Since the World Health Organization has declared the Coronavirus a pandemic, companies that can have started to prove their enterprise resilience by implementing remote work protocols. Tech giants like Apple, Amazon, Google, Twitter, and Facebook were some of the first to make the transition and have their employees work remotely.
Companies are encouraged to take this approach to protect the health of their staff and to prevent the virus from spreading. By having employees work remotely, the goal is to prevent social and economic disruption. The economy cannot stop entirely, and people have to make a shift to be able to do business and accomplish their daily tasks. But are the employees ready to make the transition? Can they remain secure and productive?
If a global-scale pandemic happened 15 years ago, things might have been very different. Remote work on the scale we need today most likely wouldn’t be possible without technology such as cloud computing. Companies wouldn’t be able to scale up as quickly as necessary to meet large volumes of demand if we were still required to use the traditional data center model. That model required companies to physically purchase, install, and configure all of the underlying gear necessary to enable our use of applications. Today, the core of cloud services is provided by companies like Amazon, Google, and Microsoft. These days, companies can rapidly deploy virtualized servers at scale in a matter of minutes.
Teams these days can use a combination of cloud based project management tools, documents, email, messengers, and video conferencing software. Many other tools have unique specializations, such as time management trackers created for engineers, roadmapping tools for product managers, finance tools for small business owners, and so on. With this kind of connectivity that occurs through multiple points, protecting your information must be a top priority for everyone involved.
We have created this guide because we care what happens to people during safe times and during these trying times of crisis. Unfortunately, we here at Consumer Affinity know that Covid-19 themed attacks are rampant right now. Identity theft and fraud were bad before the corona virus outbreak and it’s worse now.
In this guide, we’ll talk about staying happy and productive and achieving work-life balance when working remotely. We’ll also talk about the importance of keeping data secure and provide security tips for you or your remote workforce to ensure information security.
What is Information Security?
For anyone working remote, whether a small business owner, team member, contractor, partner, or executive, organizations need to adopt the right security mindset in order to perform their tasks and stay productive, while reducing the risk of cyberattacks at the same time. Our job is to understand which tools and skills we need to reduce the risk of cyber threats. Security processes do not need to be complex to help reduce risk. The less complex they are, easier to understand and don’t impact convenience, the more likely people are to adopt them.
What we need to mention is that there’s no such thing as bulletproof security measures. However, securing your system means that you have taken all available measures to encourage good information security practices. Also, it means that you have taken steps to ensure that privileged access to confidential information won’t be used by an unauthorized individual in a way that will compromise your business and its systems. Compared to centralized systems, remote teams are exposed to increased risk of cyber-attacks. In a centralized system, confidential information can be locked down behind workstations and firewalls. With remote workers, all communications occur online, which makes them increasingly susceptible to identity theft, and social engineering attacks. Other common scams include Microsoft IT, IRS, or Social Security scams.
Still, the risk of a data breach can be minimized by adding the right security layers to your business.
What Are the Most Common Types of Cyber-Attacks?
Knowing what to expect or what you are going to face is the first step in securing your system. Cyber-attackers have various strategies at their disposal, but most of them fall into three main categories:
- Malware infections. There are hundreds of different forms of malware. Some of them can be very dangerous, while others are just annoying or harmless. The dangerous types of malware that you need to protect yourself from include:
- Ransomware – When inserted into a system, it encrypts all the data. The attacker then contacts the victim to pay for a decryption key. In many cases, even when the victim pays the ransom, the victim may not be able to regain access to their encrypted data. The best defense to ransomware is safely backing up your data.
- RATs (Remote Access Tool) – A program used to give cyber-attackers total control over the victim’s computer. Typically involves either tricking the victim into installing the software, social engineering the installation or using a technical vulnerability. A RAT also usually gives the cybercriminal access to the graphical user interface of the machine.
- Spyware – A type of malware that hides on your system, monitors your activity and steals sensitive information by recording your screen, video, audio, and keystrokes.
- Phishing scams. Probably the most common method used by malicious hackers to steal confidential information. For example, an attacker can send an email that mimics known contacts or reputable entities (e.g., credit card companies, online resources, and banks) to trick the victim into sharing their persona and financial information or downloading malware. The most common forms of phishing scams are email phishing scams, vishing scams, tech support cold call scams, pop-up warning scams, and fake search results scams.
- Social engineering. Also known as human or wetware hacking, this is the practice of manipulation and deception. Social engineering scams can either try to create a sense of urgency to make you fear a negative action (in case you don’t comply) and circumvent your best security practices or exploit your compassion to make you bypass good practices.
Consumer Affinity’s Split® Community, can provide free educational resources to help you learn and understand your credit and cybersecurity risks.
