Cyber-security tips for home workers

Ensuring a home working environment is ‘safe’ isn’t difficult. Peter Bailey shares the steps you can take to improve cyber security outside the office.

With the number of COVID-19 cases on the rise all over the world, New Zealand has announced social distancing measures to slow the anticipated spread of the pandemic. Although private businesses have not been given any orders to close, many employers are taking steps to protect their workforce by asking staff to work from home.

Corporate office workers who use laptops and smartphones for work will easily adjust to this change. However, when not under the watchful eye of colleagues or the IT department, it’s much easier to take a lax approach to cyber security.

With the current level of disruption abound your cyber security processes and policies are more important than ever. The last thing your business needs right now is to deal with the added stress of a security breach.

Ensuring a home working environment is ‘safe’ isn’t difficult. Here are some steps you can take to improve cyber security outside the office.

1. Reinforce the rules

Most established companies already have an information security policy in place. If remote working is in your business continuity plan, now is the time to review the policy and remind staff to stick to company security rules, even at home.

If you work in a small business and don’t have any form of information security policy in place, it’s best to get something sorted right away. If you’re not quite sure where to start, there are some useful online tools and guides specifically aimed at smaller businesses and start-ups. A good place to start is the CERT website.

2. Secure your home router

It may seem simple, but one thing people often forget to do is ensure their home router is secure. Routers are often a network weak point, since many people simply plug it in, leave it with the default password, and never think about it again. Instead, you should set a unique password, enable encryption and remember the device itself requires routine software updates. Either find out from your service provider how to log on to do regular updates yourself or arrange for them to perform updates and checks on an ongoing basis.

3. Prep laptops and smartphones

Whatever devices you use for work all need to be adequately protected and looked after. If you work for a company that has an IT department then get their help to make sure all laptops and smartphones are up to date. If not, at the very least aim to do the following:

• Passwords: Choose a unique password that’s difficult to guess. Contrary to previous advice, a password with varying capitals and numbers is not the most secure. Instead, choose a phrase or string of words, such as song lyrics.
• Auto-lock devices: Make sure all your devices are set to lock themselves if unattended, including your computer and your phone. Use the fingerprint sensor or facial recognition technology available on most modern devices, as these measures are effective and simple.
• Don’t mix business with pleasure: Don’t let family members, especially kids, use devices you use for work. In fact, you should try to have dedicated work and personal devices where practical.
• Avoid USBs: Avoid using USB drives, particularly if they are just lying around or you don’t know what’s on them. One corrupt USB can easily infect a device or an entire network. Save yourself the stress and avoid them altogether.

4. Back up, regularly!

With many individuals working away from the network, it’s more important than ever to make sure documents and files are safely backed up. A good option is to ask staff to use an automated backup solution that takes data offsite and stores it in the cloud. Try to use the same services as those already used within your company to backup files you’re working on, such as Office 365 or Google Drive.

5. Keep software updates in check

When it comes to identifying the source of data breaches, one of the biggest culprits is outdated software. It’s for this exact reason that any device used for work is configured for automatic updates or alert you when an update is available. Remember, companies issue updates for a reason, usually to address newly discovered vulnerabilities. As soon as an update becomes available, install it.

Make sure staff also understand why it’s important not to put off an update. While it may be a mild annoyance or disruption to update your device, falling victim to an attack that should have been prevented will be a much bigger one. While you’re at it, ensure all your devices have a reputable internet security package, including antivirus, installed and up to date. This is a basic, but entirely necessary, requirement for anyone who uses the internet.

6. Stay vigilant against ‘Covid-19’ scams

As many companies around the world adopt work from home policies, expect cyber criminals to try and capitalise on the opportunity to target workers with Covid-19 related scams. Some phishing emails may present as official communication from HR teams, health officials or other institutions purporting to share information related to the pandemic. While it may seem intuitive to follow the instructions, make sure to check the sender information before you act. Remind staff to use caution when receiving any request for log in details and think twice before they click links or download attachments. If you receive a strange email from a known contact or colleague, call the sender to verify the information.

7. Don’t be afraid to ask for help

If you’ve done all the above, you’ve taken reasonable and responsible precautions to minimise the risk of attack on you, your company, and potentially your customers. However, it’s important to remember no business is ever 100 per cent secure and cyber security requires an ‘always on’ approach.

If you think you have been breached, don’t keep it to yourself or try to solve the problem on your own. Alert the company you work for immediately and let them know what information or data might be compromised, or make sure you have an external security team who can get onto it as soon as possible. The faster a breach is identified, the faster it can be shut down, fixed and resolved.

Peter Bailey, is general manager at Aura Information Security.