedicated office all day. The recent Covid pandemic made working from home a reality for many, and the sight of someone busy at a laptop in a coffee shop is hardly rare these days. Unfortunately, working remotely can increase the risk of suffering a cyber security breach. According to a recent report from Deloitte:
“Cyber criminals are switching tactics and exploiting COVID-19-related fears among the population. As a result, working from home is becoming a gateway to new forms of data theft.”
What steps can you take to ensure you are cyber-safe when working remotely? Here are Intaso’s eight top tips to help you stay safe.
Ensure your equipment and systems at home are up to date
Your home IT environment is a great place to start protecting yourself. When was the last time you checked for a firmware update on your router or wireless access points? Are the operating systems on ALL your devices up to date, with the latest security patches applied? It’s not a difficult task, yet many of us never get around to it. Start now!
Use a good antivirus and VPN solution
Anti-virus software is the first line of defence against incoming malware and phishing attacks. Make sure that all your computers have a regularly updated antivirus package running in the background and performing regular scans. They are not expensive, and some are free, offering a good starting level of protection.
To protect your connection, a Virtual Private Network (VPN) acts as a security barrier between your computer and the Internet, hiding your IP address from prying eyes. A VPN also encrypts your data after leaving your computer, keeping the data safe and secure. VPN software is often included with anti-virus software too, making it easier than ever to be safe.
Only connect to the Internet through a secure network
If you connect to a public Wi-Fi network, any information you transmit, share online, or put into a mobile app, could be accessed by someone else. The most basic measure is to use only trusted networks, which require you to enter a strong password. Be very cautious of free wi-fi hot spots of unknown providence. As mentioned before, use of a VPN will add another layer of security by encrypting the data you send and receive.
Use stronger passwords
The use of strong passwords should be something we all do, but unfortunately, it’s not. A recent CNBC article analysed a large number of leaked email passwords from a data breach and discovered that the most common password is “123456”. Other examples of (very) weak passwords include “Qwerty” (in the list at number 3), and “Password”, at number 4.
The best passwords use numbers, letters (including capitals) and symbols. The longer the password, the harder it is to hack. Don’t use the same password for multiple accounts and avoid using personal information such as date of birth, names of loved ones or information that might be known by others. There are plenty of good password manager apps to help too.
Take care with links, attachments, and downloads
There is something so tempting about links, attachment, and downloads. Like presents under a Christmas tree, we just want to open them and see what’s inside. Don’t! Hovering your mouse (without clicking) over a link will often reveal the true destination, typing the URL by hand is another option to avoid being spoofed. Never open an attachment unless you KNOW who it is from and why they are sending it. Think before you click!
Don’t respond to questions from unknown sources
In our rush to get work done and another e-mail out of the way, it is all too easy not to question why we are being asked to share information. Hackers can easily create e-mails that look as though they have come from trusted sources. In the office, if you get a strange request, you have the option of ‘popping over’ and finding out more. In a remote working environment, it is not as easy. Think about using an alternative communication route, such as the phone or company messaging system, to check that a request for information is genuine. If in doubt, don’t respond and see if there is a follow-up which makes more sense.
Don’t use your personal accounts for business activity
It can be frustratingly hard to get some things done easily and quickly in a business environment. Your IT department may have put in place restrictions on how things should be done. Work IT systems can feel cumbersome and slow compared to the ease of use of freely available productivity tools, such as Dropbox or Google Drive. However, danger lurks. Never share business information across non-business tools and accounts. You may mean only to share the file with your remote working colleague, but using a non-business account may mean significantly less security. Do you know in detail the privacy settings on your Dropbox or Google Drive account? Can you be sure you are not sharing with the world or making the hacker’s life easier? For business activity, stick with the tools and apps you have been given, using your work accounts.
Stay alert and call out concerns early!
Finally, stay alert, and if in doubt contact your IT help desk and discuss any concerns you have. This is doubly important if you have accidentally clicked on a link or think you might have downloaded a questionable file. The sooner you call out an issue, the easier and quicker it will be to resolve. We all make mistakes, and more often than not, no harm has been done.
About Intaso
Intaso are all about people and cyber security. A boutique head hunting and talent solution firm with Cyber and Information Security expertise, we have extensive first-hand expertise across all elements of attracting the right talent from often unfound and untapped resources. We believe that having a genuine passion for the industry, pride in the quality of our services, a tailored range of talent solutions and a personal approach means we have a unique offering which has worked with businesses of all sizes and industries.If you are looking for the best talent in the industry, or want to discover a great new role, please get in touch. We would love to hear from you.