Although distributed teams are on the rise, some leaders refuse to accept remote working due to perceived risks of security. Employees accessing client data on public wi-fi at a coffee shop is the worst nightmare for a chief security officer. However, remote jobs have now become essential to live. In such situations, cybersecurity during work from home becomes a necessity. Companies need to find ways to allow flexibility in location while still safeguarding data.
While there is a lot that is done on an infrastructure level to keep consumer data secure, the fact is that data from your organization is just as secure as the weakest individual link. As long as we have our devices online, we are in danger. From tablets to kitchen appliances and home assistants, new products are coming online every day, with their manufacturers still lacking long-term support. Cybersecurity for remote workers has to be strengthened.
As per Have I Been Pwned (HIBP), over 130 million user accounts have been compromised across more than 400 sites for a total of over 9 billion times. While those figures seem overwhelming, they are scratching the surface. They miss threats that have never been identified or made public, targeted attacks and social manipulation in daily life. Only the tip of the iceberg is established.
This article would concentrate on the minimal cybersecurity measures for remote workers to safeguard the data of their organization (not to mention their own personal information). Although these protection measures are true for everyone, the cyber security measures for remote workers are extremely relevant since there are workers working just about everywhere in the world.
Cybersecurity work from home – Security checklist
Here is a security check list consisting of home cyber security, cybersecurity tips and relevant cyber security measures for remote workers –
Encryption helps avoid unauthorized access to your device’s files. It does so by encoding the information in a way that makes it impossible for unauthorized people to decode. It may be especially relevant in the event of a device being missing or stolen, as it helps prevent anyone from accessing your data without your password or pin. This is an important home cyber security measure that ensures the protection of your data.
Here is how to turn on the encryption on your device –
- Windows: Trigger BitLocker.
- MacOS: Switch FileVault on.
- Linux: Usage of dm-crypt, or anything similar.
- Android: Since Android 6, it is enabled by default. Do not use any previous version.
- iOS: Default enabled from iOS 8. Do not use any previous version.
2. Usage of compatible versions of the operating system on your device
This is one of the key cybersecurity tips. While operating system developers only support the last few major updates, security vulnerabilities are regularly discovered that affect any and all versions, whether supported or not. Unsupported versions do not get security fixes for reported bugs, which puts the data at risk. Ensuring that you are using a supported version, preferably the latest one, is critical to cybersecurity remote workers.
Here is how to do it as per your OS:
- Windows – Check the official website of Microsoft for guidelines on each version of Windows
- macOS: Apple is not transparent about its MacOS rules. The most recent version and two previous security patches are targeted. For example, if the latest version is macOS Catalina, then this means that it supports macOS High Sierra and newer versions.
- Linux: This supports most of the popular distributions.
- Android: The latest and last two big versions are targeted for security updates. For example, if the current version is Android 10, then this means supporting Android 8 and newer versions. In the case of Android, you do have to make sure your manufacturer/carrier seeds the periodic security updates to your device. You can get them every few months, at least. If not, consider updating your computer, or testing if LineageOS has official app support.
- iOS: Apple’s iOS strategy is not clear, either. The most recent upgrade and three previous security updates are targeted. For example, if the current version is iOS 13, this means supporting iOS 10 and newer versions.
3. Maintain up-to-date operating systems
This is a very important cybersecurity work from home measure. The average time from disclosure to the fixing of a security vulnerability is over two months. That is a significant exposure window even in the best-case scenario, and it is in the best interest not to prolong the cycle any further. You get the security patches as soon as possible, make sure that your computer has automatic updates turned on, and you install them regularly. Most modern devices have automatic updates allowed by default.
4. Hold an up-to-date software
The layer after the operating system, such as the browser or office suite, is the software on which it runs. This can be weak too. It is important to keep your software up-to-date for the same reasons that explain the necessity to update the operating system. Most modern software automatically checks for and applies or prompts updates. For all the others, make sure you regularly verify whether you are using the latest version.
5. Disable logging in automatically
Unattended computers are easy targets for prying eyes unless they are set up to make sure that you can control them, and only you. To this end, you will ensure that automatic authentication is disabled and that you need a password, pin, or biometric alternative when you turn them on or resume them from sleep. Remember that exchanging your password or pin with other people defeats the aim, so you have to keep it to yourself. Automatic authentication is turned off on most modern devices by default.
6. Enable the automatic lock feature
This is a crucial cybersecurity work from the home tip. You can lock it if you walk away from your laptop at your coworking space or at the coffee shop at which you work. Yet it is natural to make a mistake by forgetting to do so. Toa void this, there is an automatic locking feature to help secure your devices against accidental access. Make sure you set up an amount of time that is not unreasonably long but reasonable, such as 30 seconds for handheld devices, or 5 minutes for laptops. In most modern devices, the automatic lock is activated by default.
7. Using a pin or password on your devices that is difficult to guess
All of this precaution is at risk if you can easily guess the pin or password to your devices. Avoid something that is simple to do, such as repeating the same number (such as 00000000), sequences (such as 123456), and the like. Check out the popular password lists to make sure that you do not use anything that is easy to guess. In fact, do not even use something that is relevant to you, such as your date of birth, license plate, door number, and so on. A strong pin or password should look random to someone who is not you (ensure that you change your password immediately after you check this assumption).
