Сyber Security for Working from Home: How to Minimize Risks?

The unprecedented shift to remote work has both positive and negative aspects. On the one hand, working from home gives greater flexibility and allows companies to adapt to changing conditions quickly. On the other hand, it's followed by serious security risks. 

As digital workspace comes with its own set of challenges, it's important to provide the business community with educational resources and support. For this reason, we've pulled together this list of 8 tips to fortify home cybersecurity. 

Online Security Threats for Remote Workers

In the spirit of never letting a change go to waste, organizations should redefine how they are operating. We recommend training staff on the implications of working from home and cybersecurity as early as possible. Particularly, inform them of what has become the new cyber normal:

• An increasing number of cyberattacks since the shift to remote work

• Changing attack vectors and exploitation of vulnerabilities in home devices

• Multi-stress environment and distracted workforces

These are the main reasons why maintaining good online hygiene is crucial. Luckily, this isn't a very complicated venture. While there are no silver bullets, these simple habits and one-off actions can draw the line between malicious hacks and your online safety.

1. Keep Your Personal Devices Safe

How does cybersecurity work in a home setting? Most importantly, it starts with securing any device that has access to your corporate network or sensitive data. This point also includes mobile devices, especially considering the likelihood of them being misplaced or stolen. 

The first layer of protection, of course, should be strong passwords - a minimum of 12 characters, numbers, symbols, not using dictionary words, etc. However, relying on passwords alone carries significant risks.

Next, enable two-factor authentication (2FA) and two-step verification (2SV). The usual types of confirmation include a security code on your email, phone, or through the authenticator app that you'll then need to plug in to gain access. An even more robust method is biometric authentication through fingerprints or facial recognition - this eliminates the possibility of losing or forgetting authorized user's credentials.

2. Keep Your VPN Turned On

The primary roles of a virtual private network (VPN) are to create a tunnel for encrypted data, establish a connection from anywhere, and elude unwanted advertisements. So, by accessing a server in another location, you mitigate the pitfalls of whatever service provider you're using at home.

Important parameters in a VPN solution include:

• Device compatibility 

• Protocol support

• Number of servers

• Location coverage 

• Speed of access

VPNs that cater to organizations can provide an enhanced level of security and arguably better speed and reliability. But, remember VPNs ultimately serve privacy purposes rather than remote access protection. 

3. Beware of Phishing Emails

Social engineering attacks, such as phishing, are extremely common. Moreover, they are increasing in sophistication - it's not only the obvious "You are the winner of our promotional contest." In this regard, phishing awareness is vital to organizations considering cybersecurity and work from home.

Do not click on any email or links/attachments inside (at home or anywhere else) if it has any of the following features:

• Incorrect dates, misspellings in the message or domain

• Gaps and spaces in the subject or in the body of the email

• Request for credentials, payment information, or other personal details

• Unusual requests, threats, or a sense of urgency

4. Avoid Public Wi-Fi

Some remote workers like to "spice up" their day by going to their nearest coffee place. Needless to say, using Wi-Fi at such locations is risky.

Free Wi-Fi hotspots require no authentication to establish a network connection. This means hackers can easily position themselves between you and the connection point. Whatever information you will be sending through your device will be sent directly to the hacker. 

If attackers manage to access your device and install malware, important emails, credit card data, and even security credentials to your business network will be at their disposal. If you absolutely have to use public Wi-Fi, use VPN, SSL connections, turn off sharing and disconnect as soon as you don't need it.

5. Keep Work Data on Work Computers

Home cybersecurity is always a step behind what an organization can achieve with an efficient IT team. Some activities may be transparent to employees, but it's still hard to maintain the same security protocols with your personal computer as are mandatory at work. All in all, work computers tend to have advanced technical controls. 

So, instead of introducing a personal computer to a work network, either request a separate computer to take with you or consider working remotely on corporate computers. It may not be as convenient as using your own device but prevents extensive corporate damages.

6. Install Antivirus Software

A good antivirus program ensures security from:

• browser hijackers

• worms 

• backdoors

• infected and malicious URLs

• spam

• malicious BHOs and LSPs

• keyloggers

• adware

Ideally, you want the antivirus software to be centrally managed. Meaning, remote workplaces need to purchase and install enterprise-grade, commercial solutions. If it's not viable, workers still need to be individually instructed on what specific solution should be installed.

7. Secure Your Home Router

The cybersecurity issue becomes even more prevalent today due to the wide use of devices connecting to your home network. This includes internet-of-things products like cameras, Roombas, thermostats, light switches, etc. Like any other software or equipment, routers can contain vulnerabilities that can be exploited by malicious parties. 

In most cases, home routers don't have the auto-update feature, meaning it won't automatically install the latest patches. In addition to keeping your router up to date, rotate your Wi-Fi password and remove unnecessary connected devices.

8. Keep Backups

Switching to remote doesn't mean sacrificing all the established practices for data migration and synchronization. Stick to the backup and disaster recovery (BDR) established in your company or even reinforce it, considering the new conditions. 

For the security of your most critical data, we recommend following the 3-2-1 backup rule: 

• 3 copies of your data (local but on different mediums, such as internal drive)

• 2 backup copies at 2 different locations (external drive, NAS/Network drives)

• 1 backup offsite (cloud, FTP)

Let's say the probability of data failure is 1/100. If the data is on a second device as well, it drops to 1/1,000. With a third location, the probability is 1/1,000,000.

Main Takeaways for Secure Work from Home

Picture a regular person using their home computer for personal reasons. Unless they are very educated on the topic of cybercrime, they make common mistakes of reusing passwords, ignoring software patches, replying to unsolicited emails, etc. When switching to remote work, these habits won't do. 

With that in mind, by implementing a strict regime for cybersecurity work from home, organizations can ensure comprehensive protection in the following areas:

• Economic impact (intellectual property, corporate information, customer data)

• Reputational impact (consumer trust, media coverage, existing and potential customers)

• Regulatory impact (confidentiality, law compliance)

Practices that we described in this article can mitigate the majority of the most common vectors for cybersecurity attacks. Therefore, keep them in mind every time you start a new working day from home.