What Are the Risks That Come with Remote Work?
The most common risks for remote workers include:
- Lack of understanding of best practices and training regarding information security. This can be a major issue for both workers at the office or their home office working on their home computer;
- Inability to ensure or control the security of the network that remote teams are using. When on their home network and personal devices or wireless networks, other users (such as friends, family, strangers, or guests) may also have access to the same network;
- Not understanding their role and responsibilities when it comes to secure remote working;
What Are the Best Practices for Secure Remote Working?
While there is no “silver bullet” against security threats as well as no guarantee that you will ever be attacked, being prepared for the worst-case scenario will give you peace of mind. Let’s take a look at the best and most effective strategies for protecting yourself while working from a remote desktop.
- Keep business data on your work computer
If you have taken precautions, such as installing antivirus/antimalware software, endpoint protection, hard drive encryption, a VPN, secured your WiFi network, and are using a separate computer dedicated to work, taking care of necessary work tasks would be fine. But if the computer you use for work is in another room or isn’t charged, it may be tempting to use your personal computer. You must be aware that this is a risk for both your company and you. If your company has a great IT team that takes care of regularly updating security systems, blocking malicious sites, running antivirus scans, etc., all these activities may be transparent to you.
However, you probably haven’t implemented the same protocols with your personal computer as with your work computer, meaning that multiple layers of security protection may not be in place. If you use a personal computer to access your work network, you could be putting the company and all its sensitive data at risk and violate security practices and policies.
- Password management
Trying to remember passwords for all the apps and sites you access for work can be a nightmare because there’s nothing that could irritate a person more than trying to access a site that keeps telling you that you’ve entered a wrong or old password. Many security professionals think that the username-password is the weakest link in one’s security protocols and a risk for authentication.
What makes things even worse is the fact that most people tend to use the same username and password across different platforms, which makes things easier for attackers. If they can find an old password in a compromise database, they may try to use the same password to access your home WiFi or bank login. To avoid these problems, you should avoid using easily guessable passwords but instead use strong and unique passwords as well as resort to using a password manager. People have nothing but good words for Keeper – a password manager that allows users to share their credentials (and revoke the share when they like) and get the useful mobile sync feature. There are multiple options available, this is one that I’m familiar with and regularly use. Previously, I was a big fan of LastPass but they don’t have very good customer support and I found Keeper to be more flexible and modern.
- Be wary of public WiFi
“Home network, no network or VPN!,” that should be your policy when it comes to Internet connectivity. Public WiFi networks should be avoided because, without precautions, they may introduce security risks. In case there is no other way for you to access the web, then you will need to take care of two critical things. First, you are not the only person that has access to a public network, so you need to put a firewall between you and them. Otherwise, cyber-attackers may be able to compromise your computer. Secondly, in the event you use email or chat anyone may have the ability to monitor your traffic and activity. When on a public network, use a VPN to protect your network traffic from passing in the clear.
An excellent alternative to using a public network is using a personal hotspot from your phone or dedicated service. Using a hotspot will eliminate the risk of getting hacked by intruders on the same public network, but realize that the Internet traffic between the hotspot and its destination will still be unencrypted. Setting up a private network with your phone might cost you more, but compared to the potential risk of a data breach or exposing your personal data, the cost is nominal.
- Protect your online presence with a VPN
VPN stands for Virtual Private Network. It is a software that creates secure access from your computer to the VPN and further to your internal network. With VPN gateways that act as secure tunnels for you to work through, you will extend your cybersecurity measures. VPNs offer many remote work features, but if the computer itself gets infected, there might be a risk of transmitting infected information even through a VPN. That’s why VPNs should always be used along with other security protocols to maintain the highest possible security standards and minimize the risk of infecting the rest of the machines that might be on an internal network.
A monthly VPN subscription will cost you around $10, which makes it an investment worth your while. Besides VPN, you can set up other encrypted, remote connections (such as SSH, HTTPS, or RDP) into a remote server. If you have access to IT or IT security staff, check with them first. Your company may provide access to a corporate VPN.
- Multi-Factor authentication (MFA)
Also known as Two-Factor Authentication (2FA), Multi-Factor Authentication is an additional layer of security besides your login password. Since passwords are easy to steal, they have become almost obsolete in the world of online security. There are different types of MFA solutions including hardware keys and one-time passcodes. With a one-time passcode, when you try to log into an account, you will first receive an access code on your phone that you need to enter. That way, the system will verify that it is really you who is trying to log in. It is an excellent extra step that makes it harder for cyber attackers to gain access to your accounts. An example of a hardware key is the Yubico Yubikey. Yubico is the device that we recommend and use ourselves.
