Top Security Tips to Keep Your Team Safe Whilst Working From Home

The coronavirus pandemic has been the catalyst for many businesses to ask staff to work from home for the first time. Many people see this as a positive step towards the future of work.

However, it has also been suggested that this new influx of people working from home (WFH) may leave a significant number of organizations and individuals more vulnerable to cybercrime.

More people are working in a potentially less secure environment, and cybercriminals may now be more active and looking to exploit vulnerable WFH setups. The figures back this up; it was recently reported that from February 23 to March 16 there were attacks with peaks at 145 threats per 1,000 endpoints, compared to 30 before this period.

It is important, then, that businesses should be doing everything they can to help their employees stay safe and secure whilst working at home. Here we present some top tips to help you ensure that your team stays safe while working at home through the COVID-19 lockdown and beyond.

Provide employee security awareness training

The pandemic and lockdown are completely unprecedented situations, and it may be the case that your business has never asked staff to WFH before now. If this is true of your organization then there may be many technical challenges that you are now being forced to overcome for staff to perform their work effectively.

However, it is also important to remember that if you have never asked staff to WFH before, then the situation will be new to them too, and many of them may not know about the importance of maintaining cybersecurity awareness outside of the office. This means that you need to prioritize training for members of staff to provide them with the basic information on how to secure their WFH setup.

Some may have antivirus software on their computer and believe that this is enough to keep them safe. But against sophisticated, modern cyber criminals, it is necessary to prepare much more broadly. Perhaps the most crucial aspect of training is teaching staff how to recognize and spot suspicious activity.

Stay aware of phishing attempts

One of the most vital attacks that employees need to be aware of is the danger of phishing attempts. Phishing is a very common form of cybercrime, with attacks being the cause of nearly 90% of data breaches in 2019. However, these attacks change and evolve constantly and the cybercriminals responsible are extremely opportunistic.

It should be no surprise then, that some are willing to use fears about COVID-19 to be more effective. In one example, the World Health Organization (WHO) warned that criminals had been impersonating them to attempt to steal money or private data. It is essential, then, that staff understand the latest phishing techniques so that they can avoid falling victim to them. Also consider introducing additional email security controls such as DMARC and SPF protection, which can help to identify and block suspicious communications.

Finally Revealed! 7 Best Practices for Working Remotely: ProofHub

Control Access To Corporate Systems

It may be the case that your business is using a Virtual Private Network (VPN) to allow remote working employees to access systems and resources. It is important to understand that if this is new technology to you, or if you have never used it on this scale before, you need to be taking appropriate steps to secure it.

One of the most important is that each individual should have a personal login to the system — do not have a single profile that everyone across the company uses; this just means that more people are using the same credentials, making it easier for them to fall into criminal hands.

It is also important to ensure that your chosen VPN solution is fully patched and configured to prevent attackers from intercepting communications. To help minimize risks, consider commissioning an independent remote working security assessment.

Set strong passwords and MFA

If staff is being required to access systems and applications such as a CRM solution, they must be following best practice rules with crucial security measures. Perhaps the most important and obvious is in setting a strong password. A powerful password should be at least 12 characters long and contain a mixture of lower and upper case letters, numbers, and special characters.

If possible, you should also look into the option of multi-factor authentication (MFA). MFA uses additional methods to ensure logins are secure alongside a traditional password. This could include a code sent to a phone number, a PIN, or even a short passphrase.

Save files to a network

Employees should get into the habit of saving files on a company network or in the cloud, rather than as a local file on their laptop or computer. The reason for this is that local files can be stolen, encrypted, or deleted if the machine is ever compromised. However, if the files are stored on a highly secure network or the server that is monitored and backed up this provides an extra layer of protection.

Prevent Shadow IT

One often overlooked problem that can be especially challenging for organizations with employees WFH for the first time is shadow IT. Shadow IT refers to any kind of software that is used by an employee without the knowledge or approval of the IT team, and it can be a huge problem from the perspective of cybersecurity.

Employees may believe that using a piece of unapproved software, such as a video conferencing tool, is harmless but it may be the case that the software they use contains vulnerabilities or requires regular updates or changes to its configuration settings to be secure.

Educate employees on the dangers of using apps and software without getting approval and introduce a policy that says requests must be approved by the IT team.

Encourage staff to shut down their machines

Another cybersecurity risk that might seem insignificant to many, is employees leaving their computers on at all hours It is often the case that computers must be shut down for them to complete vital updates. Failing to do so can potentially leave them vulnerable.

It is also the case that shutting a computer down ensures that disk encryption is fully engaged. Too many people will simply close their laptop — putting it into ‘sleep’ mode — rather than completely shutting it down. This is a mistake that could make it easier for a remote attacker to compromise and steal data employees should be reminded that shutting down machines at the end of the day is a necessary step.

Promote the hardening of home routers

Another threat to remote workers concerns the manipulation of home routers. It seems that cybercriminals have found that many home networks are much easier to breach, often due to the use of weak, default passwords. One example attack involves cybercriminals changing DNS settings to redirect users to malicious websites purporting to be genuine sources of information on COVID-19. These websites encourage users to download the latest coronavirus information but instead spread malware.

This shows the importance of your employees improving the security of their home router. Doing so is not complicated and in many cases can be as simple as setting strong passwords and ensuring that its software is kept up-to-date.

Top 24 Remote Work Tools for Teams to Stay Connected - ProofHub

Focus on the security of collaborative tools

The boom in people working from home has meant that businesses are having to use a range of new collaborative tools. Without face-to-face meetings, employees have been using videoconferencing software to a much greater extent than ever before. And without the ability to talk informally at the offices, organizations have begun relying on communications applications such as Microsoft Teams, ProofHub and Slack.

However, the fact that these tools have had to be adopted quickly and without a great deal of thought to security has meant that some organizations have become vulnerable to attack. The fact that ‘Zoom bombing’ — the hacking of private meetings on video conferencing platform Zoom — is now a federal offense, shows just how much of a problem that the issue has become.

Final thoughts

Employees will need to go through a natural learning curve as they get used to how to work from home safely. This may result in them having to think more closely about their home setup and the devices they use to access company data. The business should provide them with all of the information and guidance they need to do so.

Additionally, employees must be vigilant as they work and report any suspicious activity to the IT team. Employees remain a vital line of defense for the business’ cybersecurity and they need to be extra careful and alert when they work remotely.

Even as the COVID-19 crisis begins to abate and things start to return to normal, it is likely that working from home will continue to rise in popularity. Therefore, it makes sense to, where possible, ensure that new security practices are maintained over the long term.

Author Bio: Chester Avey has over a decade of experience working in a range of cybersecurity roles. Since retiring, he now enjoys sharing his knowledge and connecting with like-minded professionals through his writing. Find out what Chester has been up to over on Twitter: @ChesterAvey

Thank you for reading this,before you go

Clap: if you enjoyed reading this article, so others can find it
Comment: if you have a question/suggestion you’d like to ask
Follow: ProofHub to read all the articles

Read More:

1. 7 Best Ways to Work from Home Faster in a Remote Team
2. COVID-19: Work From Home Tips for Managers from Experts across the Globe
3. Managing Work From Home Efficiently During COVID-19