Cybersecurity for Home Workers
Current events mean that large numbers of employees are moving to home working each day. This presents significant security risks for businesses and the employees alike.
For employers, the risk comes in the form of untrusted devices and networks being used to access corporate systems. For the employee, there's additional risk from cybercriminals who seek to exploit this shift to home working and the reduced levels of protection which may be in place in the home.
This guide covers some of the types of issues that those working from home could benefit from being aware of.
First of all then, Incident Reporting. Do you know what to do and who to talk to in the event that something you weren't expecting happens?
Be sure to have clarity about who you should report incidents to and how those incidents should be reported.
This is the act of deceiving an individual to gain access to systems or information useful in gaining access to those systems. Look out for suspicious emails and attachments or unusual phone calls. These could include requests to validate or change credentials used to gain access to systems. Your typical "Your account has been compromised, click here to reset your password" type of scam.
Weak passwords are continully used as a method of attack. Just yesterday I worked with an organisation where a priviliged account (an administrator account) had a password of just six characters. This is not near complex enough for any account, let alone one with a high level of priviliges.
As ever, consider using a password manager and start to implement complex and unique passwords for each service you use.
Now, more than ever, it's important to ensure that your systems are kept up to date. This includes your computers, phones and tablets (Windows, MacOS, as well as the applications you use such as MS Office and so on) and also includes devices attached to your network like your broadband router, wifi access points and other devices like set top boxes and smart TV's.
Any of the above and many more can be used to gain access to your network and devices. When is the last time you manually verified that your devices were up to date?
Is your Antivirus up to date? Do you have a good quality, paid subscription? Free products will only do so much to protect you. For advanced levels of protection, look for premium paid products. Sophos Home edition will allow you to protect up to 10 devices and is currently on offer for just £35 a year!
Family members and Visitors
How often do family members or visitors come to your home and ask to use your computers or have access to your WiFi?
Ideally, your WiFi access point will have a function to enable a separate guest-WiFi hotspot, if you have this option, enable it and ensure that visitors only use this to connect.
When it comes to your partner or children, now is not the time to allow them to have access to your personal devices, particularly if they are used to access the workplace.
If you have a work device at home, make sure this is completely off-limits. Lock the screen when you're away from the computer as even a few inocent clicks could end up being disastrous if the wrong links are followed.
If your work has a financial element to it, such as paying invoices or you are responsible for granting access to systems, beware of requests coming in via email. Pick up the phone to validate that the request is legitimate.
Cybercriminals will be seeking to take advantage of the distance between individuals. The fact that you can't see the person sending you the email for a quick confirmation is looking like a juicy opportunity for some.
If you need any help, please feel free to get in touch, I'll be happy to help wherever possible. Stay safe!