Working away from the office is fast becoming the norm for many businesses, and there are tonnes of benefits for employees. But, like anything in the cyber world, there are some considerable risks you and your colleagues should be looking out for. Many companies are asking their employees to work remotely in an effort to slow down the spread of coronavirus and preserve the health and safety of their people.
Here’s what you need to keep in mind so that both you and the company stay protected.
working in the office and working at home are two different kettles of fish (or indeed phish). And not only because the office has a working atmosphere, whereas at home you just want to lie on the couch and pet the dog.
The real issue — at least for cybersecurity, if not productivity — is that in the office, companies thoroughly protect networks and devices. Meanwhile, unless you’re the CEO, sysadmins are probably not going to come around to your apartment or house and set everything up in line with corporate standards. If a confidential document gets leaked from your home computer, the buck stops with you.
Follow these ten simple tips when working remotely to avoid such a mishap.
1. Protect devices with a good antivirus solution.
Companies generally undertake a range of measures to protect computers from malware. They install powerful security solutions, prohibit employees from installing applications, restrict online access from unauthorized devices, and so on. At home, it is trickier to provide that level of protection, but leaving a computer vulnerable when work documents are stored there is also a no-no because if they get stolen or destroyed, it’ll be your neck on the chopping block.
To prevent anything like that from happening, it is vital that you install a reliable security solution on all devices that handle corporate data. If money’s too tight, install a free antivirus. Even one at no cost will significantly reduce the risk of getting infected — and landing in big trouble with the boss.
2. Update programs and operating systems.
New vulnerabilities are forever being found in applications and operating systems. And cybercriminals can’t resist exploiting them to infiltrate other people’s devices. Often, they rely on people being too lazy to update software, because in the latest versions of programs vulnerabilities are usually patched. So it’s important to regularly update everything installed on any device that you use for work purposes.
3. Connect to a secure internet especially on a Wi-Fi connection.
Protecting the computer won’t help if an attacker connects to your Wi-Fi or takes up residence inside your router. Anyone who does that can intercept everything you send or enter online, including passwords for remote access to an office-based computer or corporate mail. Therefore, it is imperative to configure your network connection correctly.
First, make sure that the connection is private and encrypted to keep information safe from prying eyes. If your Wi-Fi asks anyone connecting to it for a password, the connection is encrypted (and Joe Blow will not be able to spy on your work). If you share your Wi-Fi with other unknown people, your connection is not secure. For example, coffee shops like Starbucks, restaurants like fast food places, or basically any public location with public Wi-Fi.
Never ever enter a password or log in with your credentials while on a public Wi-Fi, you can never tell if someone that shares your connection is tapping, scanning or phishing for your user, password, or any personal and corporate info.
4. Lock your device before walking away
Someone can catch a glimpse of your work correspondence even when you’re just having a cup of tea or taking a bathroom break. Therefore, it’s important to lock the screen whenever you get up. Consider the small hassle a tiny price to pay for keeping corporate secrets safe.
Even if you’re working at home and outsiders have no access to the room, it’s still worth locking your device. You probably don’t want your child to accidentally send your boss a smiley-laden text. Or your cat to walk across the keyboard and mail an unfinished message to the board of directors. If you’re about to go somewhere else, lock the screen. And it should go without saying that your computer needs password-protection.
5. Use corporate services for e-mail, messaging, and all other work
Your company most likely has a set of IT services that employees use, such as Microsoft Office 365, a corporate messenger like Slack or Microsoft Team and at the very least corporate e-mail. Those tools are configured by your company’s IT service, and IT is responsible for setting them upright.
But IT is not responsible for the access settings of, say, your personal Google Drive. Are you absolutely sure that your colleague — and no one else — will see the file that you sent a link to? If the file is accessible to anyone who has the link, then search engines can index it. And if someone googles something on the topic of your document, it might appear in the search results and catch the eye of someone who should not even know of its existence.
Therefore, stick to corporate resources when exchanging documents and other information. Those cloud drives, but configured for business, are generally far more reliable than the free user versions. Corporate mail usually has less spam and none of your personal correspondence, which adds up to less risk of missing an important e-mail or forwarding something to the wrong address — and colleagues will know for sure that it’s you, not someone pretending to be you.
6. Stay vigilant
Alas, sometimes a malicious — and highly convincing — a message can sneak into corporate mail. This is especially relevant to remote workers because the amount of digital communications increases sharply with telecommuting. Therefore, read messages carefully and don’t rush to respond to them. If someone urgently needs an important document or demands immediate payment of an invoice, double-check the someone is who they claim to be. Don’t be afraid to call the other party for clarification, or confirm the action one more time with your boss.
Be particularly suspicious of e-mails with links. If a link to a supposed document does not point to a corporate resource, better to ignore it. If everything looks fine, and the link opens a site that resembles, say, OneDrive, do not enter your credentials on it. Better to manually type in the OneDrive address in the browser, log in, and try to open the file again.
7. Keep your passwords to yourself.
You wouldn’t type in your ATM pin for all the world to see, so why should you treat your password any different? With a growing trend of “shoulder surfing” (spying on someone's device to obtain login credentials/ company data - often in a public area such as a train), employees need to take extra care when using devices in busy areas.
It may sound like common sense, but covering your screen is the easiest way to stop shoulder surfers from stealing your credentials and accessing your accounts.
Here are a few tips to keep your password safe:
8. Be careful when using your personal computer
If you're using your personal computer to remote into the business environment, please follow some useful tips in order to keep your personal computer truly personal: