If you are a remote worker, then you ought to read this work-from-home cybersecurity tips article we prepared. You should know the risks and threats that you may have to face while working outside your office network. In this way, you can avoid losing valuable data that is stored in your machine.
There are different opinions about remote work models or work-from-home setups. Some took it negatively. While others, both employers and employees, gave this strategy a thumbs up. But I think we can all agree that the work-from-home setup is one of the side-effects of the pandemic.
Remote Work Setup Is Common Now
According to a study, because of the pandemic (COVID-19), the year 2021 was quoted as “the year where the world stayed remote”. Nearly 70% of the full-time workers in the U.S. shifted to work remotely. They resigned from their jobs to choose a better work-life balance. Hence, many companies or employers started to adapt and adjust to fit a new hybrid working model.
However, there are still work-from-home cybersecurity risks that you should always take into the equation. In most companies, these risks are being handled by their in-house or outsourced I.T. department. They make sure that firewalls and antivirus are set up properly to protect all users within the office network.
Cyber threats such as malware, ransomware, phishing, and other malicious cybercrime attacks do not sleep. Just because you are confident that your system is always safe because you are cautious, think again. Cybercrime is constantly rising, keeps on evolving, keeping its pace, and is on par with the advancement of technology. During the first half of 2021, it was reported that there is a 102% increase in ransomware attacks as compared to the previous year.
If you are working remotely, are you sure that you are protected against cyber threats? To have a deeper insight, scroll down and keep on reading.
12 Work-From-Home Cybersecurity Tips You Can Do
You do not have to worry if you are not a tech-savvy type of person. The list below is a basic checklist that you can do to protect your system. It will help you to avoid any disruptions caused by cyber threats while working.
1. Use a unique and strong password for each account.
Your password is the first line of defense against any unauthorized attempt to access your account. You need to make sure that you maintain strong passwords for all your accounts – local machine or online. But when thinking of a strong password, make sure you don’t use one for all of your accounts. If your password gets compromised, then it is like you are giving cybercriminals free access to all of your other personal accounts. So avoid creating and maintaining weak passwords.
To create a strong password, you should:
- Never make use of your birthday, mobile number, address, or anything that is directly connected to your personal information. Cybercriminals will usually start with passwords that have meaning to you or something about you.
- Maintain an 8 alphanumeric password – the longer the better.
- Your password should contain a combination of uppercase, lowercase, numbers, and symbols.
- Never create one password for all accounts. As much as possible, each account should have its own unique strong password.
- Regularly change your password. Make it a habit to change your password every 30 days, 90 days at most.
- Do not jot down your password on any piece of paper. Keep it in your head.
Maintaining a strong password and if you have more than 10 accounts, remembering all of them is not an easy task. You will need a password manager to take care of that for you. Some of the reliable passwords you can search on the Internet and use are:
- Google Password Manager
- NordPass – Secured Password Manager
2. Be responsible when using company properties.
Take full responsibility for the devices provided to you by your employer for your work-from-home setup. Treat them as if they are your personal belongings. You have to protect your company’s data. Avoid downloading and installing applications not related to your work. If it can’t be helped, ask permission first from your I.T. with justification.
3. Ensure you have a reliable antivirus installed on your machine.
When we talk about cyber threats, cybercrimes, or cybersecurity, the first thing we can think of is an antivirus. Ensuring that there is a reliable antivirus installed on your machine is the most important work-from-home cybersecurity tip. It can help you avoid the risk of being infected by computer viruses, ransomware, and malware.
Most companies, before they deploy their machines, laptops, or desktops, they make sure that there is already an antivirus installed. They are aware that they need to protect their assets and data that comes along or will be stored on those machines.
If your machine is running on Windows 10 and above, it already comes with Windows Defender Antivirus. Microsoft Windows Defender has improved over the last few years. It can not only detect threats in real time, but it also has a built-in firewall and network protection. In addition, it can monitor your system’s performance. But the question is, is it good enough?
According to the test done by Safety Detectives, Windows Defender Antivirus is still lacking some features that may still compromise your system.
Some of the issues found are:
- Windows Defender’s malware threat detection is lower when compared to others.
- Content filtering is only effective with the Microsoft Edge browser.
- The user interface is not user-friendly.
- Although Windows Defender has a PC system health report, it is basic and does not have an option to help you boost or clean your system.
So, if your machine does not have an antivirus installed, talk to your I.T. and recommend that they install one. You need to discuss with your employer the necessity of having a reliable antivirus such as Norton Antivirus, Kaspersky, McAfee Antivirus, and many others. This should be considered as part of your office upgrade plan.
4. Ensure that your home Internet connection is secured.
As mentioned earlier, unlike your office network which probably has a decent firewall and security measure, you should also ensure that your home Internet connection is secured. You need to make sure that no outsiders can intercept or can connect to your home network.
