Since COVID-19 became a global pandemic and steps were put in place to contain its spread, more and more people have been forced to work from home. This transition requires many changes in how individuals and organizations operate and communicate, especially in terms of using computers, personal devices, and specific software that enables remote work.
At the same time, cybercriminals recognize that attacking home users is much easier as they are typically less secured outside their office, where security policies and measures are enforced (at least at some level). Yet to do their jobs, these remote workers need to connect to various servers and access and create confidential, sensitive documents and data from their less-secure home office environment.
The risk of losing important data or being compromised becomes much greater at home. That is why every remote worker should be prepared to secure his remote workspace. Here are five recommendations for securing a home office.
1. Use a VPN
Whether you are connecting remotely to company resources and services, or you are just browsing web resources and using telecommunication tools, use a Virtual Private Network (VPN). VPNs encrypt all of your online traffic to prevent hackers from capturing your data in transit.
If your company has a VPN practice, you most likely will get instructions from your admin. If you have to secure your working place yourself, use a well-known, recommended VPN app and service – they are widely available in different software marketplaces or directly from vendors.
2. Be wary of phishing attempts
As a topic, COVID-19 is already being widely used in all types of phishing attempts – and the number of such malicious activities will only grow. Every remote worker needs to prepare for the increase in phishing attempts by understanding and recognizing the threat.
Themed phishing and malicious websites appear in large numbers every single day. These typically can be filtered out on a browser level, but if you have a cyber protection solution installed on your work laptop, you are also secured by dedicated URL filtering. Of course, those malicious links have to come from somewhere, and they are typically delivered in instant messages, emails, forum posts, etc. Do not click any links you don’t need to click on, and always avoid those that you did not expect to receive. These attacks also use malicious attachments to emails, so always check where an email really comes from and ask yourself if you were expecting it or not. Before you open any attachment, be sure to scan it with your anti-malware solution.
It also helps to remember that the information you really want regarding COVID-19 or similar pandemics can be found from official sources like the World Health Organization (WHO), your national ministry of health, and local government agencies. Refer to those official agencies rather than opening links or emails from unknown sources.
3. Be sure to have a good anti-malware solution up and running properly
Having a good anti-malware solution installed is a must nowadays. Simply having an anti-malware defense in place is not enough, however. It should be configured properly, which means:
• full malware scan should be performed at least once a day
• get updates daily or hourly, depends how often they are available
• the product should be connected to cloud detection mechanisms, to be sure that the internet is available and not accidentally blocked by anti-malware software.
• on-demand and on-access (real-time) scans should be enabled and adjusted for every new software installed or executed.
• it is also important that you do not ignore messages coming from your anti-malware solution; read these carefully and, if you use a paid version from a security vendor, be sure that the license is active.
4. Patch your OS and apps
Keeping your operating system (OS) up to date is crucial, as a lot of attacks succeed due to unpatched vulnerabilities. Vulnerability assessment and patch management functionalities track identified vulnerabilities and released patches, to easily patch all endpoints with a flexible configuration and detailed reporting.
Be sure to patch high-risk vulnerabilities first and use success reports to confirm that patches were applied properly.
As a minimum, you need to be sure that your OS gets all the updates it needs and that they are quickly installed – users tend to ignore system messages, especially when the OS asks for a restart. Ignoring these requests is a big mistake.
Also, be sure that auto-updates to popular software vendors like Adobe are enabled and such apps are updated promptly.
5. Keep your passwords and workspace to yourself
While this step has been mentioned many times as the top piece of security advice, during the response to COVID-19 it is doubly important to ensure your passwords are strong and known only to you. Never share passwords with anyone and use different and long passwords for every service you use. Password management software makes this easier. Otherwise, an effective approach is to create a set of long phrases you can remember and apply multi-factor authentication where possible.
Also, even while working from home, do not forget to lock your laptop or desktop and limit access to it. There are many cases where people can access sensitive information on a non-locked PC from a distance. Don’t assume you are protected simply because you are not inviting anyone you don’t know or trust into your home office.