15 ways to make working from home more secure
Working from home. It means something different to everyone. You may be the type to perch at the kitchen table in your dressing gown. You might have a multi-screen office setup in the spare bedroom and an ironed shirt and tie every day. The one thing we’ve got in common is that we’re all doing it at the moment.
With the Covid-19 pandemic placing the UK into lockdown for the foreseeable future, all of us are facing unprecedented changes. These are changes to our way of life, and we are doing everything to keep our businesses running throughout. Some organisations might find the transition to remote working relatively easy if they’ve had it for a long time. Others will have been engaged in a last-minute scramble for laptops and cables when the social distancing measures were announced.
In either case, what’s beyond any doubt, is that moving to a remote working system can severely compromise the cyber security of your business if it’s not done carefully. Confidential data and communications are suddenly scattered across myriad broadband networks, leaving them more open to increasingly opportunistic criminals. Crucial infrastructure bolstered by latest technology can suddenly find itself relying on equipment designed for web browsing and social networking.
Whether you’re new to home working or vastly experienced, everyone can take steps to make home working secure. Hackers are looking for ways to exploit the coronavirus crisis to their advantage — so don’t let a once-impenetrable fortress become a free-for-all just because the office is closed. Keep your business under lock and key in these uncertain times by following these steps.
1. Connect to a separate network
You may be in a house full of teenagers chatting to their friends or a flatshare full of streaming addicts. Either way, it’s probably rare that you’ll have the home broadband network all to yourself. Where possible, you should endeavour to keep your remote working on a completely separate network from everyone else.
If your company has a VPN (virtual private network), then that’s the easiest way to keep your work ring-fenced. Setting up a different router might be the best option for you. After all, we could be in this for the long haul, and a robust home working system is useful anyway. If you’ve got unlimited data on your mobile plan, consider using tethering to turn it into a private wi-fi hotspot.
2. Create a separate user profile
If you’re using a home computer to work remotely, it’s crucial that you separate work from play. Create a private account that’s not accessible to anybody else in the house. This will ensure that private data is ring-fenced – even if your computer is only accessed by people you trust.
If you share accounts at home and everyone knows your password, change it before you start working. The foundation of any effective cyber security setup is making sure that the device is used for business use only.
3. If you’ve got a VPN, never log on without it
It might be one extra thing to do in the mornings, but it’s more than worth it. Six-digit codes and multi-step authentication may seem cumbersome. A VPN is about as secure as it gets when it comes to keeping cyber criminals off your network. Don’t let forgetfulness be the reason your company suffers an attack.
It’s important is to remember that you need to log onto the VPN every time you return to your computer. Many of us put our laptop to sleep during our lunch hour. It’s an all-too-easy mistake to return to what you’re doing without giving the VPN a second thought. Before you know it you’ve spent two hours processing critical data on your home broadband.
4. Always install updates
They always crop up at the most inopportune moments. It’s also just too easy to click the ‘remind me tomorrow’ every day for weeks on end. Software updates are one of your device’s most crucial defences against cyber crime. You should never delay in installing one when it pops up.
Vulnerabilities in out-of-date software are a wide open gate for hackers. Updates patch these up, remove bugs and reinforce your company’s security. It’s everyone’s responsibility to make sure company data is protected with the most up-to-date measures. The few minutes it will take for an update gives you an excuse to go and put the kettle on.
5. Don’t ignore antivirus and anti-malware alerts
Software updates are easy to dismiss but hard to ignore altogether. When antivirus and anti-malware go out of date, you can get used to seeing the warning on your screen. You can go months, even years, without doing anything about it. It’s one thing to skip security measures like this on a laptop you only ever use to stream movies. But if you’re turning it into a workstation then robust security should be priority number one.
If you’ve never had them installed, they needn’t cost the earth – ask your IT support provider to take a look. Malware and viruses can devastate your business, so don’t delay in making sure your deterrents are as secure as possible.
6. Uninstall unnecessary software
Cyber security isn’t all about installing the right software; it’s about keeping your device clear of anything that doesn’t need to be on there too. If you’re using your home computer to work remotely, now is the perfect time to tidy your computer up and remove games and apps that the kids haven’t played in years.
