Cybersecurity best practice for staff working from home
It’s called telecommuting. And one study two years ago by a Swiss office service provider found that 70 percent of professionals work away from the office at least one day a week. Over half (53 percent) work remotely for about half of their work weeks.
The current coronavirus pandemic has sent even more workers away from office cubicles and crowded service centers. Where IT techs in offices once looked after securing company firewalls for privacy and physical security, now a large number of workers need to become more security conscious in their new full-time work status at home.
Working from home on company or personal devices requires common sense security precautions. Along with those precautions, accessing the organization’s network and cloud infrastructure must be done securely. The best security, as we shall discuss below, is through a secure, encrypted VPN, and this is why we are recommending a U.S. VPN with servers located across the country.
First Things First — Obvious Security Precautions
Look After the Devices
Our office computing and communications devices — laptops, tablets, smartphones — can access enormous amounts of public and proprietary information. That information also can have landmines of personal information protected by law, with serious consequences in case of loss or compromise.
So, follow these simple physical security precautions to keep devices safe:
- Keep work and personal devices separate. Blending business transactions with personal business can lead to confusion and compromise. Paying personal bills and processing business invoices and work emails on the same device can lead to clutter and mix-ups. If separate devices are not available, consider setting up separate user accounts and email addresses for home and business.
- Shut down or lock devices when unattended or not in use. Don’t tempt roommates or family members by leaving work in progress open and unattended. Place the device to default to the sleep mode and set a secure password to reactivate the system. Don’t leave work devices laying around the home. Collect them each day and secure them out of plain sight.
- Protect mobile devices with secure passwords and timeouts when those devices have work-related emails and telephone records. Use the operating system’s hard drive encryption utility. If the computer is stolen, it will be difficult to access, and its hard drive will be impossible to clone without the encryption key.
- Practice good password hygiene. Never write down a password and tape it under a computer keyboard. Don’t use the same password for every device or to access to everything on line. Use a password manager to keep track of all those logins. They generate random, difficult-to-hack passwords.
- Check your router default password. The key to hacking into a home network is through the router. Routers come out of the box with a default user name and password. To add an extra layer of security, change the factory settings. See this TechRadar.com article “How to change your router password” for directions.
Be cybersecurity aware
Cybersecurity awareness at home isn’t radically different from workplace awareness. The problem is that those precautions are easy to forget in the more relaxed home environment without all those firewalls and vigilant IT people keeping workers safe.
Cyber crooks know that remote workers are a weak link when they are looking to infiltrate a company’s network. So, when working at home, pay attention to the following:
- Be aware of the computer operating system built-in safeguards and firewalls. Windows Defender, for example, is an integrated antimalware program that provides basic protection. In the leapfrog battle between hackers and fixers, however, it’s best to go with more frequently updated apps like Kaspersky or Bitdefender.
- Be especially suspicious of unsolicited emails, which are the primary source of phishing scams. According to Malwarebytes Labs, the coronavirus scare has generated a new generation of scams designed to steal information. Unsuspecting victims have been downloading a new Trojan.Corona that infects the user’s system with spyware.
- Keep a businesslike profile on social media. Overexposure throughout the workday rather than normally signing on during lunch hour to check friends and family on Facebook can be a signal flare to bad actors looking for victims. Social media is a shark tank for spam ads that circle when users give out personal information to adware and interest-based advertisers.
- Ensure the home Wi-Fi connection is secure. Home workers who use multiple devices have two options when it comes to installing a virtual private network (VPN): 1) set up a VPN on the home router; 2) install a VPN on individual devices. Opting for the home router solution is a bit more complicated, and could require upgrading and purchasing a VPN-compatible router. Use option 2 to install a VPN on every device for guaranteed protection when online outside the home office.
- Avoid unsecured public Wi-Fi. Whether on a coffee break at Starbucks or between flights in an airport, logging into free Wi-Fi in the open is a bad idea. It is like talking on an old-fashioned telephone party line. However, the nosey neighbors on public Wi-Fi are technically adept spies and hackers, who can do all sorts of mischief. Read more on how public Wi-Fi is a risk to business on this Inc.com article.
Why Home Workers Need VPN
A VPN secures the user’s web traffic. It is an encrypted “virtual tunnel” where the user’s internet traffic and location information are hidden from prying eyes. Essentially, the VPN broadcasts a fake “return address,” which keeps the user’s identity and location masked.
As the user exits the VPN server into a public website, the user’s data stays secure, provided the website has the letter “S” after the “HTTP” header on the web address. Even if the target site is subjected to surveillance, hackers have more difficulty tracing the user. The user’s data appears to emanate from a VPN server other than the user’s actual location.
3 Threat Scenarios That VPNs Protect Against
Safeguarding against Unsecured Public Wi-Fi Networks
As highlighted previously, many cybersecurity experts advise against using a public Wi-Fi network under any circumstances. The term “public” in this context is a synonym for “insecure.” A VPN can make the public network secure, because it encrypts the user’s connection. Even if the encrypted data is intercepted, it appears as unusable gibberish.
Bypassing Geo-blocking and Finding the Best Deals
Looking for the best deal for upcoming business travel? Some travel sites have higher ticket prices depending on the IP address of the traveler. Other businesses use geo-blocking to charge different prices for specific markets. Posing as a local shopper, a user can with a VPN do comparison shopping, often uncovering unscrupulous pricing tactics.
Thwarting Surveillance and Web Activity Tracking
A VPN defends against surveillance and tracking. It cannot, however, make a user completely invisible to technologically advanced agencies like the FBI and NSA, who employ powerful logarithms to detect patterns and usage. Nevertheless, VPN and the web HTTPS protocol have made mass surveillance far more difficult.
Also, a user’s own ISP has a stake in tracking its customers’ online business. ISPs are becoming big competitors in monetizing the big data that helped Google and Facebook emerge as leaders in web advertising and ecommerce. When an ISP bundles all that anonymous user data and sells it, they do it without the permission or knowledge of the user. The result is unwanted and annoying ads and bloated litter in everyone’s email in-boxes.
A VPN like Surfshark with a “no-log” feature hides the user’s net activity from the ISP. The ISP cannot disclose, sell or even respond to a court order for any user’s data protected by a VPN.
Working from home requires commonsense precautions that range from safeguarding devices to proper password security. Away from their workplace firewalls and IT experts, remote workers must be aware of security risk—scams, phishing, and unsecured home Wi-Fi connections.
An extra layer of security for home workers is through a VPN. VPNs provide a secure, encrypted connection, which masks the user’s location and thwarts online tracking. When away from home, a worker using a VPN can safely use free public Wi-Fi spots and avoid man-in-the-middle attacks.
A VPN also employs geo-blocking enabling the user to find local bargains not available to outside users. Finally, a VPN defeats ISP web tracking. With an encrypted VPN no-logs connection like Surfshark stands between the ISP and the user, the ISP cannot detect the user’s web activity.
Keywordsonline, web, internet, cybercrime, hacking, VPN, ISP, https, world wide web, net, web security, cyber, hack, hackers, encryption, encrypted, internet service provider, virtual private network, identity theft, online crime, crime, criminals, criminal, scam
TALK TO US
If you'd like to leave a comment (or a tip or a question) about this story with the editors, please email us. We also welcome letters to the editor for publication; you can do that by filling out our letters form and submitting it to the newsroom.