Remote working brings benefits for employees, but by working from outside the company's internal network, there's also the added threat that employees are left more vulnerable to cyberattacks. And if hackers can compromise a remote employee by stealing their corporate username and password, or infecting their computer with malware, it could become a costly network security risk for the entire organization.[1]
Data breaches, phishing campaigns, ransomware attacks, and business email compromise (BEC) are just some of the cybersecurity threats to organizations -- if cyber attackers can successfully target remote workers. To help prevent this situation happening, the National Security Agency (NSA) has released 'Best Practices for Securing Your Home Network', which is a set of cybersecurity tips designed to help remote workers protect their networks, and themselves, from cyberattacks and hackers. "In the age of telework, your home network can be used as an access point for nation-state actors and cybercriminals to steal sensitive information," said the NSA cybersecurity technical director. "We can minimize this risk by securing our devices and networks, and through safe online behavior."
According to the NSA, here are some of the most important things you can do you to help secure your network and devices while working remotely. Using the most recent version of an operating system and keeping it updated with the latest security patches is one of the best ways to keep your device safe from cyberattacks. The most recent operating system is the one which will be the most supported, while older operating systems might eventually stop receiving updates; meaning that security patches may not be available if vulnerabilities, which could be exploited by attackers, are uncovered after the cut-off point.
In most cases, the updates will come in the form of a prompt that encourages you to restart your computer, something you should do as soon as you can. The same goes for applications, software, and web browsers, using the latest version means you'll be using the latest security updates, which will prevent cyber criminals from exploiting known vulnerabilities in software to conduct attacks.
Keep your router secure and up to date - Your internet service provider (ISP) provides you with a router to connect to the internet. Many people don't really think about this device much, leaving it hidden in a corner after it's been installed. But your router is an important part of your networking set-up, providing a gateway in and out of your home network, something that can be exploited by cyber attackers if it isn't secured properly. Like any other internet-connected device, you should make sure your router is kept updated with the latest security patches, which can be set up to download and install automatically. If the router reaches end-of-life and becomes unsupported by the ISP, it should be replaced with a newer model that will receive updates.
Segment your wireless network - Segmenting your wireless connection, so there's separate Wi-Fi networks for your work and home devices, can be very helpful for keeping your devices secure. The NSA suggests that, at a minimum, your wireless network should be segmented between your primary Wi-Fi, guest Wi-Fi, and IoT network. This segmentation keeps less secure devices from directly communicating with your more secure devices.
Use strong passwords and keep them safe with a password manager - Your passwords are the key to your online life, so it's vital to make them secure -- especially the ones you use to access corporate cloud environments. All of your passwords should be unique and complex, so they're not easy for an attacker to guess. While remembering many different passwords is a challenge, this obstacle can be overcome by using a password manager, which should also be secured with a strong, unique password. It's also important not to store any passwords in plain text on your device. This will prevent your accounts being accessed if your device is lost or stolen.
Use multi-factor authentication for your accounts - Using multi-factor authentication (MFA) -- also known as two-factor authentication (2FA), whenever possible can keep all of your accounts secure. Ideally, your employer will provide an authenticator to link to your corporate accounts, but it's also a good idea to secure your personal accounts with MFA. Application-based or hardware-based security keys are the most secure option. If that isn't possible, SMS-based MFA is better than no MFA.
Use security software - If you're working remotely, you should be using an antivirus product, one that's hopefully been provided by your employer. But in order to stay safe, it's also a good idea to install antivirus software on your personal devices, and it doesn't need to cost a lot. Using antivirus software can alert you to potential threats, be they malicious attachments, websites or something else.
Follow email best practices - Email is one of the most common and most effective attack vectors for malicious hackers, who can use it to trick you into giving them access to your password, clicking a malicious link or downloading malware. However, by following best practices around email cybersecurity, it's possible to avoid falling victim to email-based attacks. The NSA recommends that you should avoid opening attachments or links from unsolicited emails and that you shouldn't click on links in attachments from unknown senders. If you are uncertain if an email is legitimate or not, if possible you should identify the sender via secondary methods, such as a phone call, and delete the email if you're told it isn't really them. The NSA also recommends that you should never open emails that make outlandish claims or offers that are "too good to be true" -- like an unexpected suggestion of a bonus or a pay raise.
Be careful when using social media - Social media services such as Facebook, Instagram, Twitter, and others are a good way to keep in contact with friends and family, but they can also be a prime hunting ground for cyber criminals and other malicious hackers looking to conduct attacks. Avoid posting information, such as addresses, phone numbers, places of employment, and other personal information, that can be used to target or harass you. Some scam artists use this information, along with pet names, first car make or model, and streets you have lived on, to figure out answers to account security questions. You should also ensure that your personal social media accounts are set to friends only, to prevent unwanted eyes from snooping on your profile. Also, take precautions with unsolicited requests, especially from strangers -- attackers could use in-app messaging services to conduct phishing attacks or deliver malware.
Be cautious when using public Wi-Fi spots - One of the great things about remote working is that you can do it from anywhere, so maybe instead of working from home, you decide to work from the local coffee shop for the day. Yes, it has an internet connection, but do you know how secure it is? The NSA warns that "public hotspots are more susceptible to malicious activity," which means you should take additional precautions when using public Wi-Fi, preferably avoiding it altogether. Instead, the NSA recommends using a cellular network, such as your mobile Wi-Fi hotspot or 4G or 5G connectivity. If you must use public Wi-Fi, the NSA recommends using a trusted VPN provider to protect your connection from malicious activities and monitoring.
Finally, use your head - If you're using your laptop in a public place, don't leave it unattended and available for other people to look at or steal.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.zdnet.com/article/nsa-says-do-these-things-to-keep-your-home-network-safe-from-cyber-attack/
Comments