How cyber-aware are you? Can you trust the email you just received from a local charity seeking donations for a COVID-19 fundraising campaign? Is the text you received about updated coronavirus testing locations a legitimate government-issued communication? While common cyber security software and tools provide a degree of protection from potential threats, your first true line of defence is yourself. So how cyber-aware are you? As working from home becomes the new norm, we look at some of the cyber risks and threats you might face and share six tips on how you can securely work from home.
COVID-19: Adding a new layer of complexity
Current restrictions such as social distancing and self-isolation mean we’re out of step with our normal ways of working. Shifting to work from home and virtual business operations is more than hosting video conferences, sending emails and participating in online messenger conversations. Our physical disconnectedness from our teams and colleagues means we lose our spontaneous and incidental chats and our ability to casually discuss as they arise.
And let’s face it – right now we’re all consumed by the unfolding events on the news, at work and in our personal lives as we grapple with the complexity and uncertainty this virus brings. We’re more distracted and tired, and all these combined means we’re more likely to be caught out by a cyber security attack or online scam, especially when we work from home.
RELATED CONTENT: Cyber hygiene: 4 easy tips to keep your data safe
The importance of being cyber aware
Fundamentally, the threats of today are much the same as they have been for the last few years. Right now, a large proportion of scams and attack campaigns are incorporating COVID-19 themes, but there’s still the “normal” attack profiles floating around. What’s different is that they’re escalating in volume and matching pace with the rapid increase in local and global disruption. This is something that both individuals and businesses need to be aware of.
Mimicking official government bodies or trusted brands, attackers use email, SMS, social media, false websites, instant messaging and phone calls to target their victims. They prey on people’s weaknesses, offering help or information related to financial relief, medical instructions, and travel updates. However, unbeknownst to the victim, the links and attachments contained in these communications are maliciously designed to unleash havoc through malware or ransomware on the victim’s device.
RELATED CONTENT: Ransomware attacks: 5 tips to avoid becoming a target
Domain safety
A report published by cyber threat intelligence organisation Recorded Future showed that between 1 January and 11 March 2020, hundreds of malicious domains were registered. Most of which were themed on the domain names of legitimate health organisations or COVID-19 information sources. Domains like the following have been registered over the past few months (the [] brackets are there to make sure you can’t click on these):
- trackcoronavirus[.]com
- preventcoronaviruses[.]blogspot[.]com
- www[.]coronavirusabc[.]com
- vaccine-coronavirus[.]com
- coronavirus-realtime[.]com
- whatcoronavirus[.]com
- wuhan-virus-coronavirus-advice[.]blogspot[.]com
- corona[.]sums[.]ac[.]ir
As you can see, they’re quite sophisticated and even a cyber-savvy person may get duped into opening these malicious links or attachments while they work from home or if they’re in a state of distress from the current COVID-19 climate.
RELATED CONTENT: COVID-19: Domain safety in the days of coronavirus
6 tips to work from home more securely
To help you stay safe online while you work from home, we’ve put together six tips to secure your home working environment.
1. Secure your home wi-fi
Most home wi-fi networks are not as secure as corporate solutions. The key lesson here is your home network security should be as important as your company’s network security, especially when you work from home. Some simple tips that make a big difference in securing your home network include:
- Change the wi-fi access point SSID so that it doesn’t identify your name, address or who you work for.
- Update your wi-fi username and password. Most systems have a default password that should be changed on installation, but many users don’t do this.
- Use a (short-range) router that reaches only as far as your front door (rather than broadcasting down to the beach).
- Patching applies equally to networking equipment as it does to computers and smartphones, so update your router’s firmware on a regular basis.
RELATED CONTENT: 4 tips for safe online shopping this holiday season
2. Use secure VPN connections
If you’re trying to access an online corporate environment when you work from, you’re likely to be connecting from your home wi-fi which is an untrusted network. One way to get around this is to use a Virtual Private Network (VPN), which encrypts your internet traffic and hides your online identity, making it more difficult for attackers to steal your data.
Here’s some advice on VPN best practices:
- You should ensure you have a secure VPN connection between your work from home computer and your office so that sensitive and confidential data, such as emails and documents, travels over an encrypted network directly to the office network, rather than insecurely traversing the home network or internet.
- Computer systems should be configured to only function when connected to the VPN. It’s possible to do this in some operating systems, so check with your IT department.
- Good alternatives to VPNs include using remote desktop solutions where you connect to a remote PC and use its interface to access corporate resources. That way, no corporate information leaves the corporate network, making it a good solution for confidential information access when you work from home.
RELATED CONTENT: Common cyber security mistakes and 3 simple ways to fix them
3. Use corporate messaging channels
While you work from home, you may occasionally lose access to office collaboration solutions like Microsoft Teams, Slack and corporate email. You might want to use your personal email or social media to collaborate, especially if you’re working against a deadline, but this is highly inadvisable. Side-channel collaboration like this exposes you and your company to heightened risks and it’s impossible to control confidential information once it ends up on Facebook, WhatsApp, Gmail or LinkedIn.
If you experience any connectivity issues when you work from home, you should contact your manager and IT team who can help resolve the issue. Critical communications are likely to be considered in your company’s business continuity plan, so a backup plan may already exist.
RELATED CONTENT: 8 cloud security tips to keep your data safe in the cloud
4. Set up two-factor authentication
Two-factor authentication (2FA) should be the norm for all business logins. Let’s face it, even social media platforms use 2FA these days. If you don’t have 2FA enabled on your corporate device, start with critical business functions where corporate information flows, such as Office365. This way, if a password is compromised while you work from home, attackers still would require the second factor via the user’s phone, which is a lot harder to acquire.
RELATED CONTENT: What is the most secure Multi-Factor Authentication method?
5. Set network boundaries
Many home wi-fi routers have Guest network access capabilities. This feature creates a new access point for users to access the internet but keeps the device off the internal network. Most kids being homeschooled don’t need to be on the internal network, so you can migrate any unnecessary devices from the internal network to the Guest wi-fi.
RELATED CONTENT: 4 ways to keep your kids safe online these school holidays
6. Update all your devices
One of the most common gateways for cyber-attacks is the exploitation of unpatched software. When you work from home, especially if using your own devices rather than company equipment, it’s all too easy to pause updates while you get some work done.
This is something to avoid. Make sure you update all devices (personal and corporate) as soon as patches are released and ensure auto-updates are enabled. It’s also important to uninstall applications you no longer need since dormant applications still pose a risk.
For more cyber security tips and insights, head to our website. You can also talk to our PROTECT+ cyber security experts for tailored security solutions for your business.
