As we all adjust to our new way of working under COVID-19 isolation rules, our homes effectively become an extension of our working environment and this may provide more opportunities for cyber criminals. Already the NZ Computer Emergency Response Team (CERTNZ) is reporting an increase in activity around cyber scams designed to spread malware or expose sensitive personal or business information.
To help protect yourself from these types of cyber-attacks, the SEQA team have put together 5 simple ‘work from home’ recommendations:
Securing Wireless Network
Home Internet routers broadcast wireless signals within a considerable amount of space. This poses a security risk that enables attackers to eavesdrop the wireless traffic. Therefore, securing your wireless network needs to be considered as a key part.
- Change the default administrator password: Attackers can easily obtain the default password that the manufacturer has provided. If the default password has not been changed, the attacker can gain the administrative access of the router and listen to the entire wireless communication.
- Use of strong passwords: The password which is used to connect to the wireless network must be strong and different from the administrator password.
- Ensure you know and trust the devices on this network.
Passwords which are used to access business applications and software installed on a laptop should be strong. Here is some guidance around how to create a strong password. If there is an application which does not offer a single sign-on service, use a well known and trusted password manager to encrypt and secure the passwords. It will be much more reliable than a written list of passwords left on the desk. A good cross-platform password manager is KeePassX.
Physical Security While WFH
It is a necessity to ensure that working devices are physically safe and avoid offering unauthorized views of confidential information. Here are a few ways to shore-up physical security while working from home:
- If you are living with a roommate or family members, make sure that you lock your computer even when you step away from the computer. This is also applicable to the workplace.
- If you don’t have a separate working space in the home, make sure to collect working devices at the end of your workday and store them in a secure place out of sight of others.
Social Engineering Attacks
Cybercriminals are taking this COVID19 pandemic situation as an opportunity to trick people into believing the malicious spam emails and downloading the malware. Further, attackers send phishing emails that appear to be from a well-known source such as co-operatives, banks, and government organisations. Attackers also post scams and misinformation in social media to trap their victims. Please pay close attention to the actual email address of senders and do not open attachments unless they’re from a known, trusted source.
Remote Working Operational Security Guidelines
Attackers are constantly trying to exploits the newly found vulnerabilities in software applications. Therefore, check whether all software is up to date, including Microsoft Office software tools, browsers, Operating system patches, and other installed software. Ensure anti-virus is in place and fully updated.
All important files should be backed up regularly. This could also help to prevent you from losing data in case of a ransomware attack.
To learn more about how SEQA can assist with your remote working security requirements, please contact us.