To help combat the spread of COVID-19, many of us have been asked to move from working in dedicated office buildings to working remotely from home in order to limit physical contact with others.
While your physical health and wellbeing are absolutely crucial during this unprecedented, frightening time, it is important to still consider the security of your internet-connected devices – both work and personal. Unfortunately, attackers see this large increase in remote work as an opportunity to compromise critical, sensitive information for financial gain.
Here are a few tips to help you keep your devices secure while working remotely.
Keep work and personal devices separate
If possible, avoid using your personal devices for work purposes. The security protocols that your organization follows for work devices may differ from the protocols you implement on your personal devices. Your organization is at greater risk of a data breach if you use a device that does not meet their specific security requirements. Additionally, using a personal device for work purposes may also put your personal information at greater risk. If your personal device is targeted and breached as a result of being used to conduct work for your organization, then both your sensitive information and your organization’s will be compromised.
The same holds true for work devices – avoid using work devices for personal purposes.
Avoid using public Wi-Fi networks
If possible, avoid using public Wi-Fi networks. On public Wi-Fi networks, there is no firewall or other protections between you and another user on the network, meaning that other individuals can potentially intercept the network’s traffic and view your internet activity.
When using Wi-Fi while working remotely, consider using a personal hotspot. A personal hotspot is your own personal and portable Wi-Fi network that you can use to connect your devices to the internet. The benefit of a personal hotspot is that other individuals will not be able to connect to it unless you give them its credentials. Many cell phone carriers offer mobile hotspot devices. You may also have the option of using your phone as a personal hotspot, but remember to take into consideration any potential data charges this may incur.
Use strong passwords and avoid password reuse
On all of your accounts and personal networks, use strong passwords that at minimum, are at least 12-15 characters in length, and consist of a mix of numerical digits, uppercase and lowercase letters, and special characters such as !, @, #, $, and %.
Shorter passwords that lack a mix of various characters are much easier and faster for attackers to crack. You should also avoid using passwords that have any information associated with you, such as your age, last name, or favorite color.
In addition, avoid reusing passwords for different accounts. Criminals will often attempt a method of attack called “credential stuffing” where they take the compromised usernames and passwords from one service and attempt to use these same credentials with other services. To help combat against this attack, avoid password reuse, and consider using a password manager or other method of remembering passwords for your different accounts.
Encrypt your devices
In case your devices are stolen or compromised, consider encrypting their data to make it more difficult for criminals to access.
On Apple devices, encryption is enabled by default.
On Android devices, encryption may not be enabled by default depending on the manufacturer, but the majority of Android devices allow you to turn on encryption in their device settings. Be sure to research the specific instructions for turning on encryption for your specific Android device.
Many Windows devices also allow you to enable encryption in their device settings.
Avoid using unknown USB drives
Never trust USB drives that you do not know the source of. These include USB drives you may have found in public, or USB drives sent directly to you in the mail. Unknown USB drives can be potentially malicious. They may install malware onto your devices, such as keyloggers, which can track all of your keystrokes and send them to a criminal looking to compromise your sensitive information.
Only use USB drives from a trusted source where you can confirm that they have not been tampered with in any way.
Watch out for email phishing scams
When you receive an email, double check that it is from a trusted source, and not from someone claiming they are a particular individual or organization. Look for misaligned images or spelling errors, and, if the content of an email seems to be “too good to be true”, then it is likely a scam. You should also avoid clicking on links in emails, as they may lead you to a fake login page looking to collect your credentials, to a page that automatically downloads malware onto your device, or other pages with malicious intent.
Remember that organizations will never ask you to provide your login credentials over email.
Sources and Additional Readings