Cyber Security Protection Checklist for Remote Workers

Amid all the COVID-19 chaos, as people get limited to their homes, the world is seeing a significant shift towards remote work culture. Although this shift helps to save people from the pandemic, it puts them under a different kind of risk.

There are always those who’d benefit from a crisis. In this particular situation, hackers have gone in an over-drive.

The human element is the biggest risk among all IT security risks. That’s why hackers frequently trick and use credulous employees in their malware attacks.

As countless people strive to continue their careers from home, hackers use this opportunity to attack the usually inadequately protected home networks and unsuspecting remote workers.

With many personal activities being carried out online as well, like grocery or clothes shopping, more sensitive information is being shared online than ever before.

That’s why remote workers must be careful about the use of the internet as well as local apps, to avoid leaking sensitive or secret company information that hackers can use to infect an entire network and demand ransom money.

How to Protect Yourself?

Like most things, simple tips and tricks can help remote workers protect themselves against these challenges. Awareness is the key, however. If you’re aware of the threats surrounding you, you can move on to take essential measures.

Be Careful About Bringing Company Hardware to Home

You may want to bring company hardware home to facilitate working from home. But work devices are accustomed to a secure environment, that’s you might experience some vulnerabilities when you take these devices back home.

This move can result in data being lost in transit or at home. So be careful about only bringing home devices or information that you absolutely require. 

         Work and Personal Devices | Source: Unsplash

In the same vein, try not to use the same devices for personal and work use. People are usually casual and relaxed about using personal devices, which can be particularly dangerous for any company information stored on these devices. 

Similarly, don’t transfer work data to personal devices to prevent any unintended information leaks.

Use Secure Network Connections

Since you’ll be using your private network for work-from-home, remote workers must prioritize getting a secure Wi-Fi connection, so you only connect to your work network within a safe virtual environment.

You need to get a strong WLAN encryption locked using a unique and complex password. Using a VPN will further ensure your online privacy and safety by making you anonymous online. This can be critically important if your work involves exchanging sensitive information or accessing the company intranet.

Use Premium Antivirus Protection

High-quality antivirus protection is the other aspect of your online security. Premium antivirus solutions like Kaspersky and Norton offer features like personal firewalls, email filters, network security, VPN, phishing protection, ransomware protection, and many more. 

        Antivirus Protection for Remote Workers |  Source: Unsplash

These features are essential for the safety of remote workers. For a small monthly charge, you don’t just ensure the safety of your family and organization, but also get to enjoy a sense of mental peace by keeping digital threats at bay.

Keep Your Software Up to Date

Be it your operating system, antivirus software, or any other software you use; you must always keep them up to date. 

At home, you are sharing the same network for your personal and work-related connectivity. All personal devices and smart appliances are attached to the same router for data transmission, which increases your vulnerability.

That’s why make sure all your devices are up to date. Software companies regularly release updates that include performance or security patches that enhance the efficiency of the software.

It helps to keep your software settings set on automatic updates. But if, for any reason, you don’t want to turn on automatic updates, you must regularly check for the latest updates on your software provider’s official website and make sure all your security patches are in place.

Be Wary of Unsolicited Emails

As you probably already know, phishing emails are a common source of malicious activity. That’s why you need to be careful about unsolicited emails and email attachments.

Do not click on links or open attachments in emails you can’t confirm the source of. Even if an email is from a close friend but contains suspicious text such as unusual personal questions, it is probably malware at play.

Similarly, emails that create a sense of urgency warning you of severe consequences if you don’t take immediate action are chief candidates of phishing attempts.

In any case, you should never share personal or other sensitive information in emails or via other online channels without verifying the authenticity of a source through external means. 

If you receive an email from your service provider asking for information, you can try calling their customer service department for help. In case, the email is from a provider you’re not subscribed to, do not respond. 

Remember that legitimate companies do not ask you to divulge personal information through emails. They’ll only ever use verifiable sources in case they require any information from you.

Avoid Phishing Websites

Many phishing websites can trick you into sharing sensitive information. Some would even download malware on your device just for being on the site.

Always check a website’s security before you visit it. Pay close attention to the website’s Uniform Resource Locator (URL). The ones that begin with “https” differentiate safe sites from the unsafe ones (http).

Furthermore, where you may have to share information, make sure the site has a padlock icon next to the URL. This symbol indicates that your information will be encrypted for security.

Use Multi-Factor Authentication (MFA)

Would you believe that 123456 is the most commonly used password? No kidding. That’s like presenting all your personal information to hackers on a golden plate.

That’s why always use unique passwords with a combination of small and capital letters, digits, and special characters. One trick is to take your favorite quotes or song lyrics and turn them into a creative password. That way, it’s easier to remember them.

Use a different password for each account so that even if one gets hacked, the others will still be safe. Also, change passwords regularly and never write them down anywhere. 

If you have difficulty coming up with unique combinations or remembering them, it’s better to use a Password Manager.

The best thing, however, is to use multi-factor authentication where possible. With MFA, the user needs to present two or more credentials to authenticate their identity. These credentials usually include a password and another evidence type, such as a secret question, mobile number, numerical codes, biometrics, etc.

MFA makes it harder for hackers to break into your account. Even if they are successful in cracking your password, they won’t be able to verify other credentials. 

Turn off Voice-Controlled Smart Appliances

Virtual assistants like Alexa and Siri listen in on everything you talk about at home and transfer this information to their providers. There’s every possibility of these recordings falling into the wrong hands.

So, you must be careful about their presence in the same room where you work or even generally discuss important matters. You should either turn them off or remove them from the room altogether.

Also, be sure to cover the webcam on your PC when not in use and be careful about using the video function for sharing information.

Log off from your User Account when not Working

Even the most disciplined of us can get relaxed about some work rules at home. One of the most common things we do is to leave our user accounts unlocked when taking a break from work at home. 

Be careful not to do that and always lock the screen of your PC so that it isn’t accessible during your absence. As an added measure, be sure to safeguard your devices against unauthorized use and theft, as well.

Backup Important Data Regularly

Last but not least, always back up your important data. We’d recommend you save your data on a top-quality external storage device as well as to cloud storage. 

Backups come in handy if you lose your device or malware threatens to erase everything. In case of malware, you can reset your PC to factory settings and get rid of the malware, and you’ll still have all your data safely stored.

Use Trusted Sources for COVID-19 Updates

While we are on the subject of being careful online amidst COVID-19, you also need to watch out for the pandemic related scams. Don’t go to any random sites that offer the latest info stats on COVID-19. 

Consult legitimate government websites where you’ll find all the up-to-date information you need to know. 

Similarly, if you want to contribute to any charities, verify the charity’s authenticity before you make any contributions, so you don’t end up losing your money to malicious actors.

Summing Up

Awareness and caution will keep you safe in most cases. Just follow the tips we have talked about and have a safe working day at home.

If, however, you feel that you may have leaked sensitive company or financial information, report to your organization and alert them to the problem so that they can take necessary measures. 

In case of a financial information leak, contact your bank immediately and close the accounts you think may have been compromised. Keep an eye out for any unexplainable debits to your account.

If it’s passwords that may have been given away, change them immediately and watch out for signs of identity theft. 

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…

5 hours ago

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…

6 hours ago

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…

6 hours ago

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…

6 hours ago

New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

A security researcher discovered a vulnerability in Windows theme files in the previous year, which…

6 hours ago

SYS01 InfoStealer Malware Attacking Meta Business Page To Steal Logins

The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…

6 hours ago