Remote Working. Cybersecurity challenges.
As an outcome of the COVID 19 pandemic, remote working has become more a necessity than a benefit. Remote working presents a unique challenge for information security because remote work environments don’t usually have the same safeguards as we do in our infrastructure. At the office, you are working behind layers of preventive security controls. When you leave the company’s perimeter and work remotely, new cyber risks arise, and we need to be extra vigilant.
Best security practices around remote working
- Avoid public WiFi – we do not recommend working from a public place, but you should use personal hotspots from your phone and use a VPN if this cannot be avoided.
- Keep work data on work computers – although in some cases it might seem convenient to transfer data between the company and personal device, please do not transfer any work data from the company devices.
- Never leave your laptop unattended or in the car and secure your home office – devices can be stolen from a coffee shop, from your car, or even your backyard.
- Keep your data stored on cloud instance (Google, Microsoft, Dropbox etc.) – do not keep your work data on the local hard drive. Use the options available for you to store files that you need to work on. Never transfer work data to USB drives or any other external storage solutions.
- Password protect your WiFi network & change your router login and password – do not keep your WiFi router’s default settings. It is highly recommended to change the username, password, SSID login credentials, and WPA2 security protocol.
- Stay vigilant – with the increased number of remote workers, the need for communication has risen sharply.
When to use a VPN
The Virtual Private Network (VPN) extends our company network through the Internet via a secure and encrypted connection, enabling you to work from home as if you were in the office.
If this feature is available for you, always use a VPN when working, but disconnect from it as soon as you’ve finished working.
Best practices in securing personal devices
- Update operating systems and software products – new vulnerabilities are constantly being found in applications and operating systems. This can be easily exploited by cybercriminals and access your device without your knowledge.
- Use strong and secure passwords for personal accounts – protect your email, social security, or other accounts using complex passwords (at least ten characters, lower and upper-case letters, special characters).
- Enable automatic locking for your devices – always lock (ÿ key + L) when you walk away from your device, even if you are at home. Also, you can configure Windows to lock automatically.
- Use an Endpoint Protection Software like ESET Endpoint Antivirus
- Encrypt your computer or laptop – If available, turn on BitLocker – https://support.microsoft.com/en-us/help/4028713/windows-10-turn-on-device-encryption
- Don’t use any foreign USB drives – do not insert any USB drive that does not belong to you, even somebody you know or trust.
How personal use of company devices can introduce risks
According to the ‘User Risk Report’ from Proofpoint Security Awareness Training from 6,000 technology users, 35% of respondents said they regularly use company laptops for personal use. In terms of personal use, in 76% of the cases, they used the company laptop to access the email. A primary security concern is that, of those using corporate devices at home, 75% extend access to family members or trusted friends
If you have a company-provided device (laptop, desktop, phone, etc.), do not use it for personal matters like Internet browsing, social media, or accessing your email account (Gmail, Yahoo, Hotmail, etc.). Most likely, you are connected via VPN to your company network, which cybercriminals can easily convert into a back door if you do not follow the security practices described in this article.
For example, if you access your personal email account, open an email and click on a malicious link that will silently download a piece of software to your device, it is very probable to infect your computer. At the same time, it will most likely infect part of our network causing real damage. Please remember that the phishing protection mechanisms in place at your company do not extend to your personal email account.
In conclusion, you should only use the company laptop for work related activities. You should not share the devices with anyone, including your family and close friends, and you should pay attention to the physical security of the device (do not leave it unattended or in the car, or on a table from your backyard).