8. Using a password administrator
Typically, you do not want anyone to know your passwords or keys, or be able to guess them. And if someone accesses one of them, you do not want them to access more than just one computer, app, or website. All your passwords and pins should be special, suitably difficult, and reset regularly to keep your data secure. It can be very difficult to handle manually. Password administrators deal with all this for you and thus, using a password administrator is essential to cybersecurity work from home. They help you create and remember good passwords and share them safely with family members or friends. Some also help you store confidential notes, credit card numbers, and other personal information. Some also encourage the adoption of two-factor authentication. Password managers automate a lot of the boring yet required grunt work around password hygiene and simplify that. A must-have, they must be used.
We advise Bitwarden. Its versatile feature-set for both free and paid plans, it being open-source and allowing users to run the application directly if they wish, and has undergone a security audit before its release makes it trustworthy. Moreover, with any common alternative available across various platforms, it is hard to go wrong. These alternatives also do not place restrictions on the number of devices or passwords that you can store, such as 1Password or LastPass.
9. Activate two-factor authentication and make use of an authenticator app
An essential cybersecurity work from home measure, two-factor authentication involves using two different factors in an app or site to check your identity. Your password is the first, and most popular. The second one can take several forms but is usually a one-time code. For the second factor, it is necessary to be conscious of safe and unsafe choices. SMS, for example, is a common alternative, but it has been shown to be vulnerable, to the point that governments are actively disapproving of it. Usage of an authenticator app such as Google Authenticator or Authy is best practice.
Despite this caveat, having allowed two-factor authentication significantly reduces the chances of fraud, data loss, or identity theft. An intruder just knowing your password will no longer claim to be you. He/She will also need access to whatever is bringing out your one-time codes, such as your authenticator app or security key. This is necessary for anything that holds confidential data, such as your password manager, email, online banking, file and document storage, and the like, to have two-factor authentication allowed. If in question, allow it. Better still, allow it everywhere.
Suggested Read: Remote work policy – What it is & how you can create one easily!
10. Enable the features of find my device and remote wipe
In certain cases, being able to locate and remotely wipe devices may be critical, for example when a device is lost or stolen. Wiping, in particular, makes getting to the data much more complicated, no matter how much patience or energy an attacker has. Without access to your device, you cannot activate this, so if you have not done it before, then it would be the best time to do so now.
Here is how to do it as per your OS:
- Windows: Activate in Settings > Update & Security > Find my device.
- macOS: Set up iCloud on your device. Activate from Settings > Your Name > iCloud > Find My Mac.
- Linux: Includes an application from third parties, but we have no clear recommendations.
- Android: Set up your device to have a Google account. Then, it will get enabled by default.
- iOS: Set up iCloud on your device. Activate from Settings > Your Name > iCloud > Find My iPhone/iPad.
11. Wipe any device to which you have access
Necessary for cybersecurity work from home, it is important to wipe any device off and reset it to factory settings when lending, giving, selling or trashing a computer. Doing so would prevent access to your data until you no longer have control over your computer, either temporarily or permanently. Note that wiping deletes all information on the computer before doing so. Back it up if you believe you are going to use it in the future or if you are uncertain.
Here is how to do it as per your OS:
- Windows: Follow the Microsoft guide. When prompted, pick Remove everything
- macOS: Follow the Apple guide
- Linux: Follow the Arch guide, and then reinstall your distro
- Android: Go to Settings > System > Reset options > Erase all data (factory reset)
- iOS: Follow the Apple guide
12. Using a VPN in public or untrusted networks
Very significant from the point of view of cybersecurity work from home, a VPN creates a stable, encrypted link over the Internet to another network and routes your traffic over it. Doing so significantly enhances your privacy and confidentiality online. It makes it incredibly difficult for your network attackers to snoop down on your traffic and intercept what you are doing. This also prevents websites from knowing your exact location, or your internet service provider from tracking your behaviour or using traffic shaping on your link. The list continues. If not unlawful in your country, ensure that you make use of a VPN in public networks or networks that you do not confide in such as those in coworking spaces, restaurants, coffee shops, airports, and the like. You are welcome to go one step further and to always use a VPN.
We advise the use of Mullvad. We like it for its openness and for its special presumption of privacy and protection. The company allows its users to stay fully anonymous except to them — they do not rely on email addresses and allow users to pay or mail money using cryptocurrencies. It also conducted a security audit and released it.
13. Using the best judgement you can
Sadly, privacy and security online do not come down to a predetermined set of guidelines. It can be situational with regard to protection and often, you will have to use your best judgment.
Examples include –
- Do not open attachments to emails unless you know the sender and trust him.
- Do not execute downloaded files, unless you are assured that their source is secret.
- Prefer applications from the official store or repositories of your provider, such as the Windows Store, Apple Store, or Google Play. Applications are undergoing a review process in these stores, which helps ensure that they are safe and have not been abused.
- Avoid browser plugins or other applications unless you are sure that their source is trustworthy.
- Never press browser or operating system alerts without thorough examination of them.
Factually, this last segment is more important than all of the others. Be mindful of how you use your tools, remain cautious and diligent and make the most of your decisions.
Ensure that these cybersecurity work from home measures are taken in order to ensure the protection of your data.