Security concerns increase with home working
Amid the Coronavirus scare, employees everywhere are packing their laptops and working remotely.
Different organisations have different remote-working policies. While some have strict security protocols, others are more permissive, and often careless in some regards.
Employees must nonetheless be cautious when connecting to the company infrastructure from home, protecting not only their employers, but also themselves from cyber attack.
Today, we outline six golden rules every employee should abide by when working from home.
1. Prepare your PC or Mac, get it ready to be productive.
In many cases, remote workers can’t authorise their access to data from outside the company’s infrastructure. Before taking your company-issued laptop home, change your password. If your operating system has been nagging you to renew your login credentials, be sure to do so while you’re still at the office and avoid being locked out of the infrastructure while working remotely. Also, check if your organisation’s VPN is installed and properly configured.
2. Use VPN – to connect to your companies network and file storage.
Before starting work, connect to your company’s VPN (Virtual Private Network). Avoid anything other than your company-sanctioned VPN client and avoid using any other means of connecting to your infrastructure. Remember that most other Remote Desktop Clients are likely to be in violation of IT policies you have in place at work. Also, it is usually a good idea not to enable Remote Desktop Protocol and expose it over the Internet on any company computer.
If your company does not have a VPN, then you could look at Bitdefender VPN, which is part of the excellent anti-virus offerings of Bitdefender. This is ideal for a Mac by the way. Just do a search for Bitdefender.
For Windows, the main thing to do is to ensure it is running the latest version of Windows as the anti-virus (Windows Security) that is part of that is fairly good. As for a VPN maybe look at Express VPN, this looks very good and has some excellent reviews.
3. Don’t mix business with pleasure
Don’t use personal gadgets for work, and don’t use your work laptop for personal affairs (like social networking or online shopping). Using personal services on your work devices can generate conflicts with your work environment, apps and services. A single unintended copy-paste of work material can violate data protection laws, like GDPR. The same goes if you accidentally send a work file containing confidential information to someone in your Facebook chat window.
Your IT department has equipped your work laptop with safeguards and trip wires that sound alarms in case of human error. So, you should use your company-issued equipment strictly for work. Keep your personal affairs on your personal gizmos.
Also, remember to keep your work devices away from family members, especially the youngsters. Children are easily tricked into downloading malicious content on a device, which can compromise the device and, by extension, the company network.
4. Spot scams – you are being targeted now.
Trust me, and despite how awful this is, the coronavirus outbreak has provided lots of opportunity for bad actors to take advantage of home workers. Even your work laptop can end up on an uncharted website or receive a malicious email meant to trick you into divulging passwords or to install malware.
As soon as Australia recently went into their first phase of lockdown, the attacks started by the tens of thousands, hitting millions of IP addresses and looking to exploit vulnerabilities in home workers computers.
5. Remote workers must be vigilant.
Report any suspicious activity to your IT department. This way, you’re not only protecting yourself, but also any less-wary colleagues who may be targeted by the same scam.
Be particularly sceptical of emails purporting to come from your IT department.
Cybercriminals often take advantage of remote-work policies to trick employees into following IT-issued instructions, such as to change their password – when, in fact, they are being tricked into giving their password to the attacker. If you have any reason to believe the message doesn’t come from a legitimate source, contact your IT guys on a different channel, like instant messaging. Or just give them a call.
If you receive a telephone call from an unknown caller that eventually asks you to allow them remote access to your computer – slam the phone down, it’s a scam. Same if you see a “your computer is infected’ message on the screen. Do not click on anything, call your own IT support department.
6. Respect standard remote-work procedures
Don’t stray from your IT department’s security policies while working remotely.
Use the trusty VPN to patch into your company’s infrastructure and don’t tinker with the endpoint security tools installed on your work computer. If you’re unsure what a certain setting does, consult your IT guys first. For example, never disable multi-factor authentication (MFA), also known as two-factor authentication (2FA) for work apps and services. MFA/2FA is a strong blockade against potential hacks.