Keeping It Safe: Cybersecurity Tips for Remote Workers

Since the height of the COVID-19 pandemic, working from home became the new standard for many individuals. Many businesses quickly came to the awareness that proper functioning of the business and enhanced productivity no longer meant the enforcement of all employees being on-site at the office. While the allure of "work-from-home" flexibility and comfort is strong with many newcomers and even though many businesses have embraced a work from home policy, remote work introduces unique challenges, especially around cybersecurity. Remote workers must understand how to keep their devices and their data safe. With October being the month of Cybersecurity awareness, let's explore some essential cybersecurity practices, that everyone should adopt, for a secure online workspace at home. Whether you’re just starting your journey or are a seasoned remote worker, these quick, yet essential tips, will enhance your confidence in being secure online.

Understand the Risks

Cyber crime is currently the world's 3rd largest economy. When working remotely, you may use devices like laptops, tablets, or smartphones to access sensitive data. Any device connected online increases the risk of cyber threats. This includes everything connected to the outside world on your home network. Introducing remote access to your workplace through your own computer or a company issued one, now mingles home and work networks together and the increase of threats becomes that much greater for both sides. Cybercriminals don't have a preference of what type of device you are using or how you connect to the Internet but, once you are connected, they are constantly looking for weaknesses to exploit.

One prevalent threat, at work and at home, is phishing attacks. This is a scam that deceives individuals with fake websites, mimicking authentic ones, to lure you into entering sensitive information and installing harmful malware into your system to reveal even further sensitive information, sometimes without you even realizing it. In these scenarios, hackers impersonate trusted individuals or organizations to trick you into sharing secret information such as passwords or credit card numbers. In fact, a 2022 report by the Anti-Phishing Working Group revealed that phishing attacks surged by 28% in the height of COVID-19, impacting millions.

Another significant risk involves using public Wi-Fi networks, which are mostly unsecured. Providing free access to the Internet to help you save on your mobile data while you grab a coffee, chill in your hotel room, or sit in the airport waiting for a flight, is highly convenient yet, these networks are easy targets for hackers, sitting in the same area as you or in the parking lot, who can intercept your data with little effort in a matter of seconds. According to a study, over 45% of remote workers have reported accessing work data over unsecured public networks without realizing the risks.

Using your work computer or work phone for this type of connectivity may make you think you don't need to care as your company's IT department is responsible for securing theses devices but keep in mind - you are now introducing these devices into your home network. Whatever threat you have just picked up or allowed even unknowingly, is now about to put your entire home network at risk. Awareness of these risks is your first line of defense against potential threats.

Use Strong Passwords and Two-Factor Authentication

As I have stressed many times in my posts and to all my family, friends and clients, using strong and unique passwords are fundamental to your cybersecurity efforts. A secure password contains a combination of uppercase, lowercase letters, numbers, and symbols, generally at least 12 characters long. For example, instead of using “Password123”, consider “Tr33H0use&Sunshine!” This change alone can noticeably enhance your security, tenfold.

Implementing two-factor authentication (2FA) is the next step. While you are correct in hearing that 2FA is now insecure and that it should no longer be used, this only pertains to the original conformity of providing a mobile telephone number or email address that ties into your account to send the authentication codes to. While it is still an offered option, you should stay clear of using this type of 2FA method as there are risks in doing so and is no longer considered secure. Many platforms offer 2FA Authentication Apps, requiring a second verification method, typically a one time code generated every 30 seconds such as Google Authenticator, Microsoft Authenticator, and Authy. These apps tie into your Login account and are authorised by scanning a QR code to provide a generated code access. This process is also called OTP (One Time Passwords). Using this method means that even if someone somehow obtains your password, they cannot have access to your second authentication method and is denied access. Studies show that accounts protected by 2FA are 99.9% less likely to be compromised.

An even more secure method is the addition of using Biometrics (Face, Voice or Fingerprints) to log into data sensitive accounts and apps (like banking, credit card accounts, government sites and such). Adding this layer of security is impossible to hack without having physical access to you personally which would be very rare indeed.

Also, consider using a password manager to store and organize your passwords securely. This tool alleviates the need to remember multiple passwords or resort to using easy-to-guess options. They can also contain password generators to provide you with secure, industry standard passwords to use for your accounts. The only drawback of using password generators is that the passwords generated are near impossible to remember (which is a good thing) so, if you are used to memorizing your passwords in the past, you will need to ensure you use the password manger software to pull up the password needed. I personally like to use encrypted digital notes synced on my devices. Be aware however, when using this type of method, that you have hard backups of these notes in the event you loose your device.

Keep Software Up to Date

Keeping your software current is crucial for protecting your data. Software updates often address security vulnerabilities that hackers might exploit and these days, with the increased risks, updates can be as often as every few days. According to a survey, approximately 60% of cyber attacks target outdated software.

Most devices and applications have automatic updates, but it is essential to check manually if you do not receive notifications. Regularly update key software, including your operating system, web browsers, and antivirus programs. This simple habit can greatly reduce your risk of an attack.

