Teleworking is a concept that has been around for years, however, the recent COVID-19 pandemic has increased the number of telecommuters to unprecedented levels worldwide. Numerous governments and businesses are adopting social distancing techniques to limit or slowdown the spread of the virus – from closing schools to asking employees to work from home.
Even though many companies already have remote work policies in place and are well equipped for this type of work environment, their security teams are having to manage the cybersecurity risks that can arise from a unparalleled number of employees working from the comfort of their home.
“As an organization, you face the same cybersecurity threats whether you have 10 employees telecommuting or 10,000. What changes is the scale and the probability of a security breach, especially if you are in a rush to implement a remote work policy,” states Raheem Beyah, executive program director of Georgia Tech’s Online Master of Science in Cybersecurity (OMS Cybersecurity). “Many of the top cybersecurity threats that we currently face have been around for years, it’s just that teleworking at such a large scale has brought them to light today.”
Common Cybersecurity Threats When Telecommuting
Unsecured networks and personal devices
Having to quickly move from the office to their home, many employees may have to use their personal devices and home WiFi networks for work. Both often lack the protection systems that are built into businesses’ networks such as firewalls and antivirus software.
Phishing campaigns and fraudulent calls
Working from home means that many employees will rely on email and phone as their primary communication methods with their organizations. This increases the risk of impersonation to get information such as login details that can lead to a security breach.
Ransomware and spyware
Operating on a personal network or device, coupled with the possibility of receiving an impersonation email, increases the chances of ransomware or spyware being uploaded onto the IT systems of organizations.
Tips for Staying Cyber-Safe While Telecommuting
Taking a few simple steps to maintain “good cyber-hygiene” can help limit the chances of a security breach.
“My advice for mitigating cyber threats, whether you are an IT security professional or an employee enjoying working from the comfort of your home, would be to practice “good cyber-hygiene,” says Beyah.
“For security professionals this means knowing who is connected to your network, monitoring for unusual or unexplained behavior, and having a plan to halt or remedy any breach that might arise, including clear relevant communications to everyone in your organization. If you are a telecommuter, check with your employer’s IT team if there are any remote-work procedures to follow, install the latest security updates on your devices, and set up a two-factor authentication.”
Here a few simple steps that can help keep you cyber-safe while working from home:
- Install the latest software updates on your device. Keeping up-to-date with your devices’ software patches and updates is a simple – yet effective way – of ensuring that you have the latest patches to security vulnerabilities and are protected while working remotely. To avoid downtime, set updates to run automatically during the night, just make sure your device is connected to a secure network.
- Install anti-virus software. Many operating systems come pre-installed with an anti-virus protection program. If your device does not have the software installed, there are several free solutions available. Always keep your anti-virus software updated to help protect your device from known malware.
- Set up a strong password and enable two-factor authentication. Be sure to use different passwords for each of your accounts, using Georgia Tech's tips for creating and securing your password. While it may be tempting to allow your web browser to store your passwords, you should instead use a password manager, such as LastPass, to create, remember, and autofill all your passwords. Or, you can take it a step further and set up a two-factor authentication (2FA). This will protect your account in case the password is leaked in a data breach. With 2FA you will have to complete an additional step when logging into your account, this can be a text message, an email, or a biometric method.
- Avoid public WiFi and always use a VPN. While it can be refreshing working from a café, a hacker can easily target your device if you are both using a shared network via public WiFi. Opt for using a personal hotspot instead, and use your organizations VPN (Virtual Private Network) which will encrypt your web connection, rendering it unreadable to anyone who tries to intercept it.
- Watch out for phishing emails. As one of the most common cyber threats, phishing often takes the form of an email requesting personal information, embedding fake links, or attaching a virus. Be vigilant for such emails as the sender can appear to be someone you know. Never share your personal information in an email or open attachments if you are not expecting them. For more information, check out Georgia Tech’s article on “How to Avoid Being Phished.”
- Do not share your work devices. As selfish as this may sound, do not allow family members to use your work devices. Family and friends are not aware of your organization’s IT security protocols and may unintentionally either violate them or even download malware that can quickly spread through your organization’s systems. If you are using your personal computer for work, be sure to set up different accounts for each family member.
- Handle sensitive data with care. If you need to access sensitive or confidential data while working from home, make sure to keep all the information within your organization’s systems and network. Work directly on the server hosting the data, and void emailing it to yourself or copying it onto your device. Businesses have multitude of firewalls and built protection into their systems that individual computers may not.
- Lock devices if left unattended, even better – never leave your laptop/computer, phone, or other devices unattended – and be sure your device’s hard drives are encrypted. Do we need to say more? Losing your device may not only cause a security headache, but you may lose data that you haven’t had the chance to back up yet. If the hard drive of a lost device is encrypted, at least you have the peace of mind that your data is secure. You also don’t want to be in a situation where someone got access to your account and sent an unsavory email to all your colleagues, nay your boss, just because you forgot to lock your computer!
You can’t beat the morning commute from the bedroom to the couch, let’s make it a cyber-safe one with the tips above!