4 Best Cybersecurity Practices For The WFH Crew
On the 2nd of December 2020, The UK became the first Western country to authorize the Covid-19 vaccine, marking an important pivotal moment in our global fight against the coronavirus.
While it is predicted that the coronavirus has changed the way we perceive things and how we work (including more and more people will start to consider the WFH option as it provides a more work-life balance), we realized the regulatory barriers to online tools will fall, according to Katherin Mangu-Ward, editor-in-chief of Reason magazine. Not everything can become virtual, in many aspects of our lives, making use of online tools has been slowed down by powerful legacy players; but we can’t deny the fact that the new technology has saved us big time during this critical time.
However, in order for us to get back to normal life, it takes time. Until such time, organizations around the world sent thousands of staff to work from their home offices in response to the outbreak. Tech giants like Google and Facebook employees were told that they could work from home until 2021. Remote working introduces a significant challenge for information security because the remote working environment is different from the office working environment.
When an employee is working at the company, they’re working behind the preventive security controls layer. While it is not perfect, it’s harder to make any cybersecurity mistakes when at the office. However, when computers are moving out of the perimeter as people are working remotely, new cyber risks arise for the company and additional security policies need to be issued.
In this article, we suggest some policy guidelines when your company’s employees are outside the office.
Avoid public Wi-Fi, use personal hotspots instead
Public Wi-fi is the first touchpoint introducing significant security risks and should be avoided if possible, especially when it comes to company confidential data.
If you have to access the internet from a public Wi-Fi location, there are two major problems you need to solve. First, you and all people who have access to the network without a firewall between, threat actors can pound away at your personal computers from across the room. Second, any observers on the same shared network as you hit between you and your workplace can keep tabs on your traffic as it goes by. It is essential to find a way to protect your computer and encrypt your traffic.
In order to solve this problem, you can use your personal hotspot from a dedicated device or from your phone. Although you might worry about internet data, and the web traffic that is encrypted between the hotspot (your phone) and its destination (your computer), using a personal hotspot can reduce the chance of getting hacked by others who are on the same network down to 1 percent.
You can pay a nominal fee for the capability to set up a private network, and of course, it will count against your data, but the cost of not being able to protect your information from cybercriminals is way too high.
Work data belongs to work computers
If you’re thinking about replying to a few emails at home before bed, don’t do it if you haven’t taken any precautions like using your work computer, secure WiFi or VPN, endpoint protection, etc.
It can be tempting to use your PC at home, but this is an underlying risk that no one thinks of. You might say to yourself, what’s the big deal with using my PC to reply to those emails? After all, I’ve never been attacked. Think of it again. Your own computer is not safe to store work information as it could be compromised by a third party. Therefore, by introducing a personal computer to a work network, even remotely, you’re putting your company networks at risk and accepting the potential legal responsibility of extensive damages via violations of policy and cybersecurity practices.
And if you take a closer look at any company’s policies, you’ll likely recognize that you’ll see a list of restrictions when it comes to cybersecurity. It’s always the best practice to store your business information on a business’s personal technology and use your work-issued only laptop for work-related business.
Block any curious sight
With the list of increased cyber threats, you can now add visual hacking to this list, as the name implies, visual hacking is when anyone looks at your screen to steal information. If you’re working at a coffee shop, pay attention to your sightlines. A right observational skills person could easily watch what you're doing and know exactly what your confidential information is.
A new study reveals that nine out of 10 attempts, a white hat hacker was able to visually hack sensitive information, including employee access and login credentials. Locations, where sensitive information assets were hacked, are computer screens (53 percent), vacant desks (29 percent), and surprisingly, print bins (9 percent), copiers (6 percent), fax machines (3 percent). Companies can be visually hacked in less than 15 minutes, and 70 percent of visual hacking was not stopped by employees.
A laptop privacy screen protector is what you should invest in. Also, reconsider open floor plans as it may pose a greater threat to an organization’s visual privacy.
Never leave devices or laptops in the car and lock the door
While this is more of physical security practice, this is what you should do!
In heavily regulated industries, like healthcare or finance, losing specific data leads to huge fines. If you or your colleague bring the work computer home or tend to work remotely, confidential corporate information could be at risk.
Prevention is better than cure, always keep your work computer insight, especially when traveling. The trunk of the car is not safe. You’ll never know if there is any criminal waiting for their next victim in the parking lot from afar. Putting valuable things in the trunk may be convenient in the short term, but why risk?
Side-note
While technologies and policies help us fight against cybercriminals, they must be reinforced and strictly complied with. Security awareness has to be raised no matter where we are working.
And if you need more advice, cybersecurity consulting services are there for you to reach out to. TP&P Technology is one of the top software companies in Vietnam that provides many digital transformation consulting services.
Contact us now to explore your options!
