In recent months, the global COVID-19 epidemic has forced millions of employees to work from home. While some have experience working remotely in the past, for most working from home for months on end has been a first-time experience. Cyber attackers are at large exploiting this time of chaos and panic to deploy a variety of attacks, and with millions working from home, a plethora of additional vulnerabilities and attack options arise. In this article, we will recommend 10 tips for secure remote work from your home during COVID-19.
1. Make sure your programs and operating system are updated.
When vulnerabilities are exposed, especially OS and common program ones, they are usually quickly patched. The patches are deployed in new program updates, and many threat actors prey on people who have left themselves exposed to exploitation by fully updating their system. To protect yourself from these potential malware infections, make sure that all your programs are updated.
2. Protect your devices with a reliable anti-malware solution.
Another important step for malware protection is implementing a security solution that will keep you protected even when your device is outside the corporate network. Use a local antivirus program, and implement an endpoint security solution that acts as a firewall to block both inbound and outbound malicious traffic.
3. Secure your home network.
Home wi-fi networks, as opposed to corporate ones, are usually much easier to hack and there is no IT team to back them up. These networks often use weaker protocols, and most people do not change their default router password. To protect your network and devices from hackers, change your default router password if you have not already done so. In your router settings, you can also configure wi-fi encryption to keep your information safe.
4. Separate your work computer from personal devices.
Connecting your work computer to your home network can expose it to network hacking and worm-like malware that propagates laterally to multiple devices inside the network. Even if you are very careful, and are conscious of malicious websites and emails, other devices in the network may pose a risk to your own. Fake websites, game and content downloads, and more, can easily infect a family member or roommate's device. From there on, it can be a matter of time until your device is infected too. If you’re using your home network for remote work, do not make your device visible to other devices in the network. If you have to add it to the HomeGroup, then make sure the option to share files is off.
5. Use your organization’s VPN.
Connecting to your company’s corporate VPN can allow you the security of protected, encrypted connections to many different services. This separation from the home network adds another layer of protection from infected devices in your home network.
6. Isolate work from your personal life.
Working from home can open a door to bending the boundaries of corporate-personal life behavior. When handling work material, make sure you’re using your secure, IT-approved corporate platforms to avoid accidentally exposing sensitive company information. Stick with corporate services for e-mail, file-sharing and messaging. In addition, resist the temptation of using your work computer for personal use, as it can easily lead information mix-ups such as saving files in wrong locations, and also broadens the range of malicious destinations that your device will potentially attempt to visit.
7. Use secure settings for video conferencing.
Review security downsides of your video conferencing platform to become aware of its vulnerabilities, and understand how to use it as securely as possible. If you are using a local video conferencing software, make sure you’ve downloaded it from the original, trusted source. There are many websites offering legitimate conferencing software downloads bundled with malware, seeking to trick users. Make sure you can control who enters your sessions – use password protection, and consider using the waiting room function if one is available. Lastly, make sure you do not have sensitive information in view of your camera during video conferencing sessions (such as notes with passwords, personal information, etc.) and do not share screen shots or videos from your video conferences.
8. Lock your device before walking away.
A simple action that many take for granted can be the difference between information security and a malware infection. You may be thinking why you need to do this if only you and your family members or roommates are around, but remember that in many cases, malware infections come as a result of completely innocent actions. Maybe your child wants to quickly check something online about their favorite game, and one wrong click on your work computer can lead to an accidental malware download.
9. Use multi-factor authentication.
Many platforms and applications provide an option for multi-factor authentication, the most common being two-factor authentication (2FA). Passwords can easily be stolen and leaked, so make sure to opt for this option when it is offered, instead of relying on your password alone.
10. Be careful of Coronavirus-themed emails and websites.
During the COVID-19 epidemic, the cyber realm has seen an immense number of coronavirus-themed malware and phishing campaigns. Attackers are using fake emails to ignite panic, supposedly supply vital information or trick victims in to thinking they are getting some type of compensation, while they are actually installing malware or phishing for passwords, personal information and bank credentials.
In other cases, fake COVID-19 mobile applications and websites distribute malware and trick victims in to surrendering their sensitive information. Take extra caution when receiving emails mentioning COVID-19 or visiting unfamiliar websites referring to the pandemic. Pay attention to the URL, or in case of emails, to the sender, content, and check for grammar and spelling errors. If you would like to acquire information about Coronavirus, visit official websites directly, such as the official World Health Organization website.
Due to the impact of novel Coronavirus (COVID-19), ThreatSTOP is offering 3 months of MyDNS free, or until the stay at home orders expire. Whichever is longer. With the COVID-19 crisis comes an unprecedented transition to a work from home workforce, and a massive increase in cyber attacks. Because people need to work from home, we want to provide the cyber security protection they should have at work, for free.
Unlike other solutions that send all your data or DNS queries to their Cloud, creating privacy issues and potentially exposing critical company data to hacking and theft through man-in-the-middle attacks, our MyDNS puts a DNS Firewall enabled DNS server onto your device, keeping your traffic under your control and preventing DNS hijacking by enforcing DNSSEC.
Easy and quick to set up, no hardware, no contracts or obligations, and we're here to help.