There is no doubt about it, remote working it here to stay. As we once again adapt to a new way of working (flexi-work), we need to clearly draw a line between work and home. And this means understanding the cybersecurity risks that working remotely brings.
An estimated 70% of cyber-attacks are specifically targeted towards small businesses, with almost half of small companies have already experienced a cyber-attack. Cybercriminals know that small businesses are less likely to have the resource, budget, or awareness to properly secure themselves.
In this post, we’ll provide 11 cybersecurity tips and best practices, and why they’re so important to follow when you're working from home.
1. Secure your home router
Let’s start with a simple step for how to make your home network more secure. Not many people change the default password on their home routers, making it an easy target for cybercriminals. Changing your router's password to something unique is a simple step you can take to protect your home network from malicious actors who want access to your devices.
While this is a good first step, there are additional measures you can take. For example, you should ensure firmware updates are installed as soon as possible so known vulnerabilities aren't exploitable.
2. Separate work and personal devices
It might be easier said than done, but it's important to create boundaries between your work life and home life, especially while working from home.
While it’s annoying to constantly flip between devices just to pay a bill or order your shopping, keeping your work devices separate from your home devices can help reduce the amount of sensitive data exposed if your personal device or work device has been compromised.
3. Use supported operating systems
Every day new vulnerabilities or exploits pop up, and they often impact old versions of operating systems that are no longer supported by their developers. Generally, developers only support the last few major versions, as supporting all versions is costly and time-consuming.
Unsupported versions no longer receive security patches and therefore put your device and sensitive data at risk. Always use a supported operated system, and if your device allows it, the latest version.
Here's how to check if your operating system is still supported:
- Windows: Check the Windows lifecycle fact sheet.
- macOS: While Apple has no official policy for macOS, they consistently support the last three versions of macOS. So, assuming Apple releases a new version of macOS each year, each release of macOS should be supported for roughly three years.
- Linux: Most active distributions are well supported.
- Android: Security updates target the current and last two major versions, but you may need to check that your manufacturer/carrier is sending the security patches to your device. You can read more about Android security here.
- iOS: Like macOS, Apple has no official policy for iOS but security updates generally target the most recent major version and the three prior.
It's not always easy to determine if your operating system is supported, which is why it’s best to use the latest version as long as your device can handle it.
4. Don’t ignore updates
Like many of us, I too am guilty of putting off system and software updates. They always come right when you’re in the middle of something and it’s too easy to hit the “remind me tomorrow” button over, and over again. But what I didn’t realise (I do now) is how important they are.
Updates aren’t just to make changes and improve the programs we use but to fix security flaws (patch) and help safeguard your data.
Most modern devices will automatically apply updates by default, but you may need to allow your computer to restart to complete the patching process – annoying by necessary.
Most modern software will check for and apply security patches automatically. For everything else, check for the latest versions periodically. That said, where possible consider using a secure SaaS application over installable software as it cannot become out of date and the management of security is in the hands of the provider rather than you.
Software as a service (or SaaS) is a way of delivering applications over the Internet—as a service. Instead of installing and maintaining software, you simply access it via the Internet, freeing yourself from complex software and hardware management.
5. Enable automatic locking
If you walk away from your device regardless of whether in your home office, coworking space, or a coffee shop, you should always lock it. While this is a very simple safety measure, we’re all guilty of forgetting from time to time. This is where automatic locking swoops in to protect our unattended devices.
By default, automatic locking is enabled on most modern devices. Make sure it’s configured to a set time that isn’t too long, or too short; you could try 30 seconds for your mobile and five minutes for your laptops.
6. Use a strong password on your device
Having said the above, it won’t matter if you’re not using a strong password. Make sure to avoid anything easy to figure out, like repeating numbers (e.g. 111111), sequences (e.g. 123456), or common passwords.
You should also avoid using anything related to you, like your birthday, license plate, address, name of a pet or family member etc. A good password should look random and include a mixture of upper- and lower-case letters, numbers and symbols.
