Remote Work and Cyber Hygiene

Everyone's been working from home for a while now, but just because we're getting used to the remote work lifestyle doesn't mean that cyber-attacks are any less possible or relevant. Many organizations have adopted or created a remote work policy and adjusted security processes accordingly, but these should be assessed and improved regularly, just as any other aspect of the security program is. 

Human error is inevitable, but organizations can implement controls and safeguards to prevent errors that can have huge effects on their data, reputation, and customers. 

Maintaining good cyber hygiene and personal security best practices are the best way to maintain privacy and keep attackers from reaching organizational data.

Complete Security Projects with an Expert Team.

Learn more about cyber security services for your organization.

Complete Security Projects with an Expert Team.

Learn more about how cyber security services can fit in your organization.

Remote Workers 

There are a few things for employees to keep in mind to maintain security best practices: 

•  Don't neglect your cyber security policies and processes. Even outside of the office, the policies and processes set by your security team are in place to keep you and organizational data safe.
•  Stay up to date with patches and software updates. Solutions and services like Office 365, Zoom, and other applications need regular patching to maintain the latest security fixes. Don’t ignore alerts to restart your computer when updates need to be implemented or completed. 
•  Avoid using unsecured WiFi networks to log into your organizational environment or access any sensitive data. 
•  Properly secure your home network and router, especially if you have smart devices — these could present opportunities and openings for attackers if usernames and passwords aren't regularly changed or updated. 
•  Keep an eye out for phishing attempts. Phishing techniques have become increasingly sophisticated, expanding beyond email and even into applications. Avoid clicking or opening anything that looks suspicious and report it to your security team. Confirm any requests for sensitive information with a phone call whenever possible.

Working from Home on Your Own Device

Working from home with your own device? We’ve put together some additional tips to stay safe: 

•  Install strong antivirus and malware detection software. Make sure it’s always up to date, since new threats can come up often. 
•  Update your operating system and any applications. This is a good time to uninstall old programs or applications you no longer use. Software updates provide new features and fix new vulnerabilities. 
•  Secure your WiFi-network. Choose a complex router username and password, use WPA2 security, and allow only known MAC addresses. 
•  Create separate user profiles for work on your devices. Make sure these accounts do not have administrator access, so personal information on other accounts is not at risk. 
•  Lock your devices when not in use. Make sure your settings automatically lock your device when it’s inactive for a certain amount of time. 

Organizations and Security Teams 

Effective security programs are meant to prevent possible incidents and breaches. But what happens when you have to account for a completely different and much larger attack surface? 

Here are some tips organizations and security teams can take to protect remote workers and their organizational data:

•  Have a baseline of normal, monitored activity. Understanding the day-to-day activities of your organization will make it easier to spot any unusual behavior. 
•  Utilize two-factor authentication. This makes it harder for bad actors to brute force employee credentials and login since they can’t access an employee’s phone. 
•  Know how to respond to incidents. If an employee’s device is compromised remotely, what should employees do to alert the security team? What actions will the security team take remotely to quarantine the machine and keep it from impacting organizational systems? 
•  Maintain security training and awareness. With so much of our lives lived online, it’s easy to forget that it doesn’t take much to lose personal data. Breaches can occur through something as simple as leaving your computer unlocked in a public place. 
•  Have your policy in place. Make sure your organization knows how to handle not only incidents, but questions of privacy, safety, and liability with your remote workforce. 

 

Remote Workers 

There are a few things for employees to keep in mind to maintain security best practices: 

•  Don't neglect your cyber security policies and processes. Even outside of the office, the policies and processes set by your security team are in place to keep you and organizational data safe.
•  Stay up to date with patches and software updates. Solutions and services like Office 365, Zoom, and other applications need regular patching to maintain the latest security fixes. Don’t ignore alerts to restart your computer when updates need to be implemented or completed. 
•  Avoid using unsecured WiFi networks to log into your organizational environment or access any sensitive data. 
•  Properly secure your home network and router, especially if you have smart devices — these could present opportunities and openings for attackers if usernames and passwords aren't regularly changed or updated. 
•  Keep an eye out for phishing attempts. Phishing techniques have become increasingly sophisticated, expanding beyond email and even into applications. Avoid clicking or opening anything that looks suspicious and report it to your security team. Confirm any requests for sensitive information with a phone call whenever possible.

Working from Home on Your Own Device

Working from home with your own device? We’ve put together some additional tips to stay safe: 

•  Install strong antivirus and malware detection software. Make sure it’s always up to date, since new threats can come up often. 
•  Update your operating system and any applications. This is a good time to uninstall old programs or applications you no longer use. Software updates provide new features and fix new vulnerabilities. 
•  Secure your WiFi-network. Choose a complex router username and password, use WPA2 security, and allow only known MAC addresses. 
•  Create separate user profiles for work on your devices. Make sure these accounts do not have administrator access, so personal information on other accounts is not at risk. 
•  Lock your devices when not in use. Make sure your settings automatically lock your device when it’s inactive for a certain amount of time. 

Organizations and Security Teams 

Effective security programs are meant to prevent possible incidents and breaches. But what happens when you have to account for a completely different and much larger attack surface? 

Here are some tips organizations and security teams can take to protect remote workers and their organizational data:

•  Have a baseline of normal, monitored activity. Understanding the day-to-day activities of your organization will make it easier to spot any unusual behavior. 
•  Utilize two-factor authentication. This makes it harder for bad actors to brute force employee credentials and login since they can’t access an employee’s phone. 
•  Know how to respond to incidents. If an employee’s device is compromised remotely, what should employees do to alert the security team? What actions will the security team take remotely to quarantine the machine and keep it from impacting organizational systems? 
•  Maintain security training and awareness. With so much of our lives lived online, it’s easy to forget that it doesn’t take much to lose personal data. Breaches can occur through something as simple as leaving your computer unlocked in a public place. 
•  Have your policy in place. Make sure your organization knows how to handle not only incidents, but questions of privacy, safety, and liability with your remote workforce.