- Encrypt your hard disk and backups
Once you encrypt your entire hard disk, nobody will be able to physically access its contents without the password. This is important in the event that somebody steals your laptop or you lose it, you will have peace of mind because nobody would be able to easily access the data on the hard drive without guessing the password. Making a backup of your disk is also something you should consider. First of all, if there is a data breach or ransomware locks your system, you will be able to roll it back to its previous state. But make sure to encrypt your backups so even if they get stolen or lost, the data will remain safe. Be sure that you don’t write down and store the password with your laptop. That’s a sure way to circumvent good security practices.
- Protect your mobile devices
Besides computers, more people are using mobile devices to accomplish tasks on the go. If you use it for work, you must not forget to protect your mobile device, or your clients and business may suffer. The basic security protocols for securing a mobile device include keeping software up-to-date, using strong encryption, installing third-party antivirus and antimalware software, and providing employee training in cybersecurity. But if your mobile device sends and receives confidential or sensitive data via your network, you may want to consider adding some extra safeguards.
- Turn on a firewall if you can
- Turn off networking capabilities when they are not necessary for work (in other words, when you don’t have to be online, you should disconnect). This includes WiFi, mobile data, Bluetooth, and other connections
- Restrict other apps allowed on your device
- Require multi-factor authorization before accessing your network
Since it is more likely for mobile devices to get stolen, it’s a great idea to use an MDM (Mobile Device Management) solution to be able to control your device in case you lose it or someone steals it. MDM will enable you to locate, lock, and destroy confidential data on the device. Even if you can’t recover the device, this will protect your information from falling into the wrong hands.Alternatively, both Google and Apple provide the ability to remote wipe devices using their cloud based solutions.
Staying Happy and Productive When Working From Home
- Create and be engaged in a virtual community with your colleagues
Since more people now work from home because of the health pandemic, more people are isolated in their homes to prevent catching the Covid-19 virus. Preserving your mental health is very important during these times of crisis, and with that in mind, group video chat via Skype, Zoom, or Facetime will become increasingly important (especially for those in a quarantine).
Management should encourage employees to talk to each other, create a channel for discussing things that are not work-related, and encourage people to maintain social interaction. Current conditions can stress you and your co-workers, so it makes sense to communicate and raise each other’s spirit while working remotely.
- Exercise and mental health breaks
People should take a few minutes and take a mental and physical break from work. This can be achieved in many ways. For example, taking a walk around the block, reading a good book, or watching a few minutes of a favorite show. If you have a hobby, consider taking a few minutes to try and practice or learn something new related to your hobby.
- Support and crisis management
Organizations are now in a rush to provide remote access, but that is not an excuse for sacrificing cybersecurity. To ensure smooth operations, there must be a system in place to support employees remotely. Remote workers must have clear communication protocols for crisis management and IT support if they encounter suspect or unusual problems that might be the result of a security breach. Beyond functional processes and technology, there are several essential factors to effective remote working:
- Communication – At least once a day, you should have a team call to inform people of the status of your projects and share experiences and issues. Stay connected by using connection platforms that allow video conferencing.
- Work schedule – Everyone should agree on a work schedule and method of clocking in/out. It’s also important to take a proper lunch break.
- Reporting – How quickly are you expected to respond to a request, report a problem, and how? Will there be task management software and other productivity apps in place?
- Liability – If you use a company’s computer to work remotely, the company should ensure the coverage for its possessions.
- Tech support – If you notice some unusual activity or are the first to identify a breach, you should have a tech support contact to ask for help when needed.
Having a healthy amount of suspicion is a great thing, regardless of how secure you believe your systems and networks are. Did you receive a text message or an email from someone asking for information or a request to reset their password? Get in direct touch with that person to confirm that it was them who sent the message. Be cautious and wary of anyone who asks you to do something out of the ordinary.
People and companies who are new to remote work should focus on strategizing how they communicate, regardless of the topic. What’s really important is the people element because it is often the negligence on the human side that opens the door to cyber attackers. It requires your conscious effort and effort on the managerial side to ensure secure communication channels are in place for everyone to connect.
The Covid-19 situation has shown us that remote working is a critical tool for risk management that can make a huge difference between surviving a pandemic and sustaining unrecoverable damage. By having multiple security protocols in the base of your security strategy (such as antivirus, antimalware, VPN, MFA, Consumer Affinity’s Split® Credit Monitoring service, secure communication channels, etc.), it will give you peace of mind that sensitive personal and company data is protected at any moment, regardless of where it is accessed. It also encourages your accountability as you become more aware of when and where to access the confidential data.
You are invited to join us in our community: Split® aims to address all your queries about network security. You can gain knowledge about different internet threats, viruses, frauds, etc.