USE A GOOD PASSWORD MANAGER
Don’t share logins and passwords unless you absolutely have to. And if you have to, then it’s time to invest in a password manager for your team or company. Tools like 1Password make sharing large amounts of secure data easy, and help secure your teams even more.
USE MULTI-FACTOR AUTHENTICATION (MFA)
Authentication is the process by which a computer validates the identity of a user (i.e. username and password). Two-factor authentication (2FA) commonly combines a password with a phonebased authentication factor. However, there are shortcomings with 2FA, as hackers can bypass wireless carriers, intercept or redirect SMS codes, and easily compromise credentials. Multifactor authentication is more secure as it adds an additional layer of protection. Instead of just asking for a username and password, MFA requires additional credentials, such as a code from the user’s smartphone, the answer to a security question, a fingerprint, or facial recognition.
DISCONNECT FROM THE COMPANY VPN WHEN NOT IN USE
Leaving your corporate connections open can increase the likelihood that if you’re breached, it will extend past your machine and into your company network. Also, in a time where many more people are connecting via these services, it’ll give your IT team a little more room to breathe.
SECURE YOUR HOME ROUTER
It is essential to ensure your home Wi-fi router is up to date. Search the name of your router, and the words “breach” or “security issue” and see if yours is on the list. Most of these can be fixed by doing a simple software update. If your network equipment is no longer being updated by the manufacturer, chances of vulnerabilities increase over time. It is also important to use a strong password. Make sure you’ve modified the default administrator password on your router and other network equipment. Ensure your wireless networks are using WPA2 security or higher. And, separate guest devices onto a separate wireless network isolated from your personal devices if you can.
DON’T SHARE YOUR ONLINE MEETING IDS OR MEETING URLS ON SOCIAL MEDIA.
Online meetings are increasingly productive tools that allow people to work from anywhere, not just the office. But they come with a caveat: Sharing the meeting ID or URL can allow people to drop in and listen to sensitive conversations, record your voice or video, and infiltrate your new virtual workplace. Some meeting tools allow you to limit meetings to only people in your organisation or add a password, but not all do, especially if you’re a small business and make use of basic consumer videoconferencing tools.
BE EVEN MORE PARANOID OF PHISHING AND OTHER SCAMS.
If something looks suspicious, don’t click or act on it. Email scams related to Covid-19 are already on the rise, and the U.S. The Department of Health and Human Services recently announced that they have fallen victim to a cyber attack that involved a Covid-19 misinformation campaign that quickly spread via text, email and social media. In general, never share personal or financial information via email if you weren’t expecting it. If you get such a request, it’s best to call or video conference the individual directly to confirm.
EXPECT CRIMINALS TO TRY AND TAKE ADVANTAGE OF THE INCREASED DISTANCES IN OUR WORKPLACES
Often a lot of the checks and balances around things like financial requests and last minute invites to meetings or other services are done in person. Now that they might happen via email, text or WhatsApp, be extra diligent about checking who is sending them. Phishers are going to take advantage of the lack of processes that are in place. If you get a request via email or messaging services, always try and verify outside of the initiated chain of request. For example if you get a request from your CEO to refund a customer to a new bank account, instead of replying to that thread to confirm, message them in a new email, or via a different medium (call/instant messaging etc) to verify the request. For large transactions, always have another person on your team double check the request and your work as well for safety.
AVOID INSTALLING NEW APPS WITHOUT PERMISSION FROM IT
Some apps may be harmless, but installing more apps onto your work device can raise cause for concern. Employees working from home may create or take into use new software tools and services that won’t be as thoroughly tested and protected as the tools they normally use, posing greater risk for the corporate network.
DON’T MIX PERSONAL AND WORKRELATED INTERNET BROWSING
Many digital tools and services today are web or cloud-based, i.e., accessible directly from a browser. And when you’re working from home, it’s very easy to start mixing work and personal browsing. If your browser supports it, maintain separate work and personal profile sessions. Or better yet, use two different browsers for work and personal browsing, so you will not accidentally mix them up. Lock your laptop.
LOCK YOUR LAPTOP
When we’re at work, oftentimes we get really good at locking our laptops when we walk away from them, but at home we leave them unlocked, and it’s a bad habit to get into. It makes it more likely to fall into this habit when you do get back to work in the office.
Text Contributed by Aaron Zander, Head of IT at HackerOne