How to Work-From-Home Securely

COVID-19 has indeed turned what used to be our “normal”, one eighty! And in response to this pandemic, everyone had been suddenly and abruptly forced to work remotely. No transition or preparation period whatsoever. But while many employees might be currently enjoying the luxuries of working from home – sleeping that extra hour in the morning, not having to dress up for work, finally having the time to exercise after work, not having to squeeze like sardines in the packed train – their company’s IT department might just be sweating profusely in their seats!

And it is not because of the Singapore weather or the absence of air-conditioning at home either, but it is because that now, instead of having all their employees working in a confined and “network protected” office environment – with an anti-virus software installed on all work desktops, a secure VPN and secured data storage – their employees are now working from each of their individual homes. This means that companies are now widening their exposure to potential threats, and cracks can quickly appear in your business’ protection.

Let’s face it, this is uncharted territory. It’s one thing to support a handful of remote workers — salespeople who are constantly on the road, key executives who need access from anywhere, etc. — but transitioning every single employee to a remote setup and actively supporting them all at once is a different ball game altogether.

And of course, this isn’t just a challenge faced by one company. Instead, businesses everywhere are in the exact same boat – scrambling in their seats to ensure that the majority (or entirety) of their workforce can work securely from home.

Fortunately for you, the tools you need to solve this challenge already exist. But first and foremost, let’s set things straight.

There are four main areas of concern when it comes to cybersecurity at home – your devices, your wireless network, your communications, and your company’s data.

So here’s how you can secure them while working from home:


PART 1: SECURING YOUR DEVICES


Separate Work Devices from Other Home Devices

Let’s say this together, “If it’s not secure, there’s no point in having it”. Ok, now one more time.

“If it’s not secure, there’s no point in having it”.

Here’s what I’m getting at. Do not use your own personal laptop for work purposes if it’s possible. Companies should thus supply their employees with the approved devices for work purposes only. This is very important for security reasons, and a great way to immediately minimize a company’s risks to their business, to protect it from malware or ransomware.


Use Current Antivirus/Anti-Malware Software

The most important issue of working from home is the security of the devices used for accessing the company’s database. If a company does not have the financial means of supplying each individual employee with their own work laptop or devices, it is then extremely crucial to ask them to secure their own personal devices. This can be done so with an updated version of antivirus software, along with Firewall, which can boost the device security and minimize the chances of a cyber-attack.

But remember, it is also vital to ensure that your employees’ Antivirus software is always up-to-date! This is to catch any new types of malware (called “zero-day”), which are so new that they haven’t been catalogued in any threat database yet! To catch these, you will need to have the current antivirus program – one that includes AI and machine learning to detect behavioral anomalies.

And if money’s too tight, install a free antivirus. Even one at no cost will significantly reduce the risk of getting infected — and landing in big trouble with the boss.


Keep Devices Updated & Patched

Like the Antivirus software, it is also equally important to keep one’s devices updated and patched.

Let me give you the reality. Did you know that 60% of data breaches involve unpatched system vulnerabilities?

In fact, there are many cases where a data breach happened because a patch that had been issued months earlier, went unapplied. Why? Because here’s the thing. New vulnerabilities are forever being found in applications and operating systems. And hackers just can’t resist exploiting them to infiltrate other people’s devices. Often, they rely on people being too lazy to update their software, to do so.

Hence, a vital component of good device security is keeping one’s computer and devices updated. These updates often involve crucial security patches to address newly exploited vulnerabilities.

It is thus important to remind employees to regularly update their software, operating system, and firmware updates to the latest version supported under the company’s security policy. To update these in a timely manner, encourage them to activate automatic updating on all their devices.


Use Two-Factor or Multi-Factor Authentication

Two-factor or multi-factor authentication is a very effective way in securing one’s online accounts, and deter any unauthorized users from accessing your company’s network.

A multi-factor authentication could be a combination of the following:

  • Something known to the user (user ID, PIN, or a secret question)
  • Security key, token or card that the user possesses physically or can be sent to the registered mobile number of the user
  • Biometric identification (if supported by the user’s device)

However, in most cases, biometric identification is far-fetched for those working from home. Therefore, two-factor authentication, or a combination of user ID along with a one-time-password (OTP) sent to the user’s personal registered number, is usually used as the hallmark of security.


PART 2: SECURING YOUR NETWORK


Separate your Work Wi-Fi

Now, if your company is not able to provide each employee with their own individual laptops, another way to safeguard one’s devices and improve one’s home network security is to separate sensitive work devices from higher-risk devices by keeping work devices on one network and everything else on the other one.

Often, other devices can be a higher risk for a breach (such as a teen’s gaming computer). Hackers often try to discover and hack other devices connected to the same wireless network once they get into one of them. By setting up a guest or separate network on your router, you’ll be creating an additional Wi-Fi network that can be used for internet connection.


Configure Wi-Fi Encryption

Protecting one’s devices won’t help if an attacker manages to connect to one’s Wi-Fi or take up residence inside one’s router. Anyone who does that can intercept everything you send or enter online, including passwords for remote access to an office-based computer or corporate mail. Therefore, it is imperative to configure your network connection correctly.

First, make sure that the connection is encrypted to keep information safe from prying eyes. If your Wi-Fi asks anyone connecting to it for a password, the connection is encrypted.


