Work remote, work secure
With more people working remotely, it is important to stay vigilant and follow best practices to keep you and your organization cyber safe.
Working securely from home
Here are some of the best practices for keeping your devices, and networks cyber safe while working from home:
Your home network is comprised of all the devices in your house that are connected to the internet. This includes laptops, smart phones, tablets as well as all smart (internet-enabled) devices.
If a threat actor gains access to one of the devices on your Wi-Fi network, all devices on that network can be compromised.
If you connect work devices to your home Wi-Fi, take steps to make your home network cyber secure.
There are two pieces of technology you need to address:
- Your modem, which connects you to the internet
- Your router, which distributes the internet connection to your devices
Most manufacturers configure a default administrator account with the same username and password for every piece of equipment they sell. This is different from simply connecting to the network. The administrator account grants you control over the device itself, and the Wi-Fi network configuration. With a bit of know-how, anyone connected to the router can guess its default credentials.
Change the default passwords that come with both your router and modem. Use strong passwords that are difficult to guess.
You should also change the default name of your Wi-Fi network to avoid a threat actor gaining easy access to your network.
Change the network name to something non-identifying (e.g. not your name or address) to add a layer of protection to your home network.
There are three types of Wi-Fi protection systems commonly used to secure transmissions. Encryption ensures that only the end user’s device and the Wi-Fi router can read the contents of a transmission.
It is recommended you use the strengthened version of encryption called WPA2 AES. This uses the industry standard AES cipher to very strongly protect transmissions.
To use WPA2 AES, change your Wi-Fi encryption setting in the router console/menu. Select the “PSK” option if more than one is available.
If WPA2 encryption with AES is not available, use WPA encryption.
The console of a router should only be accessible from devices connected to the local network. However, some standard router setting enables remote access. This setting means that you can access the console over the internet, from another location. Unfortunately, if you can do that, so can anyone else. Disable remote access or remote management in your router console/menu.
The router manufacturer should update the firmware for your device if any vulnerabilities are discovered. A trigger for firmware updates should be any news stories that mention major virus attacks. The outbreak of a serious attack will provoke the router manufacturer to check through its firmware code to make sure its equipment is not vulnerable to the new attack. If it is vulnerable, they will issue a security patch in the form of a firmware update. Check on the website of your router’s manufacturer whenever these news stories break or when prompted by the device itself.
Most modern wireless networking equipment can run a secondary guest network. Use this guest network for guests and smart devices. This will prevent access to your main network and keep potentially malware-infected guest systems from attacking and/or spreading malware to your own devices.
If possible, set up a separate network for your work devices. By creating a separate network for work devices, you keep your work devices, information, and the networks you access more secure.
You can use this feature to allow only approved devices to access your network while barring any other devices from connecting, even if they had the correct information to do so.
In addition to securing your home network, there are some important cyber hygiene practices you should utilize to work securely from home.
Stay away from public Wi-Fi
Do not use public computers or public/unsecured Wi-Fi for work purposes. If you must work in public, access internet via a hotspot from your work device.
If your organization has a virtual private network (VPN), this increases the security of your connection to your organization’s network and systems.
Don’t share your work devices
Your work devices are assigned to you for work purposes and are not meant to be shared. Don’t allow family, friends or guests to use your work devices.
Take care if using personal devices for work
If you use personal devices for work, limit those who can access the devices and ensure software is updated regularly.
Enable automatic updates
Enable automatic updates to ensure all patches and updates for your devices and software are installed.
Keep physical work documents secure
Don’t leave documents laying around. Ensure you have a secure location to store any hard copies.
Be mindful of your surroundings
If you work in a public place, install privacy screens on your monitor and other screens to prevent people (known as shoulder surfers) from looking at your work.
Be aware of home assistants
Smart home assistants, such as smart speakers, are always listening. Power down these devices or set the microphone option to mute if you’ll be discussing anything private or sensitive. Better yet, keep these devices out of your workspace.
Mobile device security
Mobile devices, such as laptops, smartphones, tablets, portable hard drives and USB keys contain sensitive or personal information. These devices are portable and convenient to use. However, their portability also makes them a security risk.
Here are some things you can do to use your mobile devices securely:
Protect your devices from loss or theft
Keep mobile devices secure. Do not leave them unattended in a vehicle.
Don’t store or transport high sensitivity information on mobile devices. If you must store or transport High Sensitivity information, ensure you have approval to do so, and the appropriate devices and security.
Protect your devices from malicious use
Avoid charging your phone on computers or devices that you do not control, such as hotel docking stations. Malicious software could be transferred when your device is connected.
Never connect an unknown storage device to your tablet or laptop. Any storage device that connects to a USB port could contain malware.
Use strong passwords
Protect your devices with strong passwords.
Set your device to lock automatically
A locked smartphone is less immediately useful to someone looking to access information.
Increase your security by limiting what information your smartphone collects and what it can do. Limit features that share your location and be aware of authorizing apps to access contacts, photos and files.
Use multi-factor authentication
Multi-factor authentication (MFA) is an enhanced form of security that requires two or more authentication factors to log into your account. A mobile phone with an authenticator app can be useful as “something you have” for providing a second authentication factor.
Use encryption when emailing or storing any sensitive information.
Get routine updates
Connect your devices to your work network regularly to ensure patches and updates are installed. Update your smartphone operating system and any applications (apps) when prompted.