In view of the recent directive for organizations to activate their business continuity plan (BCP) protocols, most organizations are requiring employees to work from home (WFH). Remote working creates additional opportunities for cyber threat actors to perform malicious cyber activities by exploring open vulnerabilities in less secured networks, thus gaining access to users’ data or the organization's network.
Below are some security measures that can be applied:
- • Use a corporate laptop for work
Avoid using your personal computer as it may have limited security controls in place. But if you have to, then manage the control settings as securely as possible. Make sure it is password-protected and never leave it unattended.
- • Use official communication channels
Confidential information must only be shared with selected individuals and be sent through proper channels.
- • Manage your activities
Do not mix work and personal activities on the same device, and never allow other members of your household to have access to your dedicated work equipment.
- • Use secure connections
Use organization-designated VPNs and avoid free, public Wi-Fi. If VPN is not available, make sure all communications are done via encrypted email or PGP encryption.
- • Protect your home network
Secure your router. Change the default name and password, update the firmware and turn on encryption (WPA2 or WPA3).
- • Update all software
Update and install patches for your operating system and software/programs immediately to reduce malware infection. Set it to update automatically. Remove unnecessary or seldom used programs if possible.
- • Strengthen passwords
Make sure your passwords are long, strong and unique. Use at least 8 characters with a combination of numbers, symbols, upper and lowercase letters, and never reuse your password for multiple accounts.
- • Use antivirus and internet security software
Protect your devices against cyber threats by installing a comprehensive antivirus. Ensure your antivirus is fully updated at all times to detect and block malware.
- • Don't copy or run software from non-trusted sources
Some malware are distributed through torrent and "Crack or Keygen" software which can’t be updated and will make your device more vulnerable.
- • Beware of phishing scams
Cyber criminals send deceptive emails with dangerous links to employees. The email messages may appear to come from company officials and might ask you to open a link. Clicking on the attachment or embedded link will likely download malware onto your device or leak personal data.
- • Consider multi-factor authentication
Traditional user login and passwords are easy for cyber criminals to crack. Multi-factor authentication adds a layer of security to an online account, electronic device or computer network from being access by unauthorized users.
- • Secure your files
Remember to periodically back up your data. Store files in two different storage locations, with at least one copy located offsite e.g. external hard disk. Having data backups will help prepare you in case of a ransomware attack. Make sure to securely store paper-based files and documents too.
- • Mute the microphone and cover your webcam
After teleconferencing, make sure to mute the microphone and cover the webcam.
- • Secure your device
Lock the screen or enable screensaver mode if you are taking a break, and don’t forget to shut down your machine at the end of the day.
- • Be vigilant to COVID-19 themed cyber threats
Be very suspicious of emails from people you don't recognize, especially if it requires you to download a file or click a link. If you receive an email sent from someone you know but asking for something unusual, verify it with that person over the phone. Make a habit of verifying via other channels if you receive an email with urgency.
- • Think before you post
Be careful what information you share with others. Make sure to verify the information with the relevant sources.