Security in the Age of Working Remote
The COVID-19 crisis has compelled organizations worldwide to move a large portion of their workforce to a remote, work from home, environments. While this is a necessary step to ensure continuity and protecting our staff, the cybersecurity threats it facilitates must not be ignored. As remote workforces, we are vulnerable to a variety of cybersecurity threats. Our organizations may be unaccustomed to dealing with the threats if they have not implemented a robust set of remote work policies, technology, and training. Employees may feel overwhelmed or uncomfortable with the sudden change in our work environment. Additionally, they may be uncertain about best practices for being safe and secure while working remotely.
Fortunately, remote cybersecurity preparedness does not need to be complicated. Organizations such as The National Cyber Security Alliance and The SANS Institute have produced valuable resources with tips and information on keeping cyber-safe while working online remotely. By educating us on these risks and providing clear guidelines on how to address them, organizations can quickly overcome the most common cyber threats, thus enabling us to remain productive and secure regardless of our location. Here are five core risks and how to combat these potential threats.
Social Engineering
Social engineering tactics, such as email phishing and fake phone calls, texts, and social media messages, are some of the most common cybersecurity threats that we face while working remotely. Cyber attackers understand it is easier to trick us instead of tricking our computers into making mistakes. In today’s tumultuous times, these cybercriminals relentlessly pursue those of us who are vulnerable in hopes of being granted access to our passwords, data, or devices. Powerful cybersecurity technologies cannot protect us alone without our engagement. We must learn how to recognize the signs of a social engineering attack and know what to do when we spot one.
Here are some common social engineering tactics:
- Urgent requests conveying fear, intimidation, a crisis or an impending deadline
- Offers that sound too good to be true or require a bypass of conventional security policies
- Messages claiming to come from a friend or co-worker but the signature, tone, or wording seems unfamiliar
Weak Passwords
Weak passwords can be a cyber criminal’s best friend. Modern computing speeds render traditional eight-character or fewer passwords highly vulnerable to cyber-attacks. The following best practices can help us make our passwords more formidable and our accounts more secure.
First, the more characters a password has, the stronger it is. For this reason, many security experts suggest that we choose a passphrase that is easy to remember. A passphrase is nothing more than a series of words strung together. By selecting a separate passphrase for each of our accounts, we ensure that if one is compromised, all others remain safe and secure. Password complexity is also essential. For example, utilize a combination of lower case and upper case letters, as well as numbers or special characters. If memorizing these numerous passphrases becomes too difficult, a great option that we can use is a password manager that stores all of our passphrases in an encrypted format. Finally, by enabling multi-factor authentication whenever possible, we add a secondary authorization step for securely accessing our programs and accounts.
Outdated Software
Our computer, mobile devices, programs, and applications that we rely on to be productive all run on software. Outdated software versions are vulnerable targets for cyber attackers who are looking to gain access to sensitive information. The best way to avoid this common vulnerability is to simply enable automatic updating of software whenever possible for any technology connected to a network. Other connected technology includes consumer devices such as TVs, baby monitors, and cameras, all of which may offer hackers the opportunity to gain access to the network and sensitive data. By ensuring updated software is installed, we are much less vulnerable to attacks when working from home.
Home Network Settings
Most homes today are equipped with a WiFi network (WiFi) that enables devices in the house to connect to the internet. These networks are controlled by an internet router or a separate wireless access point that broadcasts wireless signals to devices. But if our home networks are not secure, then they may be accessible to cyber attackers. A few simple guidelines can help us ensure that this does not happen.
First, change the default administrator passwords. It is far too easy for would-be attackers to obtain default passwords provided by manufacturers. The password should be strong, and using a passphrase as detailed above is recommended. Additionally, only trusted individuals should be allowed access to the network. If there are any questions on how to accomplish these tasks, we can contact our Internet Service Provider, check their website, check the device’s documentation, or refer to the manufacturer’s website.
Friends, Family, and Guests
Unlike the office, our homes are typically full of individuals who are not employed by our organization. The risk here is less about malicious intent than accidental modifications or deletions of sensitive information, or perhaps, infecting a company device with malware unintentionally. The best solution to this problem is just to make it very clear that only authorized remote workers are allowed to use company-issued devices.
UNICOM Engineering is Committed to Cybersecurity
UNICOM Engineering understands the importance of safeguarding the trusted information of our employees, partners, and customers. As the way we work continues to evolve, we aim to continue raising awareness for how organizations and employees can stay safe from the ever-growing list of cybersecurity threats, especially while working remotely.