Cyber Security Tips for Going Remote
Have you moved your company workstations home? Working remotely from home is not the safest practice from a cyber security point of view.
Being under quarantine, told to “shelter in place” or simply stay home will reduce the chance of COVID-19 infection, but it will make you vulnerable in the face of cyber security risks and cyber-virus infection. Hackers know this, and they will be working overtime to use the pandemic to their advantage.
We’d like to share some must-know cyber security tips for company owners and their team members (set forth by ENISA) on how to keep your business cyber-healthy during this turbulent period:
1. Phishing Protection
Beware of a new wave of phishing attacks exploiting the general disturbance around the coronavirus. Make sure you and your remote workers do not click on the links sent in phishing emails by unknown senders and do not open any attachments. Here are a couple of anti-phishing tools you may use to stay protected: Mimecast, PhishFort, Zimperium, GeoTrust, Google Safe Browsing and Mozilla Thunderbird email client.
Instruct everyone tobe suspicious of emails asking them to change or update credentials or personal information. Sometimes attackers may pretend to be your banker or tax officials to scam you out of your sensitive information.
3. Unauthorized Access.
Check if your personnel take measures to prevent any unauthorized access to their workstations (including family members) as they work from home: lock the desktop, log off from the systems that are not used, etc.
4. Internet Connection.
Guide your remote workers on how to properly secure the home WiFi network by setting a strong router password, enabling encryption with WEP or WPA2 method and securing it with a passphrase. In addition, be sure they set access restrictions so the network is only available for certain MAC addresses on specific devices. They may also reduce the router signal range and make sure their router’s firmware is updated to the latest version. A secure connection to the work environment can be ensured through a Virtual Private Network (VPN) used only by your remote employees.
5. Network Services.
When working remotely, your corporate network services may not be exposed to the network if it is not required by the current job requirements. This includes file transfer protocols (FTP, SMB, HTTP, etc.) and all kinds of remote access (VNC, RDP, TeamViewer, etc.). Most of the time turning the Firewall on and selecting guest mode will do the job if set up correctly, but you might look for more sophisticated tools like dedicated endpoint protection suits from leading providers (BitDefender, Symantec, ESET, etc).
6. Password Policy.
Make sure you and your remote employees keep using strong passwords for all of the accounts, including local OS user accounts and any online services. The feature “remember password” can never be used for any work-related accounts. Using a password manager is the best practice. For Mac OS, using Keychain is the best solution. For Windows, you might look at online services such as LastPass.
When transitioning to remote work, instruct your staff on how to install and use encryption tools, especially for accessing and sharing any sensitive data. This can save your business even in the case of a data breach. If you are using MacBooks in your company, then use built-in FileVault to encrypt your drive. If you prefer Windows OS, you can use BitLocker.
Among the most important security tips, we strongly advise that your team should not use personal devices or personal cloud accounts to access any work-related resources and sensitive data when working remotely. Access limitations should be strictly maintained for the sake of data security.
9. Anti-Virus Software.
10. Software Updates.
Make sure every employee’s OS and applications are up-to-date. When they work from home, it’s especially important to remind everyone of this practice regularly.
11. Response Plan.
Be ready to provide effective 24/7 IT support to quickly handle emerging issues and have a detailed action-plan at hand.
It is crucial to keep all the remote workers aware of the best cyber security practices. You can do this by mailing out security tips and recommendations to them or conduct an all-hands meeting to provide critical information on how to stay safe and sound.
If you suspect the integrity of your system has been compromised or you need help to configure your security settings properly, don’t hesitate: Book a call with our remote cyber security consultants. You must protect your business during these difficult times.
Stay safe and healthy!