For those who will continue working from home after COVID, this post about cybersecurity practices is one you can’t miss.
Even as we emerge from the health crisis of 2020, the face of work has changed. Companies are beginning to entertain a more permanent stance of remote work. From a cybersecurity standpoint, we have learned quite a bit about how bad actors try to break into companies and steal vital information or plant ransomware or malware. Remote workers will always be a target because the home network does not have the level of security that the office network does.
Additionally, without processes in place to extend content creation or work product storage from remote PCs to servers that can be backed up, the risk of employee-led data breaches can become more damaging.
For now, here is what you and your employees can do to raise the cybersecurity bar if you work from home.
Minimum Cybersecurity Standards for Securely Working from Home
To ensure your new work environment is secure when accessing company systems, data, networks, we’ve put together some guidance:
- Modern Operating System: You should use a company-managed workstation or a personal device with a supported operating system (OS).
- Patched Operating Systems: You must be current on OS upgrades and patches (no more than 30 days since last patch application) for any workstation from which you conduct business.
- Patched Browser: You must use a vendor-supported and fully patched browser.
- Current and Enabled Antivirus: You must have Antivirus installed and operational on any workstation.
Additional Cybersecurity Guidance for Securely Working from Home
As for email and web security, focus on remaining vigilant while reading emails, messages, web browsing. Additionally, be aware of common phishing techniques. (We cover some of them in this post.)
It’s also important to heighten your caution while engaging with health-based content. In these challenging times, please only seek information on the health crisis from well-known, reputable websites such as the World Health Organization, CDC, or other government websites.
As for networking and cybersecurity when you work from home, here are some additional tips:
- Stay connected to a VPN Client when working from any laptop or desktop, as additional security protections have been added to prevent malicious attacks.
- Avoid public network access points (i.e., coffee shop WiFi) and stay on your home network anytime possible.
- Confirm in your wireless router or cable modem that your home WiFi is secured, with WPA2 or WPA3. Ensure insecure features like UPnP are disabled and default logins to IoT devices (smart doorbells, wireless cameras, robot vacuums, thermostats, etc) are changed.
- Authentication Security: Protect personal accounts with two-factor authentication, staying vigilant with interactions on online platforms. Use strong passwords and a Password Manager.
- Data Security: Work on documents within company-provided cloud applications to make sure data is safe and being backed up. Don’t store company data on personal devices or your computer’s hard drive.
- General Security: Lock your personal computer when walking away from it (Win+L on Windows or Command+Control+Q on Mac).
(You might also consider VoIP. We discuss that option in this post.)
Things to Avoid While Working from Home
Now, here are some cybersecurity practices not to follow:
- Using unsupported communication platforms to conduct business.
- Leaving your business accounts logged in on a shared system(s). Instead, log out completely when you have finished your work.
- Using your personal email(s)/accounts to conduct business.
- Connecting unknown and untrusted devices (USB sticks, peripherals, etc.) to workstations with access to company networks and system(s).
- Installing unknown or untrusted software that may put your workstations at risk (unsupported remote desktop, etc.).
- Waiting to report any adverse events or suspicious activity identified with workstations to your MSP.
- Using file sharing (P2P), and other high-risk applications on workstations that have access to company services, systems or data.
We are here to help ensure your cybersecurity systems are up to par whether you work remotely or not.
Click here to learn about our cybersecurity services and what they can do for you.