Change your router login and password

But having a password is one thing. Most Wi-Fi routers when purchased, should have already come with their own default password. So if you have never changed the login and password required to enter the router settings, do so now! The default passwords for many models are not only too weak, but also known across the Internet and easily searchable. And unsurprisingly, the place to change the router username and password is in the router settings.


Use a Business VPN

Here’s the thing, usually, in a non-COVID-19 world, companies hire software agencies to set up a well-protected network within their organizations. But, with majority of employees now working from home, when it comes to sharing the internal database with remote employees, network security becomes a major concern.

One of the easiest and cost-efficient ways to protect one’s company network and data is by providing all employees with VPN (virtual private network) access. A VPN routes your connection through secure servers, which can thus help to hide employees’ IP addresses, encrypt data being transferred between devices, and mask the location of the sender and the recipient of the data for an extra layer of security.

Many of the larger corporations already have a VPN in place. Smaller ones however might need to choose a VPN provider. However, it is vital that all your remote employees have access to the VPN service. If necessary, hold a meeting or share tutorials on how to use a VPN efficiently to protect the company’s network.


PART 3: SECURING YOUR COMMUNICATIONS


Use Encrypted Tools

When working in the office, if you have a question, one would simply walk or roll over to a colleague’s desk to ask. But when working from home, the equivalent is probably sending a text message using your personal phone. However, basic SMS text messages have no real protection against interception or interference. You can patch that security hole by making use of a secure business messaging app, such as Microsoft Teams, to use in place of texting.

As for those virtual meetings that have almost universally replaced face-to-face meetings, those aren’t necessarily secure. Remember the recent Zoom-bombing? So if you’re the organizer, ensuring the meeting is protected against snooping is your responsibility. One way is to set a meeting password, or only allow invited attendees to join the meeting.

Next, email is intrinsically insecure, but when a company’s employees all connect to the same internal network, the IT department can impose a degree of protection that’s not otherwise possible. But for most of us now, email from one’s home office is more exposed. Unfortunately, there’s not much you can do to fix that problem. For your personal email, you can choose to add an email encryption service, but at the business level, email encryption must come from the top. So, if you’re thrown into a situation requiring you to communicate sensitive corporate data via email, consider sending a request for management to implement encryption.


Use Web Protection (DNS Filtering)

Phishing is the number one delivery system for malware. And in recent news, hacker groups are planning a large-scale phishing campaign targeted at more than 5 million individuals and businesses (small, medium, and large enterprises) across six countries and multiple continents, Singapore included. It is thus even more crucial to exercise caution when receiving emails from unknown senders.

Increasingly, phishing attacks use links to dangerous websites instead of a file attachment to deliver malware. So in addition to using good anti-phishing practices, like hovering over links and being suspicious of unexpected emails, using a DNS filtering program can help you avoid becoming a phishing victim by blocking malicious websites even after you’ve accidentally clicked a phishing link. Many VPNs include web protection/DNS filtering, so you can accomplish two security measures at the same time by using one! How good is that!


PART 4: SECURING YOUR DATA


Ensure Authorised Access

To minimize any cybersecurity threats to the company’s database, it is essential to ensure that only authorized people are accessing it.

In addition, employers must ask their employees to use strong passwords for their accounts. Strong passwords help in reducing the chances of unauthorized access. The passwords must be unique and not easy to decode. A random mix of letters and symbols, along with uppercase and lowercase letters, make the strongest passwords. To further enhance the security of their database, companies can use two-step verification by making it essential to use fingerprint or face recognition, along with the password, to access the system.


Securely store sensitive Data

Some data sharing tools and software do not provide end-to-end encryption. This means shared files and communication on these platforms are not secure and can be accessed by others. To solve this issue, there are various tools for communication and sharing data among team members, for instance, our Enterprise File Syncing & Sharing solution. These tools are encrypted and maximize online data security.


Regularly empty your Computer’s Bin

Do not just delete your sensitive data from your computer. Remember to empty your computer’s recycling bin regularly as well.


OTHER WAYS


Have a 3rd Party Backup

Always have a 3rd party backup on standby in case of data loss from Cyber Attacks. Follow the 3-2-1 rule in backing up data: Create at least three copies of the data in two different storage formats, with at least one copy located off-site (e.g., provide external SSD or HD drives).


Educate your Staff on Cyber Awareness

Cybersecurity is the major concern of the world, especially in this current scenario of COVID-19. In fact, human error is one of the major causes of online data breach, with 90% of successful breaches caused by human error. Human error can come in the form of mishandling of software, clicking on malicious links, leaking of passwords, unable to identify phishing emails, poor web browsing behaviour, etc.

So to minimize these human errors, it is essential to train all employees regarding cybersecurity, because in reality, 70% of employees do not understand cybersecurity! Hence, it is of utmost importance that all employees are educated and trained on cyber awareness.


Use Automated Remote Device Monitoring & Management

One way to easily keep one’s workstation updated, protected by antivirus software, automatically patched and configured, and monitored for any threats without having your work interrupted is to use managed IT services. They’re not just for computers sitting in an office. Remote patch management and threat monitoring can also be used for computers being used in a home office.

By standardizing and automating basic security across your remote workforce, managed IT support can hence significantly decrease the likelihood of a ransomware attack or data breach, allowing you to focus your resources elsewhere.


Want to get Managed IT Support, or find out more about our IT Security Services?

eVantage Technology is a professional and trusted IT solutions provider, dedicated to providing exceptional service to companies in Singapore and across Asia.