Working From Home – The Cybersecurity Risk
COVID-19 has changed how we work, and where we work. Many people now working from home use personal devices, with great risk to cybersecurity threats. Professional business environments are often equipped with IT responsible for managing data security, but personal home networks are much more vulnerable to attacks. With a lack of hardware and enforced security policies, criminals are more likely to target your personal and corporate data with a higher success rate.
We’ve asked Peter Komarkowski, a fellow at the Institution for Data Management and Past President of the Data Protection Association, for advice regarding where we can improve our safety and data security, to persevere through these difficult times and flourish in our near future. Peter admits to being an optimist, providing us with a worst case scenario breakdown.
Get a FREE copy of our Cybersecurity Risk Guide Today
RECENT EXAMPLES OF HACKING:
Cybercriminals are ruthless, capable of quickly smearing your enterprise across the next news headline. Take a look at the recent examples provided.
Transportation Agency Hacked in 2nd Texas Government Attack
On may 14th the Texas Department of Transportation’s network was compromised by a ransomware attack, according to a statement the department posted to social media.
Nefilim Ransomware Gang Leaks Toll Documents to Dark Web
The criminals responsible for continuous ransomware attacks on the Australian logistics & transport company Toll Holdings recently released private documents to the public, according to announcements made by Toll Group on May 5th.
Here are some tips from Peter on how to avoid some of today’s most predominant cyber security threats as we transition to larger remote workforces and rely more on digital access to information.
TRUST NO ONE:
The current climate of home offices provide criminals with the perfect environment for committing cyber crimes. Right now many personal devices are nearly completely defenseless, ushering in an age of a zero-trust mindset.
Social media is an excellent tool criminals can exploit to learn more about you, where you are, and even answers to your security questions. Be mindful of sharing your location, and watch out for posts attempting to extract information from you (e.g. “Where did you grow up?”, “What was your first pet’s name?”)
When was the last time you changed your password? It’s important to revise and strengthen vulnerable passwords every 30, 60, or 90 days. Not all passwords need to be altered frequently, but there may be some you use that are more at risk than others.
Make sure to take the following precautions when selecting passwords and establishing login credentials
- Create strong passwords (use capital letters, numbers, and special characters)
- Use multi-factor authentication, when possible
- Change your wireless gateway password regularly
Once you have established secure access credentials to protect your digital assets, go one step further
- Update your antivirus software
- Update your operating system
- Secure your webcams
Portable Information Storage Devices:
Since work locations are changing and we often need access to information on more than one computer, it’s likely that more information is being transferred to portable USB devices like external hard drives and thumb drives.
Never plug your devices into unfamiliar USB ports, and never plug unknown USB devices into your personal equipment. Criminals hijack public USB ports allowing them to steal your data when you plug in to charge. Likewise, criminals often leave USB devices filled with malware lying about in hopes someone will be curious enough to insert it right into their device. Always carry your own charger, and keep a spare non-risk thumbdrive ready.
Phishing is nothing new, but criminals are getting much better at it. Using fake emails and web pages created to look exactly like the real deal, phishing requires unsuspecting users to enter their personal information into what look like authentic forms. Phishing forms often employ call-to-action elements, asking you to click a button or open an attachment. Always inspect the email address before opening messages, these often include misspelled words or special symbols (ex: firstname.lastname@example.org).
Keeping backups provides an extensive safeguard in case of network attacks or device failures. You can schedule your operating system to back up your data as often as you’d like, often once a week or even daily if you work with a large volume of files throughout the work day.
Backing up your data to the cloud allows you to copy information to a server held by companies who employ strict security regulations and defenses. Although your data may be less vulnerable on their servers, they are not immune to cyber threats, so be careful what you choose to upload.
Often referred to as “air-gap” backups, uploading your data to devices that are removable provide huge security benefits. Although your data is now completely inaccessible over a network, it’s still possible your air-gapped device could fall into the wrong hands. It’s recommended that these backups are stored off-site and separately from your personal devices. The use of passwords and encryption may also be implemented on your air-gapped device.
Choose a frequency in which data is preserved that meet your legal and professional retention requirements. Businesses often have legal obligations to keep information secure during specific time frames, so it’s important to stay updated on your organization’s retention requirements.
Test Your Backups
Make sure to examine and test backups on a regular basis. There’s no sense in keeping them stored and secure if the data isn’t available when needed.
Get the Cybersecurity Guide and Checklist
For more information on protecting your business while your team works remotely, download our full Working from Home Cybersecurity Guide. The guide includes expanded information on the topics above as well as a cybersecurity checklist to you and your team can use to perform an internal security checkup.
PETER D. KOMARKOWSKI
Peter is the principal consultant of PETERK CONSULTING. He is an IT Veteran with over 35 years’ experience. His experience includes working with many different business sectors, including but not limited to; State Government, Local Government, University, Education, Teleco’s, Retail Banking, financial, legal, superannuation, IT outsourcing, retail, manufacturing, sporting bodies, SME, advertising, research, medical, healthcare, construction. In March 2016, Peter was made a Fellow of the Institute of Information Management, for his services to the Offsite Data Protection industry, serving as the President of the Data Protection Association from November 2014.