Full-time remote workers are increasingly common and a staggering 70% of global employees work remotely at least once per week which necessitates additional cybersecurity measures to secure data.
The coronavirus pandemic and resulting lockdown of many countries means that many organizations and their employees are now in the unfamiliar territory of full-time working from home (WFH).
Business continuity planning means that we now need to find ways to protect our customer’s sensitive data while allowing for location flexibility. There is a lot that can be done at an infrastructure level and an individual level to keep customer data secure, but the truth is your company’s confidential information is only as secure as the weakest link.
Physical security shouldn’t go out the window when you’re working from home. Just as you lock up the office when you leave for the day, do the same when working from home.
Laptops can be stolen from your backyard, living room or home office. Take your laptop inside when you go and make lunch, and lock the door to your home office. Keep your home workspace as secure as you keep your normal office.
Cybercriminals look to exploit default passwords on home routers because not many people bother to change them, leaving their home network vulnerable.
Changing your router’s password from the default to something unique is a simple step you can take to protect your home network.
It might be easier said than done, but it’s important to carve out boundaries between your work life and home life, especially while working from home.
While it may seem cumbersome to constantly switch between devices to simply pay a bill or online shop, do your best to keep your work and home computer separate. You never know if one has been compromised. If possible, do the same with your mobile devices.
This can help reduce the amount of sensitive data exposed if your personal device or work device has been compromised.
If your employer hasn’t already turned on encryption for you, you should turn it on as it plays an important part in reducing the security risk of lost or stolen devices, as it prevents strangers from accessing the contents of your device without the password, PIN, or biometrics.
For reference, encryption is the process of encoding information so only authorized parties can access it. While it doesn’t prevent interference, it does deny intelligible content to the interceptor.
How you turn on encryption will depend on your device:
New vulnerabilities and exploits are posted to CVE on a daily basis and they can often impact old versions of operating systems that are no longer supported by their developers. In general, operating system developers only support the last few major versions, as supporting all versions is costly and the majority of users do the right thing and upgrade.
Unsupported versions no longer receive security patches as vulnerabilities putting your device and sensitive data at risk.
In short, always use a supported operated system, and if your device allows it, the latest version.
Here’s how to check if your operating system is still supported:
It’s not always easy to determine if your operating system is supported, which is why its best to use the latest version as long as your device can handle it.
If you walk away from your device at your home office, coworking space, or a coffee shop, you should lock it. The issue is as humans, we forget. When we do, automatic locking is there to protect our unattended devices.
Make sure to configure an amount of time that while convenient is not unreasonably long, such as 30 seconds for mobile devices and five minutes for laptops.
Automatic locking is enabled by default on most modern devices.
All of the above doesn’t matter if you don’t use a strong password. Make sure to avoid anything that’s easy to try, such as repeating numbers (e.g. 000000), sequences (e.g. 123456), or common passwords.
Additionally, don’t use anything that is related to you, such as your date of birth, license plate, address, etc. A good pin/password should look random to anyone that’s not you.
An antivirus software, as the name indicates, is a program that works against a virus. It detects or recognizes the virus, and then after detecting the presence of the virus, it works on removing it from the computer system. Antivirus software works as a prophylactic so that it not only eliminates a virus but also prevents any potential virus from infecting your computer in the future.
If your company doesn’t provide you with a password manager, consider investing in one. They help you create strong passwords and remember them, as well as share them with family members, employees, or friends securely.
They also make it easy to use a unique password for each website you use.
Most password managers will also allow you to store secure notes, credit card details, and other types of sensitive information.
Some even ease the adoption of two-factor or multi-factor authentication.
Being able to find and ideally remote your device is a crucial part of ensuring information security when a device is lost or stolen. Securely wiping a device makes it much harder to access your data, no matter how much time or determination an attacker has.
Here’s how to enable find my device:
When lending, giving, selling, just throwing out an old device, make sure to return it to factory settings. This will prevent your data from being accessed after you no longer have control over your device, temporarily or permanently.
Before doing this, remember to back up or transfer any important information on the device.
Here’s how to return your device to factory settings: