2020 has certainly been a year of firsts when it comes to owning a business. The first global pandemic you’ve seen affect earnings and your ability to run your business normally. The first time employees are working from home more than from the office. The first time meetings with clients are done with a collared shirt up top and track pants down bottom via Zoom. Don’t let it be the first time your business is badly affected by a cyber security breach.
It’s never been more important to ensure your employees are practising proper cybersecurity measures. Hackers are taking advantage of people letting their guard down working from home—away from the protection of the office firewalls. To help you navigate the treacherous waters of cybersecurity when working from home, we have put together eight working from home cybersecurity tips you should ensure your employees are across whenever they sign in outside of the office. Here they are!
1) Beware of scams
For cybercriminals, another’s crisis can be their golden opportunity. With businesses being disrupted, major changes to how they operate open up new opportunities for hackers to infiltrate a new system and routine that isn’t yet refined. One of the main ways that cybercrime is being carried out during the 2020 global pandemic is through scams, which may present in various ways: with the aim being to get people to hand over money, data, or system access.
To help reduce the risk of your employees falling victim to such a scam, you should educate them in what to look out for when it comes to phishing attacks and steps to take to minimise their vulnerability. Employees should follow the following working from home cybersecurity tips to ensure they—and then your business—don’t fall victim to a scammer:
- When you take a phone call or reply to messages or emails, exercise critical thinking and vigilance.
- Be cautious when opening messages and attachments and don’t click on pop-ups or links from unknown senders.
- If you receive any requests to hand over personal information, be sceptical. Never disclose any passwords or bank details. Be particularly wary of messages that have an urgent tone—hackers will try and make you panic so that you don’t think things through rationally.
- If you have any doubts at all about a communicators identity, contact that person on a different platform to confirm it is them corresponding with you. Hackers can send emails from people’s accounts, so if someone is suddenly requesting information from you they don’t usually ask for, have a different writing style than normal, or have lots of spelling mistakes, it’s a red flag.
2) Use strong, unique passwords
Your password is your first line of defence, so make it worthwhile! If a hacker is unable to get into your account via your password, it can save you a lot of time, stress, and even money. You should use a strong, unique passphrase on all devices and accounts you sign into. Don’t double up on passwords (if a hacker does get your password, you don’t want them to be able to use it elsewhere, too) and change it regularly.
To keep track of passwords, set up a password manager—we use LastPass. It has two-factor authentication (2FA), even on the free version, and the paid tier has encryption, advanced 2FA, and is reasonably priced. Ensuring passwords are impossible to guess, are unique, and don’t double up with any personal passwords are all important working from home cybersecurity tips.
3) Use multi-factor authentication
On the topic of 2FA, you definitely need to be using multi-factor authentication and it’s one of our top working from home cybersecurity tips for any business that operates online in some form. It’s one of the best ways you can stop unauthorized access to computers (no matter where people are logging in from), applications, and online servers. It’s not only for use on PCs but tablets and smartphones, too. The layers of defence that MFA utilises make it much harder for hackers to gain access to your systems—even if they uncover one password, it won’t be useful to them as they won’t be able to complete the second authentication step like entering a unique code sent to your employee’s phone.
MFA can consist of:
- Something the user has on them physically, such as a card, token, or security key.
- Biometric identification, such as a fingerprint or retina pattern.
- Information only the user should know, such as a password, pin, or secret question answer.
4) Update software and operating systems
Making sure your employees have turned on automatic updates is a surefire way to defend your company data and not fall into the jaws of hackers. Make sure these updates are across all devices and symptoms—computers, laptops, tablets, and smartphones. Software updates are often released to address security issues and bugs. Microsoft, for example, is consistently updating security features to protect devices and data and ensuring all employee’s computers receive these updates is an important working from home cybersecurity tip.
5) Use a virtual private network connection
A virtual private network (VPN) extends a private network across a public network, enabling users to send and receive data in a functional, secure way under the management of the private network. Encryption is also a common trait of a VPN network. Developed to let remote and mobile users, as well as offices in different branches, have access to corporate applications and resources, VPN technology is perfect for the current work-from-home environment.
If you choose to specify that employees must use a VPN on work devices, ensure that they familiarise themselves with the unique VPN requirements, policies, and procedures of your business.
6) Only connect to trusted WiFi
A working from home cybersecurity tip we may all be guilty of having done at least once is using free WiFi from an unsecured network. Let your employees know the dangers of connecting to free wireless internet—at their local café or shopping centre. This can be tempting, especially when not working from the office, but it can put your business’s information at risk. By nature, free Wi-Fi is insecure and can expose the browsing activity of anyone connected to it to cybercriminals. On the back of this, these criminals have been known to set up illegitimate WiFi hotspots, intercepting communications to obtain bank details, account passwords, and other confidential information. When not working in the office, employees should just sign into trusted internet connections, like their own home or mobile internet.
7) Avoid saving work files to portable storage devices
Set up cloud backup and data storage on your employee’s computers—or direct them on how to do so—so that your employees don’t need to use portable storage devices. Why is this an important cyber security measure that should be taken? It’s because portable storage devices, like USB sticks and external hard drives, can be easily misplaced or pick up malware and then infect your work computer. If you aren’t able to give your employees access to cloud storage or collaboration services, ensure that the portable storage device/s they’re using are encrypted and require a password to access.
8) Don’t leave devices unsecured
If other people have direct access to your devices, it makes it a whole lot easier for people to get a hold of your information. Therefore, the last but not least of our working from home cybersecurity tips is to make sure everyone knows to never leave devices unattended, even if it seems safe, and lock their computer when not in use. You can make sure employee’s computers will lock after a certain amount of time being idle. Even trusted friends and family members should not be able to use employees’ laptops, computers, or mobile devices when their work profile or account is signed in. In doing so, they could accidentally share or delete information or allow malicious software access to your device. To counter this, create different accounts for family members so they have a different username and password to you.
Want to learn more working from home cybersecurity tips?
If you’re curious to learn more, or our working from home cybersecurity tips have made you nervous that your business may not be doing enough in this regard, contact us today about how we can assist you to get the very best protection for your business no matter where your employees are signing in from.