Remote Work & Cybersecurity: How You Can Help
As I, and many others, navigate the shift to full-time remote work in the wake of COVID-19, most of the discussion I encounter is focused on collaboration methods — and rightly so. Staying productive and motivated are critically important during such a major transition.
But as essential as collaboration is, we can’t forget about keeping our devices and networks safe. As a security professional, I wanted to share some best practices and tips that — now more than ever — are important to keep in mind as we all work from our home networks.
Don’t click the link!
It’s not technology that makes or breaks corporate security. We, as employees, are the weakest link in the security chain.
Yes, our corporate computers are protected with security software, but one poor decision to click a link in an unsolicited email can give an attacker ongoing access to my computer, my passwords, and my company’s network and data. Attackers are already sending phishing emails trying to get us to click malicious links by referencing enticing virus-related news. Don’t fall for it!
As someone who has developed cyber training content for many Fortune 500 companies, even I once made the mistake of clicking a link in a client-organized phishing email attack simulation while working at a client site. When I saw the email I thought, “Why would you send an email like this to your employees? I’m curious – this seems strange.” In other words, my mental alarm bells did go off, but I clicked anyway.
Keep your work life and personal life separate.
Your company may or may not have put an Acceptable Use Policy in place that defines expectations around reasonable personal use of company computing resources, but regardless, you should still take steps to limit personal browsing and perform personal digital tasks on a personal device.
Remember, if you are connected to your company’s corporate network through a VPN, all your web traffic is passing through their servers. YouTube, Facebook videos, and any other streaming content consume a lot of bandwidth and can bog down your company’s network.
It’s tempting to do everything all on one machine just to save time. Fortunately, personal devices are nearby all day long, so it should be easier than ever to use them for quick personal tasks instead of using your work computer.
Secure your home network.
1. Use Wi-Fi encryption and a long, complex password. Prevent unknown individuals from accessing your home Wi-Fi network. This is especially important for employees who live in cities where many people are within range of your Wi-Fi signal.
2. Be mindful of who is using your network. Children, other family members, and in some cases, neighbors may be on your home network (whether authorized or unauthorized). They may not understand safe browsing practices and, if their devices are compromised, could unknowingly provide an attacker a way onto your corporate computer and the corporate network.
3. Connect insecure devices using a guest network. Most modern routers come built-in with the capability to provide two separate Wi-Fi networks: a primary network for your computers and a separate guest network for others. The guest network should also be used for non-critical devices. (if your camera feed isn’t already publicly viewable on the internet). While there are promising industry trends and regulations aimed at improving this (e.g., the California Internet of Things Security Law which went live January 1, 2020), we have a long way to go before these devices are secure. Until then, it’s a good idea to isolate them from your most important devices and data.
4. Remember that Alexa, Siri and Google Assistant may be listening. Regardless of whether you work in an extremely sensitive organization or group where critical information is discussed by phone or video conference, remember that any device with voice-activated services is listening 24/7 unless you configure it not to. Every time you speak within range, your voice is being processed and stored either on the device, in the cloud, or both. Because these services have been scrutinized in recent years, many significant security and privacy concerns have decreased. But the devices on which they run (especially those not made by Amazon, Apple or Google) may have weak security and could be hacked, allowing an attacker to monitor your home remotely and compromise other devices on your network.
Use VPN to access company resources.
VPN encrypts all internet traffic to and from your computer, preventing an attacker who may be spying on your connection from intercepting any readable data or credentials that would give them access to your account or other corporate data. The challenge is that VPN is not always the easiest or quickest option to operate securely. Logging into VPN and managing your passwords, for example, are both activities that take time. Regardless, it’s a good idea to use it anytime you are not in an office connected directly to the company network, and especially when you’re connecting from a coffee shop or other public or open network.
It’s up to each of us as individuals to reduce cyber risk for ourselves personally and for our organizations. While no one expects your at-home computer use to be perfect, I hope you’ll implement these recommendations to help you operate more securely as you work remotely.