Remote working brings benefits for employees, but by working from outside the company’s internal network there’s also the added threat that employees are left more vulnerable to cyber attacks.
And if hackers can compromise a remote employee by stealing their corporate username and password, or infecting their computer with malware, it could become a costly network security risk for the entire organization.
In Depth: These experts are racing to protect AI from hackers
Data breaches, phishing campaigns, ransomware attacks and Business Email Compromise (BEC) are just some of the cybersecurity threats to organizations, if cyber attackers can successfully target remote workers.
To help prevent this, the National Security Agency (NSA) has released ‘Best Practices for Securing Your Home Network‘ a set of cybersecurity tips designed to help remote workers protect their networks – and themselves – from cyber attacks and hackers.
“In the age of telework, your home network can be used as an access point for nation-state actors and cybercriminals to steal sensitive information,” said Neal Ziring, NSA Cybersecurity Technical Director. “We can minimize this risk by securing our devices and networks, and through safe online behavior.”
Acording to the NSA, these are some of the most important things you can do you to help secure your network and devices while working remotely:
Use modern operating systems, applications and browsers them keep them up to date
Using the most recent version of an operating system and keeping it updated with the latest security patches is one of the best ways to help keep your device safe from cyber attacks.
The most recent operating system is the one which will be the most supported, while older operating systems may eventually stop receiving updates – meaning that security patches may not be available if vulnerabilities, which could be exploited by attackers, after uncovered after the cut off point.
In most cases, the updates will come in the form of a prompt which encourages you to restart your computer – something you should do as soon as you can.
The same goes for applications, software and web browsers – using the latest version means you’ll be using the latest security updates, which will prevent cyber criminals from exploiting known vulnerabilities in software to conduct attacks.
Keep your router secure and up to date
Your Internet Service Provider (ISP) provides you with a router to connect to the internet. Many people don’t really think about it, leaving it hidden in a corner after it’s been installed.
But your router is an important part of your networking set-up, providing a gateway in and out of your home network – something which can be exploited by cyber attackers if it isn’t secured properly.
Like any other internet connected device, you should make sure your router is kept updated with the latest security patches, which can be set up to download and install automatically.
If the router reaches end-of-life and becomes unsupported by the ISP, it should be replaced with a newer model which will receive updates.
Segment your wireless network
Segmenting your wireless connection, so there’s separate wi-fi networks for your work and home devices can be very helpful for keeping your devices secure.
The NSA suggests that at a minimum, your wireless network should be segmented between your primary Wi-Fi, guest Wi-Fi, and IoT network. This segmentation keeps less secure devices from directly communicating with your more secure devices.
Use strong passwords – and keep them safe with a password manager
Your passwords are the key to your online life, so it’s vital to make them secure – especially the one which you use to access corporate cloud environments. All of your passwords should be unique and complex, so they’re not easy for an attacker to guess.
ZDNET Recommends
While remembering many different passwords is a challenge, this can be overcome by using a password manager – which should also be secured with a strong, unique password.
It’s also important not to store any passwords in plain text on your device. This will prevent your accounts being accessed if your device is lost or stolen.
Use multi-factor authentication for your accounts
Using multi-factor authentication (MFA) – also known as two-factor authentication (2FA) – whenever possible can keep all of your accounts secure.
Ideally, your employer will provide an authenticator to link to your corporate accounts, but it’s also a good idea to secure your personal accounts with MFA. Application-based or hardware-based security keys are the most secure option. If that isn’t possible, SMS-based MFA is better than no MFA.
Use security software
If you’re working remotely, you should be using an anti-virus product, one that’s hopefully been provided by your employer. But in order to stay safe, it’s also a good idea to install anti-virus software on your personal devices too – and it doesn’t need to cost a lot.
ZDNET Recommends
Using anti-virus software can alert you to potential threats, be they malicious attachments, websites or or something else.
Follow email best practices
Email is one of the most common and most effective attack vectors for malicious hackers, who can use it trick you into giving them access to your password, clicking a malicious link or downloading malware. However, by following best practices around email cybersecurity, it’s possible to avoid falling victim to email-based attacks.
The NSA recommends that you should avoid opening attachments or links from unsolicited emails and that you shouldn’t click on links in attachments from unknown senders.
If you are uncertain if an email is legitimate or not, if possible you should identify the sender via secondary methods, such as a phone call and delete the email if you’re told it isn’t really them.
The NSA also recommends that you should never open emails that make outlandish claims or offers that are “too good to be true” – like an unexpected suggestion of a bonus or a pay rise.
Be careful when using social media
Social media services like Facebook, Instagram, Twitter and others are a good way to keep in contact with friends and family – but they can also be a prime hunting ground for cyber criminals and other malicious hackers for conducting attacks.
Avoid posting information, such as addresses, phone numbers, places of employment, and other personal information, that can be used to target or harass you. Some scam artists use this information, along with pet names, first car make or model, and streets you have lived on, to figure out answers to account security questions.
You should also ensure that your personal social media accounts are set to friends only, to prevent unwanted eyes from snooping on your profile.
Also, take precautions with unsolicited requests, especially from strangers – attackers could use in-app messaging services to conduct phishing attacks or deliver malware.
Be cautious when using public wi-fi spots
One of the great things about remote working is that you can do it from anywhere, so maybe instead of working from home, you decide to work from the local coffee shop for the day.
Yes, it has an internet connection – but do you know how secure it is? The NSA warns that “public hotspots are more susceptible to malicious activity” – which means you should take additional precautions when using public Wi-Fi, preferably avoiding it all together.
Instead, the NSA recommends using a cellular network like your mobile wi-fi hotspot or 4G or 5G connectivity. If you must use public wi-fi, the NSA recommends using a trusted VPN provider to protect your connection from malicious activities and monitoring.
And if you’re using your laptop in a public place – don’t leave it unattended and available for other people to look at or steal.