As an employee working remotely, potentially for the first time during this unprecedented event, information security should remain top of mind. While our organization does require our associates to go through annual Cybersecurity and Data Security training, we have also stepped up communications to remind our teams of IT Best Practices and do's and don'ts to maintain cyber security while while working remote. We hope these are helpful for you as you navigate working remotely in this new norm.
Cyber Security Tips for Employees Working Remotely in the COVID-19 Era
Cyber Security Tip 1: Phishing is on the Rise
Cybercriminals are sending emails claiming to be from legitimate organizations with information about the coronavirus. The email messages might resemble a report from the U.S. Centers for Disease Control that claim to link you to a list of coronavirus cases in your area. Other scams offer purported medical advice to help protect you against the coronavirus, or may be an email that looks like they are coming from a fellow employees' work email account with a fake link to company policies. If you click on an attachment or embedded link, you're likely to download malicious software onto your device, which gives cybercriminals the ability to take control of your computer, log your keystrokes, or access your personal information and financial data. How do you avoid hackers and scammers? Think before you click and remember your security training. Also, contact your IT department to understand how to report such attacks and prevent others from falling victim to them.
Cyber Security Tip 2: Review Home Network Security
Now, it is an excellent time to review your home network security. The first place you should start is your systems passwords. Not sure if you have ever changed it? It is a good idea to reset the default manufacturers' password and choose something people will not guess. Don't set it to something simple that hackers will surely try like "123456." Contact your organization's IT staff if you need help updating your Wi-Fi passwords and configuring your network. They will appreciate your diligence. Here is a document link from the US National Security Agency to help you secure your family and work data.
Cyber Security Tip 3: Embrace the VPN
Be sure to discuss company policies with your IT department and your management teams before working from home. Your company probably has a few policies you need to follow that may include the use of a VPN. VPNs encrypt your traffic and provide you with a private communication channel. Your IT team will need to grant access and install the VPN software on your devices. (Mentioned in BYOD below).
Cyber Security Tip 4: Lock it up
Even if your company already has a policy in place to auto-lock your computer, always ensure you lock your laptop (CLT/ALT/DEL) when you need to walk away from it. You should never leave computers unsecured and unattended on kitchen counters, on the sofa, or your desk – even at home. With numerous family members working from home and children now being homeschooled, there is a higher risk of family members (i.e. children) using your work device to visit a seemingly genuine website for entertainment and clicking on a malicious link.
Cyber Security Tip 5: Back it up
It is essential to back up your files and documents. You should regularly back up your information to another device or cloud service that is approved by your IT department in the event your device crashes or is compromised, and you must reset it to factory settings. If you don't remember the last time you backed up, contact your IT department now to get that accomplished and avoid a headache later.
Cyber Security Tip 6: Disable Auto-connect
Ensure your device will not automatically connect to available wireless networks or Bluetooth devices. This instant connection opens the door for cybercriminals to access your devices remotely. Disable these features, so you need to search for and connect to a safe network manually. It is a good idea to also turn off Bluetooth and WIFI on your devices when not in use.
Cyber Security Tip 7: BYOD Safety
If you need to utilize one of your own devices for work-related activities, be sure to obtain approval from your IT department and enroll it in your organization's mobile device management program so that proper security tools are deployed, and VPN access is granted.
Cyber Security Tip 8: Password Security
I know you have heard it a thousand times but avoid writing down passwords on sticky notes. They can get lost or fall into the hands of someone sneaky while you are looking the other way (i.e., a teenager who wants to use your laptop to surf the web or watch YouTube videos). To reduce your risk, never share user credentials and change passwords frequently- we recommend every 90 days at a minimum, but check with our IT team to understand what your policy is.
Cyber Security Tip 9: Automatic Updates are your Friend
Whether it's your computer, smartphone, or another device, the best defense against viruses and malware is to update to the latest security tools, anti-virus software, web browsers, and operating systems. So check with your IT department to ensure this is enabled or verify when they pushed the last updates to your system.
Cyber Security Tip 10: Safe Surfing
We all want to stay up to date on the latest in the health crisis. It is essential to go directly to reputable sites providing information on COVID-19 like the CDC or WHO. Avoid clicking on content that your connections share on social media as these links could lead you to fraudulent websites that are just waiting for you to click on their links which will download malware.
Cyber Security Tip 11: Sharing isn't Necessarily Caring
When it comes to social media, limit what you share. Information you post on social media— ie. the town you live in to or your favorite coffee shop or other seemingly random details can be harnessed to target you or your loved ones online and in the real world. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are—and where you aren't— at any given time.
Reduce your Risk
These simple tips above can help you reduce your security risk. We all have a role to play in protecting our personal, organization, and client information. You are on the front lines and, in some regard- the most crucial in your organization's fight against the bad guys. It is essential to remain vigilant as you navigate this new norm.
I am extremely proud of our IT team that managed the remote work effort here internally for our Emtec associates located around the world. If you have any needs around your IT or security posture, please reach out to us. We are happy to help.
Stay tuned for the next blog in our "Cyber Security for the New Norm Series".