People are working from home a lot more than they usually do. With the coronavirus pandemic continuing to spread, it has become a rule that those who can work from home should do so. This helps mitigate the rapid expansion, as well as keeps many people safe; both yourself and those around you. This article will introduce you to another way of keeping people safe – the proper handling of cyber threats in the home office.
There are two things that we should keep in mind while working remotely. First of all, there are scams to watch out for. Those who are orchestrating the scams are using an array of schemes to con people into giving out personal information. Specifically, credit card information. Whether it be offering free Netflix subscriptions or an app that tracks who has the virus, scammers will try anything.
The second thing you need to be aware of is cyber threats. It’s quite clear that the home office is becoming a popular target for cybercrime. With millions of people working from home due to the COVID-19 outbreak, that means more are at risk. It’s important that they are vigilant about the security risks they are facing.
Why is the home office such an appealing target? Well, take a look at the technology. According to Pew Research, over 90% of the population owns a cell phone. Moreover, roughly three-quarters own a desktop computer or laptop. In addition, one can interpret a home office as an easy target because of security measures. Or lack thereof, because there’s little to no budget or time for them.
Security risks are always prevalent. However, home office networks nowadays are more complex than ever. At the same time, they are more vulnerable to intricate attacks than they appear. So, how do we deal with cyber threats in these trying times?
Weaknesses in the home office
The idea of remote offices are attractive to a lot of people, cyber-attackers included. The reason they are great targets is that they reside at the network edge. There are several cyber threats pertaining to offices that are remote and at home. These typically include security devices and programs with improper construction and a lack of proper network security solutions. Such solutions range from firewall, VPN, and IPS to protection for web and email.
Networks for remote and home offices tend to be vulnerable to the same attacks as business networks. Malware, ransomware, and even distributed denial of service (DDoS) are the typical culprits of this kind of network damage. Malware attacks usually come in the form of a computer virus or a worm. The delivery of the virus/worm is through a shared email or document.
Malware of the modern variety can spread and hide among files on a host computer. Oftentimes, this type of cyber threat will capitalize on specific holes in the security structure in an operating system or application. Alternatively, on systems with improper configuration. Ransomware also spreads like a virus or worm, though it hijacks a computer and demands payment prior to release.
For context, DDoS attacks are a branch from the standard ‘denial-of-service’ attacks. Many regard them as being one of the primary concerns relating to Internet security in this day and age. Its main intent is to shut down whatever the system or network may be, ultimately making it inaccessible for the users. It aims to completely overwhelm either the target or the infrastructure. In doing so, the attack effectively denies any legitimate users of the services or resources that they expect from the network.
Admittedly, DDoS attacks are not directly targeting a home office network. However, cybercriminals can covertly use compromised routers when conducting DDoS attacks. Or perhaps as part of a botnet they are renting that other nefarious actors pay to use them. Remote users who are unsuspecting participants don’t typically acknowledge the attack. This is mostly because there is very little impact on bandwidth resources.
Be that as it may, the effects of a DDoS attack have the potential to be widespread. In late 2016, there was a high-profile cybersecurity attack utilizing Internet-enabled cameras. With these cameras serving as launching pads for a DDoS, it would ultimately take down a number of websites. Some of which include Twitter, Pinterest, and Netflix. The main victim was the servers of the company, Dyn. They control a large portion of the Internet’s domain name system (DNS) infrastructure.
More often than now, home office routers are the entry point for a variety of cyber threats. Their passwords are usually rather weak, with many still using the factory settings and the “admin” user ID. Moreover, they sometimes use weak passwords that are easy to hack.
With cyber threats constantly looming over remote workers, this may seem like a difficult thing to avoid. There is good news, though. A lot of precautions can be taken to ensure that a home office is more cyber secure.
So, what do you have to do to keep yourself from becoming a victim of a cyber attack? For that matter, what are the key elements and ideal practices of a consistently secure remote or home office network?
One of the first things you need to do is get your hands on antivirus software and a firewall. Moreover, you need to make sure they are up-to-date. Antivirus software is readily available and actually quite easy to install. You can find solutions that derive from subscriptions online and you can download them. Some of the best programs automatically operate in the background and update themselves to provide protection against the latest threats. These include harmful downloads and various threats that are attachments to USB drivers. These programs also protect all the versions of every device currently on the network.
Firewalls add a whole other level of protection to your device. For a long time now, a majority of firewalls were too difficult or expensive for the average home user. Nowadays, however, there are stand-alone firewalls. These ones are very easy to use and are also cost-effective. Moreover, they can enhance any firewall mechanism that may already be in your PCs and laptops. And, to top it all off, they can include antivirus software.