Start with your Internet Service Provider’s router. You need to change the default password and set the data encryption as WPA or WPA2. And the same thing goes with your other network devices such as your Wifi extenders or routers. Create a strong password for your wireless router. Also, if you have other wireless devices and appliances, such as Internet TV, smart speakers, or mobile devices, make sure that they are secured. There are devices that can broadcast signals to outsiders which can allow them to connect. So, you have to configure these smart appliances whenever possible.
5. Avoid using unsecured public Wifi connections.
Of course, there will be a time that you may have to work somewhere else, outside your home but still remotely. And one of the things that you have to avoid is connecting to unsecured and unprotected public Wifi connections.
You may never know, you might be connecting to a network where all your data can be exposed. Most of the time, an unsecured public Wifi connection is being used by cybercriminals to launch malicious codes that can penetrate your system or devices.
If possible, instead of using a Wifi connection, you can tether using your mobile device’s data plan. Or try investing in pocket Wifi and subscribe to an all-Internet data package. You can not only use it when you are actually working “remotely”, but also it can serve as your backup Internet connection when your home Internet connection is not available. Or if it can’t be helped, you can use a virtual private network (VPN) which can hide your Internet activities.
6. Ensure that your system and antivirus are updated – ALWAYS!
This is yet another important work-from-home cybersecurity tip that you should never disregard. You should make sure that your system, like Windows 10, is always updated. Some of the Windows updates are security-related. That is why you need to make sure that the Windows Update settings are enabled and configured.
The same thing goes with your antivirus, it should be kept updated – both version and virus definitions. We already mentioned that cyber criminals do not sleep, so, if you are missing important updates, then your system is at risk.
7. Perform regular scans.
Although most antiviruses have a real-time scan feature that can immediately capture any cyber threat, there are still other threats that can escape. There are other cases where malware can cloak itself within a legit application and trigger automatically. When it depends on how the malware was designed and created.
That is why performing a virus scan regularly, either daily or weekly is not a bad thing to do.
8. Perform regular backup of your system.
Make it a habit to back up your system, at least the folders or files that are crucial to your work. Data loss can be a big pain, not to mention, that it can cause revenue loss.
If you are using Microsoft Windows, like Windows 10 or above, you can make use of its Backup feature. It allows you to back up to another drive like external USB HDD drives.
You can also make use of cloud services to back up your files. You can use cloud storage like OneDrive, Dropbox, or Google Drive. Or if your company uses and offers a cloud service, you should make use of it.
But make sure that you still scan the files with your antivirus when you need to download them back.
9. Disable Windows autorun and autoplay for external devices.
Many years have passed and it is still common that viruses to attach themselves to external devices, like external hard disks and thumb drives. And they are automatically executed and can propagate as soon as you connect them to your computer because of the Windows autorun or autoplay.
That is why it is recommended that you disable the Windows autorun and autoplay so that you can avoid the risk of your system getting infected. You should scan first the drive for any malicious software or application before opening the attached drive.
10. Disable the image previews in Outlook.
One of the cybercriminals’ schemes is to hide malware within graphics code and one of their favorite targets is Microsoft Outlook’s image auto preview. So, it is highly recommended that you disable the image preview in Outlook.
Image preview in Outlook is disabled now in newer versions. Or should I say, Microsoft Outlook does not automatically display images anymore? But to make sure that it is indeed disabled, you can go to Outlook’s File > Options > Trust Center > Trust Center Settings. And then select Attachment Handling. Lastly, click Turn off Attachment Preview.
11. Think before you click a link or attachments from your email.
If it is good to be true then it is more likely not true! Even if we keep reminding ourselves not to click any links or open attachments from our emails, we still fail to heed this warning.
That’s why there are still users who became victims of phishing attacks. The attacker will create a crafty email message with either links or attachments – or both – which will ask you to open. Without realizing it, you are already handing over your data to these cyber criminals your information.
Worst of all, if it is malware and you accidentally open them without thinking, before you know it, your system has already been compromised.
So, you should not outright open any links or attachments. Scan them first for any malicious viruses or be vigilant to the links the email is asking you to open.
12. Be cautious when surfing.
When surfing the Internet, you should be careful when visiting a website – especially for those unfamiliar ones. Like phishing attacks on emails, there are websites that follow similar schemes. These phishing websites can steal personal, sensitive, and even financial information from you if you are not smart.
First, you need to make sure that the website is secure. A secured website usually uses HTTPS protocol and not HTTP. Also, if you have an antivirus, such as Norton, they often offer browser plugins that help protect you against these kinds of websites.
There you have it, these are the 12 work-from-home cybersecurity tips that we have gathered so far to help you avoid the risk of losing valuable data.
However, all of the guides we listed here and even the tools we recommended can become meaningless if the user is not doing their part. It takes two to tango. The keyword here is “be responsible” when working remotely to avoid being a victim of cybercrimes.
How about you? What other things do you do to protect yourself from cyber-attacks while working remotely?