(By Gerry Beuchelt, CISO, LogMeIn)
As concerns of COVID-19 continue to rise, millions of employees are transitioning into the largest remote workforce the world has ever seen. Organizations are quickly transitioning from an in-office work culture to a work-from-home culture. Many times, employees rely on their organizations to put certain protective measures in place to secure corporate data and may not be familiar with how to do this at home. While some people are getting accustomed to their new way of working, we want to provide people with simple ways they can keep their personal and corporate data secure.
Keeping Your Home Technology Healthy
Make sure to update all home devices such as computers, mobile devices, or routers.
This, and changing default passwords, helps prevent others from being able to tap into your home wireless network and monitor your traffic.
- Need help creating a strong password? Use LastPass to help create and securely store one for you – get started here.
- Not sure how to change your Wi-Fi password? Check out this how-to guide here.
- Need help installing router updates? Learn more here.
Ensure any software downloads to your laptop or corporate device are vetted.
It’s very important to ensure any downloads have gone through your organization’s appropriate channels for a security review. It’s important to always remain cautious of downloading random applications or software to your computer in order to avoid malware, viruses or insecure protocols. Many times, your company may already have an approved and secure software that performs the same function.
Always watch out for phishing emails.
Unfortunately, this increase in remote work is causing a sharp spike in phishing attacks attempting to capitalize on the situation. Be sure to ask yourself if you were expecting the email? Do you know the sender? Is there a sense of urgency for your attention? Are there links and attachments in the email? If so, don’t click on any links or open any attachments until you can verify the email is legitimate.
Turn on Multifactor Authentication whenever possible.
To reduce the potential impact of phishing attacks which can steal your user credentials, many of your most sensitive accounts like email and banking will allow you to enable MFA for free – making it harder for hackers to get access.
Balancing Work and Home Life
Keep personal and work separated.
This includes accessing personal data on your company device and vice versa, and allowing friends and family to use your work devices (think about someone accidentally deleting important information or mistakenly downloading a virus). It’s important to be mindful of not sharing sensitive company information on personal social media platforms too.
Utilize company-approved cloud applications.
Always use company issued apps for file-sharing, storage of confidential documents, communication, etc. Your organization should have protective measures around these and can monitor for any suspicious behavior they find on their corporate network or traffic on an integrated application. This also protects critical corporate data from being leaked or wiped out if something were to happen to your personal devices.
Working outside your home (post-COVID-19)?
Don’t surpass security warnings when visiting websites.
If while surfing the web or logging into an application, you get a pop-up with a warning about a bad or expired certificate – you should stay clear of that Wifi network. The operator could potentially be spoofing all legitimate websites or otherwise tamper with the over security setup. You should also check out your organization’s policies around using your company’s VPN (virtual private network) to remotely access confidential information.
If you must use public Wi-Fi, be cautious to not access sensitive information, websites or applications that contain confidential information, and even avoid inputting credit card details.
Watch out for shoulder surfers.
If you are in a position where you must work out of your home, be aware of shoulder surfing and use a privacy screen when necessary. Make sure to never leave your bag, laptop, or phone unattended and remember to always lock your screen while away from your computer.
Be cautious of USB devices.
If you find or are given a USB device, or asked by a stranger to use your device to charge their device, do not insert it in your laptop or mobile phone. An unknown USB device can host malware, keystroke detector and in some cases even physically damage your device.
We will be a more resilient and better prepared workforce from the current challenges that are arising from the global response to the COVID-19 situation. Considering and implementing security measures to account for remote working, and a new way of doing business generally, is certainly needed.