A large number of remote and home office users currently lack visibility and control. That is to say, they lack clarity and authority over what’s occurring on their network. This is another critical element pertaining to the protection of what still are typically complex networks.
Protecting identifiable information
With all of that in mind, there is still the matter of protecting personally identifiable information and browsing history. To establish security for these particular things, the following tips will be helpful:
- Be sure to use HTTPS – HTTPS (HTTP over SSL). These can obscure the specific pages that someone is visiting.
- Always be distrustful of plugins. Oftentimes, they may be collecting your browser history and selling the data they uncover to third parties. Make sure that you review both the end-user license agreement (EULA) as well as permissions that the plugin demands.
- Make proper use of a virtual private network (VPN), which effectively creates a secure and encrypted tunnel. This tunnel exists between a device – or even an office location – and a private server that resides elsewhere. This will block anyone from being able to view or make changes to your Internet traffic. Admittedly, this won’t provide the utmost anonymity. Regardless, ISPs can still see the connection to whatever the VPN service is. What’s more, the browsing data will not be available for third parties to see.
Helpful tips for fighting cyber threats
Installing antivirus software is just one of several ways that you can protect yourself from cyber threats. There are still plenty of other ways in which you take initiative and deal with these annoyances. With that in mind, there are 12 important tips that could help you in the long-run.
Tip #1 – Use the latest pieces of safeguarding technology
We dedicated a whole section to this, but it is worth repeating because of its significance. For the best protection, install firewalls on devices, as well as anti-malware and antivirus software. Some examples of the best antivirus software include Kaspersky, Bitdefender, and Norton.
Tip #2 – Don’t ignore security updates of any kind
It is important that you stay safe, knowledgeable, and current. You can accomplish this by setting up automatic updates and patches for software and operating systems alike.
Tip #3 – Follow the guidelines of a Remote Work Policy
Do research and find out if your company or client has a Remote Work Policy. If they do have one, then you need to follow it.
Tip #4 – Avoid apps that are risky
It is crucial that you cut down the potential of an attack on your network and devices. You should remove any and all applications and services if there is no need for them. It would be unwise to download apps in an indiscriminate manner.
Tip #5 – Secure your networks
Establish user permissions on all devices. In doing so, only grant access permission to those who need to be tied to the network. Give the best protection to networks with the use of passphrases. Moreover, make sure that you change all default passwords on the devices and smart appliances that connect to the network. Remember that you must not write passphrases down for others to see, like on a sticky note. For that matter, you must not share them with anyone.
Tip #6 – Give your network the proper protection
Let’s assume that you have a popular network and you get a lot of visitors. In this particular case, it would be smart for you to set up a guest network. One that is completely separate from what you are using for work.
Tip #7 – Never, under any circumstances, use random USB drives or one that you found
By plugging in an unknown USB drive, you are running the risk of introducing malware to your device.
Tip #8 – Educate yourself on how to avoid phishing scams
If you see a link in an email, message, or on a social media site, don’t click on it right away. Take a moment to think about it before you click on any links. You can preview suspicious links by simply hovering over them to see the link address. Do not go any further if there is a misspelling or other irregularities. Furthermore, don’t go through with clicking on it if the link does not match the text.
Generally speaking, you should treat messages with generic-sounding greetings and attachments with skepticism. In the face of these messages, you should verify the legitimacy of these messages. You can do so by phone or in-person if necessary.
Tip #9 – Pause to think before you connect to public Wi-Fi
There will be times when you are working ‘out of office.’ During these situations, you shouldn’t connect to the public WiFi right off the bat. Instead, you should use a VPN if you are able to. Moreover, it would be smart for you to avoid engaging in any type of sensitive work. The same thing applies to if you are conducting any financial transactions. If you’re not too careful, you could potentially bring malware home.
Tip #10 – Take extra precautions during your downtime
Not even during your downtime should you let your guard down. Try not to over-share any information on social media. Hackers can take advantage of this and use the personal details you reveal online to help them commit fraud.
Tip #11 – Make sure to back up on a regular basis
When it comes to important data, you should back up it up as regularly as you can. This way, if you are a victim of ransomware, you will be able to get your files back. Moreover, you can do so without ever needing to pay for them.
Tip #12 – Make improvements to physical security
Take precautions in the environment around you. Make sure to lock your doors and store your laptops in secure drawers whenever you are not using them. Moreover, securely destroy any discarded confidential data (whether they be on paper, hard drives, or e-media). Have a professional service provider be the one to destroy it.