Work from Home Cybersecurity Tips
Before digging into some work-from-home cybersecurity tips, let’s set the stage to lend some perspective to this increased concern.
One of the offshoots of the pandemic has been the movement to a remote workforce. And that trend isn’t going anywhere soon. Upwork, for example, predicts that roughly 36 million employees will work remotely by 2025. Plus, 70% of companies plan to adopt a hybrid approach, according to a Mercer study.
Some Alarming Data About Remote Workers
Of greater significance, with the movement to WFH, cyberattacks have surged. KuppingerCole, for example, reports a 238% increase in global cyberattacks since the pandemic. Similarly, the FBI indicated that complaints jumped 300% following the pandemic.
Moreover, many organizations have still failed to take appropriate measures to secure remote workers. Equally alarming, remote employees seemingly take a laisse fare approach to cybersecurity, based on a report by HP Wolf Security, Blurred Lines & Blindspots.
Here are some key findings from that report:
- 70% of office workers admit to using their work devices for personal tasks.
- 69% use personal laptops or printers for work activities.
- Nearly one-third of remote workers let someone else use their work device.
- 33% of workers download more from the internet than before the pandemic. That figure increases to 60% for those aged 18-24.
- 27% of respondents use their work devices to play games more than before the pandemic.
- 36% use their work device for watching content using online streaming services. Those aged 18-24 to the tune of 60%.
- 40% of workers use their work devices for homework and online learning more than previously.
- 50% of office workers say they now see their work devices as personal devices.
Apart from workers, IT decision-makers (ITDMs) express concerns about the growing number of cyberattacks:
- 54% cited an increase in phishing.
- 56% witnessed an increase in web browser infections.
- 44% said compromised devices were used to infect the wider business.
- 45% saw a rise in printers as an attack point.
Needless to say, as cyberattacks increase and grow in sophistication, it becomes paramount that organizations address work from home cybersecurity.
10 Work From Home Cybersecurity Tips
Here’s your first work from home cybersecurity tip — securing remote workers requires a shift in organizational thinking. That shift starts in the C-suite and permeates the entire organization – from the IT department to each employee.
So, let’s look at some things your organization can do to improve work from home security. For starters, assume an attack will occur. Vulnerabilities routinely crop up with infrastructures, applications, and devices.
1. Keep Home and Work Devices Separate
Mobile devices, in particular, present a more substantial risk for a cyberattack. First, they’re more likely to get stolen. Second, you’re likely to connect from unprotected public networks.
As a result, that opens the door for hackers to exploit your device. Keeping your personal and work devices separate helps remove some of that threat. Always use a secure network when using your work device.
2. Secure Your Wi-Fi
Start by changing the default password for your Wi-Fi router. Then, change the wireless network name, excluding any personal information. Finally, make sure you use a strong password.
In addition to the above, consider enabling network encryption and stay on top of any security updates and patches to enhance your security posture.
Finally, don’t use public Wi-Fi for work access as it’s a haven for malicious agents. Only work from a secure, adequately protected home Wi-Fi network.
3. Virtual Private Network
As an employer, put a VPN in place. It encrypts internet traffic and disguises a user’s identity and IP address. That combination makes it more difficult for cybercriminals to hack your network. You can give employees VPN devices or subscribe to a software service.
However, keep in mind that a virtual private network serves only as a single layer of defense. In addition, a VPN might have its own set of vulnerabilities. Plus, a VPN offers no resistance to phishing.
4. Install Security Software
Regardless of whether it’s a personal or work device, make sure it has updated security software, including antivirus software. In addition, pay attention to any software updates to ensure against the latest threats. And remember, you can configure devices to handle updates automatically.
5. Don’t Short-cut Passwords
Using strong passwords is security 101. Yet, many employees overlook this most basic cybersecurity best practice. For instance, 66% of people use the same password across multiple accounts. In addition, only 34% of people change their passwords routinely.
But here’s a real shocker – 42% of organizations rely on sticky notes for password management.
Passwords should include at least 12 characters, symbols, numbers, and different cases. As an organization, you should have and enforce a password policy. That said, roughly two-thirds of companies have a password policy. Sadly, only one-third strictly enforce it.
6. Multi-Factor Authentication
You’ve likely read this before – MFA blocks mover than 99.9% of compromise attacks, according to Microsoft. MFA adds a layer of defense by adding another step to the log-in process. So, even if a hacker pilfers your username and password, they need a single-use code to breach your account.
Companies, for example, should deploy MFA on their employee portal. You can use an authenticator application like Google Authenticator. As a result, you’ll get a push notification on your time when logging into your work account.
One of today’s best practices involves least privilege access that blocks access by default. Users only receive access for specific accounts requiring it.
7. Secure Confidential Files
When employees work remotely, securing sensitive data becomes even more essential. So, always use access control and encryption. And don’t allow employees to download copies of the data, notably if your business deals with compliance regulations.
If you allow employees to download data, you should establish policies on who can do so and how.
8. Keep Devices Locked and Tracked
Lock your device after a certain amount of activity. When you lock your device, it safeguards data if your device gets stolen or if someone attempts to access your device when you’re not present. You should also turn location tracking to find your device if it’s stolen or lost.
When you lock a device, you’ll need to enter a numeric code or password to unlock it. You can also set up devices to swipe a pattern, provide a fingerprint, or recognize your face. Regardless of the route, you’ll make it more difficult for someone to access information from your device.
9. Guard Against Phishing
Verizon reports that 25% of all data breaches involve phishing. In addition, 85% involve a human element.
Phishing emails contain malicious software that allows hackers to seize control of your computer to access sensitive files and financial data. So, you must train your employees to spot a phishing attack.
Unfortunately, according to a survey by Kenna Security, 31% of companies fail to offer cyber awareness training to their employees. Sadly, that same survey indicates 61% of employees receiving training still fail a basic cybersecurity quiz.
It’s up to organizations to insist on good cyber hygiene – and enforce it.
10. Establish Remote Work Policies
Relating to the point above, don’t assume your employees practice good cyber hygiene. As an owner, executive, or IT leader, it’s up to you to establish clear rules that govern how your employees work remotely. Equally important, it’s up to you to communicate and keep workers abreast of new policies.
Those policies should detail
- How employees use personal devices when working remotely, and even if employees can use those devices
- What data can employees access and download to devices
- What software and application can employees install on their devices
- How employees should report attacks when working from home
As an employee, it’s up to you to stay current with those guidelines. For example, if your copy offers a VPN, make sure you use it properly. In addition, if you receive a sketchy email, talk to someone to help you confirm whether it’s a phishing attempt or a legitimate email.
One Final Work From Home Cybersecurity Tip
All it takes is a single malware attack, and you could lose everything you’ve worked on, including documents, files, reports, and more. It may seem obvious, but always back up. You have numerous options for cloud services that will provide appropriate backups to protect against data loss.
One more thing – it also pays to have a trustworthy cybersecurity company near you in your back pocket that you can rely on for IT support. IntermixIT is just that.
Our IT company offers IT services of all types, specifically designed to support SMBs in Harrisburg, York, Lancaster, Lebanon, Reading, and the surrounding area. So, get in touch. We’ll help secure your remote workers to prevent unwanted cyberattacks.
Get a free IT Risk Assessment now as one final entry to our work from home cybersecurity tips. It uncovers sensitive data open to cybercriminals. Contact us today to get one scheduled.