The risk of losing all your personal and work-related information and of infecting the entire company in the event you're working from home, but connected to business networks and systems, is greater, exacerbated by the covid-19 pandemic. Experts warn of a series of hazards that need to be managed to ensure working from home is secure and obstacle-free.
Cyber security at home should be just as important as at the office. Cyber threats have not been quarantined and, therefore, guaranteeing the protection of home networks and access equipment is vital. As such, you should always remember that applications and content of an unknown or peer-to-peer origin should never be used, and untrustworthy sites should be avoided. Opening messages or files from unknown or insecure sources should also be shunned. “As far as cybercriminals are concerned, any context is worth targeting – even personal e-mails – and we now need to take even greater precautions due to the fact there are no colleagues at hand to ask if we're dealing with a fraudulent e-mail”, warns Ivan Mateos, a sales engineer at Sophos Iberia, a company specialising in cybersecurity. Never clicking on a link or e-mail attachment you haven't requested is another of his tips. “Particularly as the current scenario enables attackers to be highly convincing”, he adds.
In order to ensure the security of all our equipment, we mustn't forget to keep our anti-virus software updated, in addition to other protection tools on the internet. A piece of equipment or an application with disabled security patches is a potential point of entry for a cybercriminal.
“The current scenario enables attackers to be highly convincing”
It is also essential that passwords are secure and changed on a regular basis, and that personal data is not sent under any circumstances whatsoever, even if the source appears to be reliable. In the opinion of Ivan Mateos, although this is a well-known recommendation, it is now even more crucial. “Distance working involves taking the office home with you, so the connection used to handle confidential information needs to be as secure as possible”. The Sophos specialist also points out that distance working means the devices being used become part of the company's network, and, as such, devices should be locked automatically and passwords shouldn't be shared with the rest of the family. “We don't want information being sent to the wrong contact mistakenly”.
MANDATORY BACK-UP COPIES
The recommendation for the creation and regular updating of back-up copies is even more important at a time when the use of ransomware continues to increase. Having all your relevant information stored on a hard drive can be the difference between losing it all and saving all the work you've done. In this type of computer attack, the hacker blocks the device and demands a ransom, usually in bitcoins, to return control of the machinery to the owner. Hence, if your back-ups are always up-to-date, there's no risk. Furthermore, as recommended by the National Cybersecurity Centre (CNCS), the Portuguese agency in charge of national security, in the case of ransomware, ransoms and demands should never be paid as this will set a precedent and is likely to lead to further harassment. “Companies should recommend latest-generation anti-malware solutions for employees' personal devices used in distance working”, adds Ivan Mateos, who reminds us that: “Any connection through insecure equipment, however quick it may be, can cause a disaster”.
Ivan Mateos also recommends that devices be encrypted. “Our devices now contain sensitive information and need to be protected to the greatest extent possible. We don´t want our data accessible to anyone in the event a device is stolen, lost or simply forgotten. Windows, MAC, Android and iOS systems already feature this option as standard”.
Another rule to bear in mind is that work equipment shouldn't be shared with family members at home. According to the CNCS, despite this seeming to be an innocent practice, it could compromise sensitive and confidential information. The same rule applies to the social networks, on which the sharing of business data should be avoided.
Working from home has also introduced a new reality with regard to meetings held in a virtual environment on a wide range of platforms (Zoom, Skype, Microsoft Teams, etc.). However, security cannot and should not be neglected here either. To this end, CNCS recommends access be restricted to authenticated users only for each meeting, webinar or event. This way you´re ensuring there are fewer entry points for potential threats.
Moreover, and according to the same source, each meeting should have a unique access password and point-to-point encryption should be activated for all virtual events. Audio signatures and appropriate recording permits should also be used so as not to undermine the security of the interested parties' data, in addition to screen-share watermarks in order to prevent the misuse of information in other contexts.