Old, unused software is especially vulnerable to hackers as it’s no longer updated. Any weaknesses provide an easy entry point. Keep your device secure by strictly populating it with software that’s not only relevant but robust.
7. Keep your computer locked
It might seem unnecessary when you’re not in the office, but keeping your device password-locked does more than keep prying eyes off your emails. It ensures that other members of your household won’t log on to update their social media, play games or order takeaway – seemingly simple online actions that could expose your business to dangerous malware.
Password-protecting your device is an example of a good working habit to stay in during a period of remote working. After all, if you keep up good cyber security practices while you’re at home you’re more likely to maintain them back at the office.
8. Turn off automatic WiFi connections
When you’re dealing with secure company data, you don’t want your device making any decisions for you when it comes to connecting to WiFi networks. Automatic connection might be a great way to save on mobile data but it risks seriously compromising your business.
If you suddenly switch from your own secure network to the WiFi of a cafe across the street then you’re exposing your business to cyber criminals – and you might not even realise you’re doing it.
9. Choose your browser carefully…
Picking a web browser isn’t as simple as downloading the first one that presents itself to you – they might all do the same thing, but they’re not all as secure as one another. Using Google Chrome or Mozilla Firefox will ensure that your business benefits from the most state-of-the-art security measures possible.
Using Safari, Microsoft Edge or other popular browsers could expose something as simple as an email exchange to vulnerabilities, leaving company data open to hackers who are looking for it.
10. … and avoid using extensions
Adding browser extensions can help make your user experience more straightforward and convenient, but they can be a breeding ground for computer viruses, so where possible you should avoid using them altogether. In addition, make sure any extensions you’re not using are uninstalled in order to avoid creating weak spots in your device’s security.
11. Keep an eye on VoIP software
VoIP (Voice Over Internet Protocol) is a great way to streamline communication, save on costs and ensure a secure phone line by speaking over the internet – but like any method of transferring information within your business, it can be vulnerable to attack.
Using VoIP at home might be a convenient way to easily keep in touch through the day – but make sure that the software is updated regularly and that your business takes as many steps as possible, such as multi-factor authentication, to keep networks secure.
12. Use a password manager
Whether you scribble your passwords on bits of paper and hide them around the house or save them in your browser to avoid having to remember them, managing passwords can feel like a full-time job in itself. If your company has password manager software such as a multi-factor authentication solution, then make sure you use it – it ensures that no information that could gain hackers entry into your business is left lying around, either in your home or in cyberspace.
While it can be convenient to reuse passwords across multiple accounts, it’s one of the biggest security errors you can make. Password manager software not only keeps passwords under lock and key but it ensures you don’t have to resort to risky measures in order to remember them.
13. Take your time…
We’re not saying you should take more tea breaks and adopt a more laid-back attitude to your workload, but it can be easy to feel rushed and swept up in the midst of the uncertainty and chaos that’s currently unfolding. Hackers are experts at exploiting pressurised situations to find weaknesses in a business – and they employ tactics to put you under pressure so that you’ll make decisions you otherwise wouldn’t.
For example, phishing and spoofing emails use language that conveys a sense of urgency and diverts your attention away from anything that might give away their false intentions. Who is the sender? Take a moment to check the address and consider whether the content of the email matches what you’d usually expect from that sender.
14. … and don’t click without thinking
If there’s an attachment in an email, you should always treat it with caution – you don’t have to click it in order to find out if it’s genuine or not. Hover the mouse over the URL and see where it will take you, paying especially close attention to the spelling of the domain name in order to make sure it’s not a spoofed URL with one letter missing or different. You should also look for the ‘s’ in ‘https’ which stands for secure.
Links in malicious emails can unleash malware and viruses that could compromise your entire organisation, so it’s always worth being extra-careful. Of course, these are examples of best practice that will be just as relevant when you’re back in the office as they are at home.
15. When in doubt, don’t take the risk
It’s always best to spend time taking precautions and assessing risks, even when it’s not the most convenient option. If you see anything suspicious, you should inform your IT provider as soon as possible – even if you’re not sure. If you believe that you might have fallen victim to a cyber attack, disconnect from all company networks immediately and inform the relevant people.
All businesses are more vulnerable to cyber crime by moving to remote operations, but just because you’re working at home doesn’t mean you should feel that you’re dealing with threats on your own.