You don’t need a degree in cybersecurity or a bottomless budget to do the security basics well – here are five things that will get you on the right track.
Many home offices are merely a corporate tentacle complete with a virtual private network (VPN), remotely managed workstations with IT experts at the corporate offices doing the heavy lifting. But others lack virtually any kind of IT super-sleuth to sort things out and that means that the end user is the IT staff, like it or not.
If this is you, not to worry. Since this week’s theme of Cybersecurity Awareness Month is “Securing devices at home and work”, here are five things you can do to secure your home office – without an advanced degree in cybersecurity or a budget in the millions. Before we dig in, the first point is really just to get started. Some security is far better than none, and since it’s so easy to get overwhelmed by the technology and give up, we’re happy you’re still reading and hope you will prepare and jump in.
- Start with the router
These days, the router that you use for internet access does far more than you might think. It has a firewall, some security options, wireless connectivity and a host of other options. If you pay US$50 extra and get a business-class router, it will come stuffed with extra security options like stateful packet inspection firewall, Denial-of-Service (DoS) protection, content filtering and others. You don’t have to be an expert in some of the crazier security features, but business routers are usually more secure out-of-the-box, and have good support to tell you what to enable. Some come with threat feeds built in, so they keep up with blocking the latest badness. Also, remember to check for updated firmware when installing the router, and periodically check with the manufacturer — say, once a month — for updates.
- Stick to basics
Use security software that includes multiple layers of protection; indeed, today’s security suites tend to have stacks of security and are not just “one-dimensional antiviruses” anymore. Also, keep your operating system and applications updated, ideally automatically – the updates matter because they often include patches for critical vulnerabilities. If you haven’t already, now is the time to implement full-disk encryption – even if working from home, you may have “off-site” meetings you take your laptop to, and the risk of physical theft is never zero. Speaking of which, it’s hard to overstate the importance of regular backups.
- Set boundaries
You may not worry about having your device stolen by your relatives or housemates, and yet they may cause some trouble for you or your employer, even if unintentionally. Make sure you have a dedicated secure workstation you use for work and protect access to data stored on it by a strong password or passphrase that you don’t share with anybody else. Put bluntly, if everyone has the password, it’s not really a password. By extension, your family shouldn’t really use the device for things like chatting with friends or streaming movies. Also, set short timeout intervals so that the device locks itself automatically when not in use. And perhaps your virtual friend, such as Alexa or Siri, could do with some time off when you have calls or video meetings involving sensitive data.
- Stay vigilant
Fraudsters of all ilk didn’t take long to catch onto the then-new reality, using the virus as a cover story in a barrage of COVID-19-themed scams and spam. The virus is now firmly entrenched in our minds and cybercriminals have by no means let up on their efforts to siphon off business funds or hold organizations’ data for ransom – including by exploiting the remote work trend and the physical separation between co-workers. Business Email Compromise (BEC) fraud, for example, has for long been a major money-maker, and the losses are only expected to climb further amid the pandemic. To counter that, scrutinize all email messages and avoid clicking on any links or attachments especially in unsolicited emails, since they may be attempts to part you from your account credentials or to download malware onto the device. Be highly suspicious of urgent requests and verify them through an alternative communication channel before sending money or data.
It’s amazing what you can learn by down-to-earth podcasts or videos on security. There’s also an endless number of free or low-priced courses that will give you a solid grounding in any imaginable aspect of security. Don’t pick one that’s written high above your head, though; instead, find some you can easily understand that take you through the basics a step at a time. We’ve previously compiled a list of free online courses about security, which also might be worth reviewing. Put bluntly, blissful ignorance should not be an option.
Stay safe and healthy
While we all have new worries these days, the old worries – and cyberthreats – haven’t gone anywhere; quite the contrary, in fact. You may still be relatively new to remote work and may still be trying to get a handle on the new reality. That said, the current troubled times may require some change in mindset – thinking of your remote office like your “real” office and being acutely aware of the myriad online threats that may hit particularly “close to home”.
written by Cameron Camp, ESET We Live Security