Even before the onset of the Covid-19 crisis, cybersecurity was a growing concern, as companies became increasingly vulnerable to ransomware, intellectual property theft and operational disruption. However, as the pandemic forces more employees to work from home (WFH), businesses face a new wave of increased data privacy and security risks.
The amount of cyberattacks during the last year have skyrocketed, since hackers know that many companies haven’t had the time or resources to implement stringent cybersecurity for employees who are WFH, leaving information much more vulnerable.
The pandemic has upped the stakes manifold — as WFH becomes the “new normal”, we all find ourselves working from less secure domestic networks and it’s crucial to implement measures to create a secure cyberspace. Here are my top five tips to help safeguard against cyberattacks while WFH
Be careful of emails or attachments you aren’t expecting
It’s estimated that on average, more than a third of all breaches involve phishing — where a hacker tricks the email recipient to click a link or download an attachment, by pretending to be someone they know or trust.
The ultimate goal is to get sensitive corporate data out of employees, including secure login details, financial information or private data.
It may seem self-evident to say that vigilance is the need of the times, but employees need to be trained to ensure they are actively verifying email correspondence — for instance, by checking that the sender name and email matches, that it’s coming from a valid email address and most importantly, be suspicious of emails that either seem too good to be true or elicit a strong emotional response.
Hackers have been preying on the uncertainly of the times and using Covid-19 related scams, some of which even involve impersonating health organisations to send fake Covid-19 news, testing details and even vaccination appointments.
With people working from home and being cut off from regular IT teams and anxiety running high, human errors and slip-ups are going to happen, so training and vigilance is critical. But most importantly, don’t think prevention is the only defence mechanism, focus on resilience as well.
If a user does click on a link in an email and provide sensitive data to an attacker — how will your company prevent this from being a serious incident and get back to doing business? Preparedness is crucial in such situations.
Working on an unsecured Wi-Fi network means you could be exposing your information and browsing habits
Secure passwords and have a ‘virtual vault’
Password breaches are one of the most common and easiest ways for hackers to gain access to business information — Studies estimate that 59 percent of people use the same password for everything and while it’s convenient to have the same password for all logins, the associated risk levels are extremely high, should the password get compromised.
Best practice is to use a different password for every login and have a password manager that can recommend and store strong and unique passwords. “1Password” or “KeePass” for example, are great apps, as they enable users to store various passwords and sensitive information in a “virtual vault”, that can be easily accessed by the owner.
The most important thing is to have unique passwords per website so that if one website gets hacked and your password exposed, it does not cause problems to other parts of your digital life.
Two-step verification is a must
Two-step verification may seem like overkill to some, but it is an almost impenetrable line of defence against hackers. It requires two forms of verification before being granted access — for example, a password followed by a code retrieved from an app on your phone.
According to Google, two-factor identification will block almost 100 percent of automated attacks. If someone tries to log into your Google or Facebook account, the two-step verification will ensure their access is denied, because the hacker must have access to more than one device.
Almost all major platforms like Gmail, Facebook and Microsoft have two-step verification and it would serve all individuals who are WFH, to ensure they have this activated.
Use a VPN to encrypt work-related internet browsing
Working or surfing the web on an unsecured Wi-Fi network means you could be exposing your company (and private) information and browsing habits.
Online security and privacy is a real concern on any public or shared Wi-Fi and that is why a Virtual Private Network (VPN) is an important consideration.
A VPN encrypts internet browsing and provides online privacy to help protect the user; it can hide a lot of information that can otherwise, be unlawfully accessed via an unsecured Wi-Fi network, including browsing history, IP address, location or remote access to devices.
There are many different VPNs that are suitable for boosting the cyber security of employees, whereby they can access VPNs on their laptop or mobile phone.
According to Google, two-factor identification will block almost 100 percent of automated attacks
Don’t mix business and personal
It may seem like a hassle and double the work, but it’s important to separate work and personal devices and accounts – try to keep your work computer and your home computer separate, as well as your work and personal accounts.
Moreover, your office and personal devices should always have the latest up-to-date security protection, including antivirus and firewalls to safeguard against attacks.
A good rule of thumb is to ensure that your office computer is set to automatically receive all security updates, especially Windows updates and reboot regularly, to make sure that they take effect.