But while working remotely can provide more flexibility and save people a long commute, it could also present a notable risk: leaving workers, and by extension their companies, more vulnerable to cyber attacks without the added security of a network of offices.
“The employee is phishing, which becomes the access point to compromise the network,” said Kiersten Todt, a former cybersecurity officer in the Obama administration and currently managing director of the Institute for Cyber Preparedness, who advises companies on how to protect your networks.
“We are seeing an absolute increase in phishing attempts and phishing breaches,” he added.
This is what employees and employers can do to make the WFH environment safer.
Update and update your devices
Many companies provide employees with separate devices for work, but not all. Anyone who now uses laptops or personal cell phones for work may be more vulnerable to cyber criminals, particularly if those devices are being used by multiple people around the house or for a combination of personal and professional tasks, according to Tom Patterson, director. trusted by the cybersecurity firm. Unisys
“A company is very careful to make sure that the computer on their desk is up to date and has the correct operating systems, the correct keys and everything,” he said. “No one is doing that to the old laptop he found in his closet that he is now setting up to make his Zoom calls.”
The first step is to make sure that even if you are using an older device or have separate working devices, you have installed the latest available software updates, so that your devices are equipped with the latest security patches.
Change your WiFi password
While many may know to periodically change passwords for social media accounts, email, and other online services, it is less common for people to do the same with their home WiFi networks.
And when in doubt, there is always the suggestion for technical support: turn it off and on again. Resetting your WiFi router is an even easier way to get rid of some basic types of malware, according to Patterson.
“Just unplug it, leave it unplugged for a few minutes, and let it restart,” he said. “That really eliminates a lot of things that had accumulated.”
If you have the means, it may be worth buying a new router and even a new laptop specifically for business purposes if you’re going to be telecommuting for the foreseeable future.
Turn off your work laptop
Most people (including this writer) don’t have a habit of turning off their devices at the end of the workday. But it is a simple way to be safer.
Turning your work laptop on and off can prevent viruses or malware from successfully inserting into your devices. That thwarts some types of malware that reside in a device’s memory and are cleared when it is turned off, Patterson said. It is also as simple as temporarily closing an “open line” for new attacks; Think of it like closing the door when you leave the house.
“Most people leave it on for days, weeks, or whatever, and only turn it off when something slows down,” Patterson said. “They just need to reboot, to get used to turning it off so that it doesn’t become a gateway for malware directly to your business.”
Todt recommends doing the same with your smartphone at the end of each business day.
“They are the biggest risk because we put a lot of information on our phone,” he said. “Therefore, an entertainment or social application that is not highly secure because it is not necessary can become an access to other things on your phone that need more security.”
Face recognition, fingerprint logins, and more
However, not only employees must implement safe practices. It is also up to companies to recognize new risks posed by a remote workforce and implement appropriate protections. With everyone working outside the office, unauthorized access to an employee’s laptop could mean access to the entire company.
“What companies cannot do is simply assume that employees will be as judicious about their home security as their head of office security has been,” said Patterson. “The old way of saying, ‘Once you’re in the building, you’re safe’ … that’s out the window, that’s not coming back.”
Many Businesses provide access to virtual private networks, or VPNs, that mask your Internet connection to ensure greater encryption and privacy. But Patterson cautions against leaning too heavily on VPN services if your company doesn’t specifically provide them. Many free VPN services can access your data on their servers before encrypting it, opening up another potential vulnerability.
Companies need to adopt more “zero trust” cybersecurity methods, he said, which means assuming that no device on the network is secure. Companies can equip their employees with additional security controls, such as multi-factor authentication, an external device code in addition to usernames and passwords, or even biometric logins, such as facial recognition or fingerprint scans, that people already use to protect their smartphones.
“I think the average domestic worker is already used to it. They already do it to get into some of their other apps,” said Patterson. “They just haven’t done it to get into their job applications, and that’s going to change this year.”