Best Cybersecurity Practices For Remote Workers
With COVID-19 continuing to spread, both the world’s health and economic systems are being pushed in an almost unprecedented way. Even weeks ago, some organisations were exploring ways they could operate with a remote workforce, considering that the spread of a virus is amplified with travel for staff members, and the risk of spreading through an organisation is magnified in confined spaces.
While technology has facilitated a new way to operate regardless of geographic location, the simple fact is that employees - once signed in - have access to data, information and even secrets about your organisation that is extremely tempting for a third-party to exploit. In light of this, we’ve put together a list of best practices when it comes to working safely while at home or on the go, to ensure the integrity of your device and the data that your organisation is legally obliged to take care of.
Up first, avoiding public WI-FI signals is an absolute must in this context. Public wifi, while extremely convenient is a potential nightmare due to the simple fact that it’s an easy task for a hacker to lift out your personal data while you’re using the public signal. We’ve written before on this topic, so please check out our post to find more about the dangers of public wifi signals. Use a personal hotspot from your phone rather than a public wifi signal if you’re short of options.
Secondly, you should keep work documents or access to work logins on work computers. It can be difficult to keep track at times, but you need to ensure that you’re working on one device, and keeping your personal device for your spare time. The reason for this is simple: in casual browsing, you may have accessed a website, downloaded an attachment or clicked a link that infected your personal device with malware. Reducing the potential for that malware to spread to your work device is an extremely important part of maintaining the integrity of your employer’s system, especially considering that many employees remain signed in between sessions.
Next, it’s time to talk about investing in - or updating - your organisation’s cyber policies. For some more help in this regard, check out our guide on how to implement ISO 27001, which is an information security management system designed to tackle exactly what we’re talking about. In essence, however, your organisation needs to ensure that it’s operating on the latest versions of software out there, and is regularly patching potential vulnerabilities. Software companies are consistently identifying shortfalls in their own lines of code, and they’ll release these ‘patches’ to try to cover up any potential for exploiting these vulnerabilities.
Next, make sure that wherever possible, your organisation is encrypting data to ensure that if a system were to be compromised, the data isn’t easily-accessible or readable by that third party. Likewise, subscribing to a VPN provider is an important piece of the jigsaw puzzle when it comes to operating safely, and it acts in a similar way to encrypting data to keep your overall standing in cyberspace that little bit safer. Wherever applicable, opt for mutli-factor authentication for logins across the board, so you have a good idea exactly who is logging into your system.
For more official guidelines, we’ve linked the UK’s National Cyber Security Centre guidelines for your here, and we’ll list Microsoft’s post exploring the best practices for secure remote working below. a set of guidelines to keep safely working for an organisation from home.
Ensure Virtual Private Network and other remote access systems are fully patched.
Enhance system monitoring to receive early detection and alerts on abnormal activity.
Implement multi-factor authentication.
Ensure all machines have properly configured firewalls as well as anti-malware and intrusion prevention installed.
Test remote access solutions capacity or increase capacity.
Ensure continuity of operations plans or business continuity plans are up-to-date.
Increase awareness of information technology support mechanisms for employees who work remotely.
Update incident response plans to consider workforce changes in a distributed environment.
Now, to conclude on a fairly commonsensical point, make sure everyone in your organisation is aware of phishing emails, and to never open up an email from an unfamiliar, cryptic or unbelievable sender. Damage from phishing emails is expected to rise dramatically this year, and the latest FBI report has uncovered $1.7 billion in losses each year to phishing scams from opportunistic hackers. Otavio Freire, chief technical officer and co-founder of SafeGuard Cyber, said that “without the right security measures in place, a bad actor can easily impersonate a remote employee,” and then introduce malware into an organisation’s network. “Knowing that more critical enterprise work will be conducted via these channels, hackers will focus more time, energy and effort to exploit them- they go where the action is,” Freire concluded.