7. Invest in a password manager
If your company doesn't provide you with a password manager, think about investing in one. They help you create strong passwords and remember them; they also make it easy to use a unique password for each website you use.
This is important because if you use different passwords and one of them is exposed in a data breach, your other accounts will remain safe. Most password managers will also allow you to store secure notes, credit card details, and other sensitive information.
Some even ease the adoption of two-factor or multi-factor authentication. If you’re considering taking the step, LastPass could be a good option for you.
8. Enable two-factor authentication and use an authenticator app
Two-factor authentication is a verification method where access is only granted after presenting two pieces of evidence to an authentication system.
Two-factor authentication can dramatically reduce the risk of successful phishing emails and malware infections because even if the attacker has your password, they would need the second piece of evidence to complete the login. Meaning, they would need access to whatever is generating your one-time code, which should be an authenticator app or security key.
The first and most common evidence is a password. The second takes many forms but is typically a one-time code or push notification.
It's important to be aware that while convenient, SMS is not a good choice for the second factor because attackers have learned how to trick telecommunication companies using social engineering.
The best practice is to use an authenticator app, at Netitude we use Microsoft’s Authenticator. Other good alternatives are Google Authenticator and Authy.
9. Use an antivirus
Antivirus software can help protect your computer from viruses, spyware, ransomware, rootkits, trojans, and other types of malware.
Antivirus software is a program that detects or recognises a virus and then works to remove it from your computer system. Antivirus software also prevents any potential virus from infecting your computer in the future.
10. Use a VPN
A virtual private network (VPN) isn’t just used to get around geographically restricted content, it is also good at increasing online privacy. A VPN extends a private network across a public network, enabling you to send and receive data across shared or public networks as if you are directly connected to the private network.
This keeps you secure on public hotspots and allows for remote access to secure computing assets.
But be careful which VPN to trust, not all of them are nice! Some could leave your device riddled with Malware.
11. Back up all your data
Despite numerous choices, many organisations fail to effectively back up their data.
Human error, physical damage to hardware, or a cyberattack can all lead to the loss of important business data, causing devastating effects to your business. If you suffer data loss – including client data – you are losing one of the most important business assets you have. Unfortunately, the critical nature of business data is often only realised when it’s too late.
Even organisations that believe their data is properly protected may find themselves at risk. Occasionally, the wrong data is backed up, or the backups fail. The Gartner Group estimates only half of all tape backups restore successfully.
One of the safest, reliable, and cost-effective ways to store your data is in the cloud.
If your business isn’t operating on a cloud-based system yet, now is a great excuse to start. Not only is it more secure than a physical server, but it also allows you and your colleagues to work on files from anywhere, at the same time.
Bonus tip: Invest in cybersecurity awareness training
If you wanted to go one step further, consider security awareness training for staff members.
According to a report, most employees don’t know the key risk factors relating to data security and privacy. Some employees are misinformed or confused about what risky behaviours are; many don’t understand that cybersecurity is their personal responsibility.
Teach your staff how to:
- Recognise phishing, spear phishing, and whaling attacks.
- Avoid malicious email attachments and other email-based scams.
- Be careful about what they share on social media and ensure accounts are private to avoid social engineering.
- Only install software if they need to and to preferability only use secure, well-established SaaS applications that are always up to date.
- Avoid installing browser plugins that come from unknown or unidentified developers.
So, when it comes to working from home or working anywhere outside of your office, make sure you and your staff take the necessary steps to work safely and securely. Be aware of your surroundings, practise good habits and take precautions to protect your business data. And remember, security awareness alongside cybersecurity tools is key to keeping cybercriminals out of your business.
Netitude’s managed service is designed to not only take the burden of cybersecurity away from you but to increase your employee’s security awareness. If you’re interested in learning more, get in touch with a member of the Netitude team today!