With the shift to working remotely increasing across the globe, cyber threats have risen simultaneously. Thankfully, with a bit of precaution and cognizance, it’s not too hard to minimize your risk. Taking a few simple steps to maintain good cyber-hygiene can help limit the chances of a security breach.
“My advice for mitigating cyber threats, whether you are an IT security professional or an employee enjoying working from the comfort of your home, would be to practice ’good cyber-hygiene,’” says Dr. Raheem Beyah, Executive Program Director of Georgia Tech’s Online Master of Science in Cybersecurity (OMS Cybersecurity). “For security professionals, this means knowing who is connected to your network, monitoring for unusual or unexplained behavior, and having a plan to halt or remedy any breach that might arise, including clear relevant communications to everyone in your organization. If you are a telecommuter, check with your employer’s IT team if there are any remote-work procedures to follow, install the latest security updates on your devices, and set up a two-factor authentication.”
Here a few simple steps that will help keep you cyber-safe while working from home:
- Install the latest software updates on your device. Keeping up-to-date with your devices’ software patches and updates is a simple – yet effective way – of ensuring that you have the latest patches to security vulnerabilities and are protected while working remotely. To avoid downtime, set updates to run automatically during the night, just make sure your device is connected to a secure network.
- Install anti-virus software. Many operating systems come pre-installed with an anti-virus protection program. If your device does not have the software installed, there are several free solutions available. Always keep your anti-virus software updated to help protect your device from known malware.
- Set up a strong password and enable two-factor authentication. Be sure to use different passwords for each of your accounts, using Georgia Tech's tips for creating and securing your password. While it may be tempting to allow your web browser to store your passwords, you should instead use a password manager, such as LastPass, to create, remember, and autofill all your passwords. Or, you can take it a step further and set up a two-factor authentication (2FA). This will protect your account in case the password is leaked in a data breach. With 2FA you will have to complete an additional step when logging into your account, this can be a text message, an email, or a biometric method.
- Avoid public WiFi and always use a VPN. It can be refreshing working from a café, however, if you are using their public wi-fi, a hacker can target your devices if he/she is connected to the same network. Use a personal hotspot instead and use your organization’s VPN (Virtual Private Network), which will encrypt your web connection and render it unreadable to anyone who tries to intercept it.
- Watch out for phishing emails. As one of the most common cyber threats, phishing often takes the form of an email requesting personal information, embedding fake links, or attaching a virus. Be vigilant for such emails as the sender can appear to be someone you know. Never share your personal information in an email or open attachments if you are not expecting them. For more information, check out Georgia Tech’s article on “How to Avoid Being Phished.”
- Do not share your work devices. As selfish as this may sound, do not allow family members to use your work devices. Family and friends are not aware of your organization’s IT security protocols and may unintentionally either violate them or even download malware that can quickly spread through your organization’s systems. If you are using your personal computer for work, be sure to set up different accounts for each family member.
- Handle sensitive data with care. If you need to access sensitive or confidential data while working from home, make sure to keep all the information within your organization’s systems and network. Work directly on the server hosting the data, don’t email it to yourself, and don’t copy it onto your device. Businesses have a multitude of firewalls and protection built into their systems that individual computers may not, so take extra care.
- Lock devices if left unattended, even better – never leave your laptop/computer, phone, or other devices unattended – and be sure your device’s hard drives are encrypted. Do we need to say more? Losing your device may not only cause a security headache, but you may lose data that you haven’t had the chance to back up yet. If the hard drive of a lost device is encrypted, at least you have the peace of mind that your data is secure. You also don’t want to be in a situation where someone got access to your account and sent an unsavory email to all your colleagues, nay your boss, just because you forgot to lock your computer!
You can’t beat the morning commute from the bedroom to the couch, so make it cyber-safe with the tips above! Interested in learning more? Read this article about the increase of cyber risk when working remotely.