The shift to a work from home (WFH) arrangement has raised numerous concerns among employers. For one, there is the fear that working from home may lead to productivity issues, what with so many distractions such as household chores and children.
They also need to contend with any possible mental issues that may arise in employees, especially the persistent fear that WFH may lead to potential lay-offs. Another matter is the flexible schedules and the potential difficulties of maintaining constant communication.
The biggest concern is ensuring good cybersecurity. There are security risks with WFH, among them the potential for hacking, phishing, and scams.
If you have made the decision or are just contemplating making the shift to WFH, here are 10 cybersecurity essentials that you need to know.
1) Learn basic cybersecurity skills
Even the best cybersecurity measures can prove useless in the end if both employers/managers and employees don’t have a strong foundation in basic cybersecurity skills. Let us enumerate these key skills:
- Know how to create a strong password. It should a random mix of at least 12 capital and small letters, numbers, and symbols. Never use the same password in two or more websites. Preferably, passwords should be changed every three to four months.
- Beware of phishing emails. Never click links in emails. Never provide personal details, including passwords or bank account details.
- Avoid using public WiFi when WFH. If any employee does not have a secure Internet connection, use VPN.
2) Secure home WiFi
Start by changing the automatic password of the router with a stronger password. Router settings can be accessed by typing in “192.168.1.1” in your browser so you can change the password. Change the SSID as well.
This is the name of your WiFi network. By changing the name, it becomes harder for hackers to identify and access your WiFi network. Check that network encryption is enabled by going into the security settings of your WiFi configuration page.
If you are given the choice between WEP, WPA, and WPA2, always choose WPA2 since this is the strongest security setting.
3) Use VPN
All companies should have a Virtual Private Network (VPN) so that employees can have access to the company computers when on WFH. Enhance VPN security by having a strong and robust authentification method.
While most company VPNs use the usual username and password combo, add an extra layer of protection with two-factor authentification or a smart card upgrade. You can also enhance VPN encryption by upgrading from Point-to-Point to Layer Two Tunnelling Protocol (L2TP).
Again, impress the need of strong employee passwords to prevent hacking. In addition, the VPN should only be used for work and should be switched off when using computers and smartphones for personal use.
4) Have a centralized storage solution
All companies that have server or cloud storage should teach their employees how to use them. They should be discouraged from keeping important files stored in their personal computers in case they get accidentally deleted, lost, or compromised. \
Files in server or cloud storage are more secure because they are protected behind a firewall.
5) Have the best antivirus and internet security installed in WFH devices
Antivirus suites are the best defense against hackers who exploit vulnerabilities in home networks in VPNs. These softwares provide automatic protection against common threats, including malware/spyware, ransomware attacks, DDoS attacks, Zero Day attacks, and Trojans, viruses, and worms.
Make sure that updates are set to automatic to ensure continuous protection against the latest cyberthreats.
6) Conduct regular password audits
Password audits do not mean that you require your employees to submit their passwords for evaluation. The procedure entails using tools to check for weaknesses in existing passwords.
This is done by launching attacks in the company network, specifically targeting weak passwords. Once these passwords collapse, the auditing tool proceeds to attempt recovering them.
If the password auditing tool can recover the password within a specific period of time, this means the network is not secure. These password audits can expose these weak passwords so that employees can change them to something much stronger.
7) Be aware of potential security risks of webcams and teleconferencing
With WFH, it is necessary to maintain communication between employers and employees. However, even video conferencing software like Zoom and the simple webcam pose risks to security.
Hackers may compromise your privacy by hijacking your webcam. You are not aware that they can see your workspace and potentially view sensitive documents. Webcams attached to your computer should be unplugged when not in use. For built-in webcams like in laptops, use a sliding webcam cover.
Here are some important tips on video/teleconferencing:
- Have Zoom or video conferences in a part of your home without identifiable characteristics or landmarks. It is advisable to hold such meetings with a blank wall behind you.
- All meetings should be kept private, requiring a strong password for entry. There should be strict control of access from the waiting room.
- Use the blur background function in Zoom and other apps so that your surroundings can be blotted out.
- Make sure that your video conferencing software has end-to-end encryption for enhanced security and privacy.
- Keep software up to date with the latest updates and security patches.
8) Ensure secure online banking
A vital aspect of business that requires the strictest security measures is finance and fund management. Despites its growing acceptance nowadays, steps must be taken to secure online banking for everyone who are now WFH.
Only use accredited and secure banking software and apps. Use services that you and your employees are familiar with. Always check the URLs of banking websites. They should have https:// before the URL instead of just http://.
There should also be a lock symbol on the left of the URL bar, indicating that the site has secure certificates. For added security, you can request card readers from your bank (so all online payments can be done using a physical card) or activate fingerprint log in.
9) Avoid using portable storage devices, especially flash drives or USB sticks.
If possible, employees should be provided with mandatory backups, particularly external drives from a trusted vendor. Flash drives or USB sticks should not be used at all since they are loaded with malware.
Consider looking into mobile device management (MDM) or enterprise mobility management (EMM) solutions for more secure backups, storage, and management of all your WFH devices.
10) Keep all software and programs up to date.
Make sure that all firmware, software, and programs used are up to date. Keep all devices on automatic update to be assured that the latest updates and patches are installed in your company WFH devices. Be alert for any new version releases and download them accordingly to replace old programs.
These 10 cybersecurity essentials will ensure the safety of your data and finances from threats in a WFH scenario. Always remember to stay updated and keep vigilant for scams, phishing, and other potential security threats.
If you’re looking for other resources on working from home, be sure to check out our Complete Guide To Working From Home to get you started!