With a dynamic workforce, employers are trusting their remote workers to safeguard their corporate network when working from home or out of the office.
While this may sound easy, there are a number of things that should be considered before allowing staff to work from home.
Use Two Separate Machines
Talk to your employer about getting a separate work device to take home (ie laptop in the office rather than a desktop). This way, you are doing work on your work computer and personal computing on your personal computer. By intermix the two, you increase the chance that an infection will contaminate both your work and personal life.
Don’t Rely on a Consumer-Grade Router
A large part of the risk in home networks is in the routers. Home Wi-Fi routers are notoriously cheaply made and full of bugs, meaning many can be easily compromised. It is definitely worth informing workers about good and bad routers and provide suggestions and even technical support for those that need to step up their security or change routers.
Ensure Routers and Firewalls Are Properly Configured
Follow the manufacturer’s instructions and ensure your Internet router/firewall is properly configured, [including] no remote management, no ingress ports, proper outbound filtering, and non-default administrative credentials.
Connect to the Corporate Network via VPN
All remote workers should be connected to an encrypted, corporate-owned VPN connection in order to get access to any company data.
Be Wary of Public Wi-Fi
Be careful using public Wi-Fi if you’re working on the go. Public Wi-Fi tends to have lax or nonexistent security, leaving the network and your computer vulnerable to hackers. Use a VPN encryption software like F-Secure Freedome to ensure your connection and data is secure.
Use Encryption on Your Wireless Network
Using encryption is the most effective way to secure your network from intruders. Two main types of encryption are available for this purpose: Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). Consider buying a new router with WPA2 capability.
Update System and Software Patches Regularly
Security researchers show that installing system and software updates is the best defense against common viruses and malware online, particularly for computers running Windows. Software makers often release updates to address specific security threats. By downloading and installing the updates, you patch the vulnerabilities that virus writers rely on to infect your computer.
Don’t Forget the Firmware
Any device on the home network should be kept up to date, including the router that allows connection to the Internet. Remote workers should regularly check for firmware updates on their home routers, printers, scanners, and other peripherals, apply any updates, and use strong passwords — and multifactor authentication, if possible.
Use a Password Manager
Reusing the same password for everything is incredibly common and can put all of your accounts at risk. If an attacker gets one password, then they get them all. A password manager ensures that you have unique and strong passwords for all of your accounts and can make remembering all of the passwords far easier.
Enable Multi-factor Authentication wherever possible
Ensure two-factor authentication is enabled on your personal accounts, and hopefully your professional organization also requires it! Two-factor combats phishing attacks and will help protect against credential stuffing attacks as well. You should also never reuse passwords, especially work and personal passwords, as an attacker can pivot between them with ease.
Avoid Browser Extensions
Compromised extensions can mine employees’ credentials, track their activity, and give attackers access to the data stored locally on their devices. When your team is remote, it’s important to have a strict extensions policy in place. Browser extensions are notoriously difficult to vet for vulnerabilities. The safest course of action is to ban them entirely.
Double Down on Skepticism
When you’re working remotely, chances are you’ll be catching up with email and other communications while on the move — and that means you may not be as suspicious or critical about scanning for signs of phishing or social engineering as usual.
You’ve got to turn your risk detector on high when you’re working remotely. If you’ve got any doubt about a message in your inbox when you’re on your phone, defer acting on that message until you can look more closely.
Get to Know Your IT Provider
Be personable and get to know your IT and security teams. They are people, too, and asking questions and getting feedback from your provider on how to stay secure will not only help educate yourself on best practices, but the rapport developed with these organizations can help you with woes later down the road if you ever fall victim to an attack.
Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.
Protect your data, privacy and reputation, talk to a TCT sales team member today.
Follow us on LinkedIn: