Working From Home And Surviving The Cyber Attacker
March 2020 by Colin Tankard, MD of Digital Pathways
We are living in a new world order right now with many of us finding ourselves working from home, without the protection and constraints of our usual places of work.
This makes working safely even more important. Here are ten things you can do to ensure you keep yourself, your employer and your data, safe.
1. Check the security settings on your PC or Mac to ensure your system has the latest patches and that you are running a quality anti virus programme. It should be set to auto check for new updates and also run a regular scan.
2. Review your passwords. They should be strong, that is to say that they should include upper and lower case letters, numerals and special characters or, be a phrase that is more than twenty characters long, with no spaces. Try to avoid personal information and do not fall into the trap of opting for your birthday or pets name! Default passwords should be changed immediately.
3. Ensure that you regularly review and change your passwords and don’t rely on one for everything. If you are struggling to remember your passwords, never store them in a file on your device, such records can easily be found. Opt for an online password manager such as LastPass. These services can generate strong passwords for you, as well as storing them, where only you have access. But if you distrust online password managers, your only option is to write them down on a piece of paper. If you do this, take a copy so you have a backup in the event that your original is lost or damaged and hide the papers, not near your device, when not in use.
4. Establish two-factor authentication security, if you have the option. This process involves you not only entering a strong password, but also a unique, one time password - which is sent via text or, a code taken from your smartphone. This code is then used to establish your identity. These password generators are often free and are available from many companies such as Google and Microsoft.
5. Your devices will connect to your internal network to gain access to your broadband connection, so always check your router settings and ensure you have changed the default passwords and, ensure that encryption is switched on (you will see terms such as WEP in your settings for the encryption). Also, change the device or router name, so it does not identify the manufacturer or ISP. This just makes it harder to determine from the outside. Also, never use your surname or address as an identifier, this is just exposing your personal information and every little bit of information you leak, could be used against you. If you have your router on a windowsill, make sure the details on the back of it are covered. Often the router password or encryption key is noted here. Better still, don’t have the router on a windowsill!
6. Check your router activity log regularly, to see what has or is connected to your network. Most routers have a log of all devices that are connected. Any you see which you do not recognise, could be a hacker’s device ’listening in’ on your network. Also, check to see if any connected device is communicating out to the worldwide web when not expected. This could indicate your device has been compromised and it is sending out your personal data or, it could be being used, along with thousands of other devices, to attack other web sites which was the case with Spotify, Netflix, and PayPal, who were temporarily shut down, due to such an attack.
7. If you have the Internet of Things devices attached to your network, such as Alexa, camera-enabled doorbell, CCTV, WiFi kettle or fridge etc., ensure these devices are secure and that default passwords have been changed. Most of these devices are insecure if not correctly configured and as they are on your network, if they can be compromised, then they can be used to attack or monitor you. Just imagine a hacker taking over your CCTV camera and listening to your conversations or noting down your password as you type it out!
8. If you have confidential papers or data at home, ensure you put these away after you have finished for the day. Compliance extends to wherever data is handled and working from home will not exempt you from GDPR, PCI or any such regulatory controls.
9. If you have children and they also have access to a device, never set their profile to be an administrator. The easiest person to hack is a child, as they will click on links without considering the security. By stopping their device from installing a program, many trojan’s and viruses will be stopped. It might be a pain them asking you to authorise a download, but it will save you a lot of grief if you have to set up new bank accounts!
10. Before you click on a link in an email or open an attachment, consider if the email looks genuine. Is the spelling correct, or the language used in line with what you would typically expect from the sender. Hover your mouse pointer over any link and see if the destination address matches the sender’s address. If in doubt, don’t click anything and contact the sender via a new email or via a second channel, or copy the link or attachment into a scanner site such as VirusTotal or Trend Micro.
By practicing good cyber security techniques, we can keep our data safe as we continue to work from our homes over the next weeks and months.