Secure Your Home Wi-Fi Network

Your home Wi-Fi network can be a gateway for attackers if not correctly configured. Many home Internet users just adopt the passwords and configurations supplied to them by their Internet Service Providers (ISP's). Don't rely on your ISP in providing what is best for you. Start by ensuring your modem or Gateway router configuration access is password-protected with a strong passphrase that is difficult to guess, like “S@ferHome2023#”. Avoid using universal router passwords, as these are commonly targeted.

In the configuration/settings page, ensure to turn off features you do not use/need like WPS, FTP ports, Ping to WAN, UPNP, or a Guest WiFi network (all of which are usually enabled by default). Also ensure your firewall is enabled and that your WiFi passphrases are strong according to industry best practice methods. Advanced configuration may be needed to provide proper access to your workplace via secure VPN so ensure to seek advice on how to properly configure this.

Change the default SSID (network name) to something less recognizable. A less obvious name makes it harder for hackers to identify your network. Additionally, activate WPA3 encryption, if your router supports it. This latest encryption standard significantly strengthens your network security compared to older versions. Also try to ensure your network WiFi channel is somewhat isolated from neighbouring network channels to reduce the risk of crosstalk and interference.

Be Wary of Public Wi-Fi

Using public Wi-Fi networks in cafes, hotels, airports or libraries can be tempting, but exercise extreme caution. These unsecured networks are easy prey for cybercriminals. If you must use public Wi-Fi, ensure to use a recommended Virtual Private Network (VPN) software which encrypts your internet traffic, making it extremely difficult for hackers to intercept your data. That said, even with a VPN, avoid accessing sensitive accounts, such as banking or personal email, while using public connections.

Be Mindful of Phishing Attacks

Phishing attacks continue to be one of the leading ways hackers gain access to accounts. Staying vigilant about incoming emails and messages is crucial.

Double-check the sender's email address before clicking on links or downloading attachments. Be cautious of messages that create urgency, are very vague regarding the content or an attachment or those that solicit personal information. For instance, if you receive a sudden email from "your bank" asking for immediate action, verify its authenticity by contacting the bank directly.

Always prioritize caution. These days, some of the traps set by fraudulent users are very convincing and can easily convince an unsuspecting individual that it is authentic. It is better to be safe than to fall victim to a phishing scheme.

Use Antivirus and Anti-malware Software

Investing in good antivirus and anti-malware software is essential. These programs protect against harmful malware, spyware, and other threats that can infiltrate your device. I always recommend the investment of a home router that performs these checks at the point of entry on the network rather than, or in addition to, software on your computing device. It can be a more expensive option this way (Nowadays only marginally) so if budget is a concern, ensure to at least deploy security software on your device.

Keep your antivirus software updated and perform regular scans to detect any potential threats. Many antivirus solutions also offer real-time scanning protection, alerting you to suspicious files or activities as they occur.

Limit Access to Sensitive Information

Sharing sensitive information while collaborating remotely is common. It’s vital to limit access to important files only to those who need to see them.

Utilize tools that let you set specific permissions for sharing files. When using cloud services, regularly check your sharing settings to prevent inadvertent access by unauthorized users.

Be cautious about using personal devices for work-related tasks. If necessary, create a separate user account for work tasks to keep your personal and professional data distinct. Both Android and Apple devices offer containerization which separates work and personal data. If your organization has adopted a BYOD (Bring Your Own Device) policy, this will be automatically implemented when authorizing your device on the work network.

Regularly Back Up Your Data

Data loss can happen for many reasons, from hardware failures to cyber-attacks. Regularly backing up your information can save you from significant disruptions.

Consider using both cloud-based and local backup solutions to ensure you always have access to your recoverable data. For example, implement a schedule to back up your data weekly or bi-weekly. This practice ensures that if something goes wrong, your critical files are securely stored and easily recoverable.

While it may seem like a burden, taking these few extra minutes regularly enables you to be equipped with multiple copies of your data without the sole reliance of the Internet or your computer to access and provides peace of mind as you work.

Stay Informed

The digital world is continually evolving, making it crucial to stay updated about new threats and best practices. Follow trusted cybersecurity blogs, subscribe to newsletters, or join online forums that discuss current trends. Get advice from your organizations IT department on certain topics or threats - they will be more than happy to assist you.

Understanding the tools and tactics that cybercriminals utilize will help you identify red flags in your online activities. A great first resource to use for individuals and businesses of all sizes is the Government of Canada Cyber Security Centre to get information on the latest threats and prevention tips along with reporting a cyber security incident.

Safeguard Your Cyber Space

Starting the journey of remote work is exciting, however, it is crucial to prioritize cybersecurity with all your devices and your home network. By following these important suggestions above you can greatly improve your online security and a healthier mindset.

The internet is a vast, powerful and wonderful tool that can bring both benefits and risk. By staying informed, following best practices and utilizing the appropriate tools, you can navigate remote work securely and confidently. Stay vigilant, and protect yourself against cyber threats. Your safety is not just about individual protection; it contributes to a secure working environment for everyone. So empower yourself, stay safe, and enjoy your remote work experience! Let me know in the comments how you have ensured to protect your online presence and what tools you utilize. As always, if you have any questions regarding online safety or other computer related questions, don't hesitate to reach out.