An increasing number of counties and municipalities across the United States are falling under stay-at-home or shelter-at-home orders due to the Coronavirus pandemic. While many manufacturing and distribution companies are exempt from these orders to help keep the supply chain moving, we’re finding many of our customers are choosing to have some staff work from home to help with social distancing recommendations.
Earlier this week, my husband forwarded me an e-mail he received from Malwarebytes with tips about keeping secure while working from home. My first thought was, “Oh, I write about cybersecurity quite a bit at work. I wonder if what I’ve been saying matches up.”
It turns out I didn’t think through all the different things one must do to digitally protect themselves when not in your office. That’s why I’m happy to share some of the recommendations Malwarebytes Labs for cybersecurity while working at home.
For cybercriminals, there’s no place like home
One of the cyber-safest places to be is inside the four walls of your company, especially if you have a full-time, fully trained IT staff. Sometimes, people may slack off at the office thinking they will be protected from outside threats because of the good work their IT staff performs.
In some cases, this is true. There are several things an IT staff can implement to raise the security measures. The likelihood an active attempt to infiltrate the company’s network will be quashed. However, as I’ve mentioned in previous blog posts, most cybercrimes happen because an employee will accidentally invite a security threat passed the protections, mainly through phishing or clicking on a malicious link or online ad.
But what happens when a person who blindly uses the internet inside the office, not thinking about what they’re clicking, suddenly gets sent home without the internal protections of a full IT staff?
This is what opportunistic cybercriminals are chomping at the bit for during this crisis. There is no honor among thieves when it comes to opportunity. As I said to my grandmother once, when she asked why people commit cyber crimes, some criminals just to want to cause chaos. They revel in seeing the norm being tilted off its axis, and that can happen to a greater degree during a crisis. Others are looking for a big payday, either pandering off of people’s fear or anxiety.
So while your company’s IT staff can send you home with a neat little security package on your company-owned laptop, work isn’t just done on a company-owned laptop. There’s still things people need to do to stop themselves from bringing cybercriminals into their workspace at home.
Malwarebytes security tips for working at home
I don’t want to spoil the entire article because it’s worth a read, but I wanted to highlight a few of the tips Pieter Arntz gave in his article for Malwarebytes Labs. Some of them seem obvious but they’re not ones you often think about, especially when you’re working from home for an extended period of time.
Physical Security: Lock your computer
People who live with roommates know keeping your valuable items secure is a smart idea. But have you considered how valuable your company’s information is? Leaving a work computer wide open also leads it wide open to accessing company data, company e-mails, corporate plans, and other information. All of this is rich information in cybercriminal circles. Or, a simple program can cripple your company with a ransomware attack.
The article also mentions the same for children living in the home. Curious and/or mischievous children can also do damage to a wide-open work computer. It could be an accident or it could be boredom breeding mischief. So in either scenario, it’s important to keep your computer locked when you need to get up in these situations.
System Access: Hide your computer from your home network
We’ve all had a laugh when we’ve opened up a mobile device at home and seen your neighbor’s WiFi network names. (Or, you’re the one with the awesome network names.) But when you think about it a bit more, that means if your network can be seen, it can be accessed.
And if a network can be accessed, then a device on that network can be accessed. This once again makes it an easier target for outside attacks then you would in the four walls of the office. Making your device hidden to the network is a security measure you can control even if you don’t have control over the WiFi network security.
Separate Devices: Don’t mix home and work accounting
This was an interesting point the author made, especially since part of it doesn’t have to do with cybersecurity. Let’s say you’re doing your accounting work in your Sage X3 or your Sage 300 CRE, and you also have your home budgeting up in the background while you’re working. It really stands to reason that going back and forth between these two could lead to mixing up some numbers. From a cybersecurity standpoint, Arntz also mentions you can compromise your personal data as well as your company’s data if you’re not using the best security at home.
Security wrap-up: Education still the key
While many more people than usual will be working from home while the Coronavirus is still a threat, it’s a good time for IT professionals to go over the basics of internet security with all their coworkers, from the newest clerk up to the C level.
The most important thing to remind people is to not trust e-mails that are either too good to be true or e-mails that request passwords or personal/company information. Keep all programs and operating systems up to date. And make sure your backing up your information in a secure way.
Are you working form home? What precautions have you taken to keep your company’s data safe at home?