Digital Concierge

Top Cyber Security Tips for Working from Home

Keeping your digital information safe when working from home.

Did you know that a hacker attack occurs every 39 seconds and that 43% of these attacks are on small businesses?1

Cyber security has never been more important!

Many small businesses operate out of home offices and full-time office workers sometimes bring work home or quickly check their emails before bedtime. Although small businesses are generally less protected than large companies, due to the changes in society caused by the Covid-19 pandemic even employees of large organisations are also now working from home on a part- or full-time basis.  There may now be additional vulnerabilities where existing IT security services do not extend to remote devices in home offices, especially where remote working was implemented under time pressure.

 

Whether you go online only once or are constantly connected, every connection made to the internet is a possible gateway for viruses and hackers to access your devices and data. Phishing emails and calls are growing more sophisticated and catching even some tech-savvy people unaware. Yet we often find our clients have little knowledge on how to secure their home office against online threats. No one is suggesting that you must be a security guru, but you should know a little about how to keep your computers and network safe and be wary of potential threats.

 

So here are our top tips for keeping your home office secure against cyber attacks. Of course, this is just the tip of the iceberg 😉

 

If you need a little help with any of this, you can now avail of our new Digital Concierge service. Let us take care of your digital housekeeping while you focus on growing your business!

Top Ten General Online Best Practices

  1. Don’t open attachments in emails or other messaging apps if you are unsure of their legitimacy (especially because of the threat of Ransomware.)
  2. Never do things on your computer at the request of a stranger calling claiming to work for a big company. Always first follow up independently with the company to verify the authenticity of the request.
  3. Never give out private details (card numbers, pin codes, passwords) over the phone or in emails.
  4. Be careful what details you post on the internet (especially on social media sites). Check your privacy settings on all your business and personal social media sites.
  5. Use unique, strong passwords for every site or app login.
  6. Use two-factor authentication (2FA) where available.
  7. Ensure you set your social media profiles privacy and security properly.
  8. When surfing, ensure the website is secure (https – usually a lock symbol).
  9. When buying with a bank card online and/or downloading from sites, ensure that it is a reputable vendor.
    1. Look at the vendor’s about, contact details (phone+email), company details, etc. on the website.
    2. Make sure it is the actual brand and not a lookalike (spelling variations, hyphens, etc.) trying to trick you.
  10. If you are out and about and have to use public wifi (airport, coffee shop, library etc), it is advisable to use a VPN (virtual private network). A number of modern high-end home routers have a VPN facility, it just needs to be set up properly.

Software Best Practices

  • Ensure you have a good antivirus that is updated regularly.
    • Windows definitely requires it.
    • For Mac users – camps appear divided. No harm in adding additional safeguards.
    • Set up regular scheduled scans (preferably when you don’t use your machine as there might be a performance impact.)
  • Always ensure that you are using the latest versions of the software.
  • Ensure to back up important documents (and photos) regularly to a different storage option. Don’t rely on USB sticks.
    • Cloud storage such as Google Drive/iCloud/Dropbox is the easiest to implement, and cost effective if your storage needs increase.
    • Portable hard drive.
    • NAS (Network Attached Storage) drive.
  • Ensure your browser (Chrome/Safari/Firefox/Edge) is up to date.
  • Ensure your OS (operating system) software is updated regularly.
    • Reboot your machine every few days (especially laptops).
  • Do basic computer housekeeping.
    • Use cleaners like CCleaner to reduce junk and unused files.
  • Lastly, be very careful of letting your children use your work computer. They may click on links or download games from sites that could compromise your computer.

Hardware Best Practices

  • Ensure you have a good, strong WIFI password. Do not leave it as the default password!
    • It doesn’t need to be overly complicated, but the longer the better. Use a passphrase that you can remember.
  • Ensure that your home router has a firewall enabled.
    • There are a few services available online that do this for you (eg. ShieldsUp found on www.grc.com)
  • Ensure that your router is up to date.
    • If unsure, ask your ISP (internet service provider) to double check this for you.
  • Ensure you select “WPA2” or the newer “WPA3” for your router’s WiFi security protocol.
  • Disable the WPS (Wi-Fi Protected Setup) feature if this is still enabled on your router.
  • If you regularly work from home, we recommend that you buy a 2nd router that you plug into your first router. Use the network of the new, 2nd router for your home network/WIFI.
  • If you need to connect to a remote server for work, this should be done using a VPN (virtual private network) or other secure facilities and protocols.

Conferencing/Online Meetings with Zoom

Discussions of a confidential nature should not be conducted over Zoom or any other remote conferencing applications. Remember that what goes on in a video conference will not always stay on a video conference!

If you are the organiser/host:

  • Don’t use your PMI (Personal Meeting ID) for public meetings.
  • Don’t share meeting information on public channels or social media.
  • Set and use a password for the meeting.
  • Enable Waiting Room as a default setting.
  • Make sure to enable features that alert of newly joined participants – audible tone.
  • Minimise the use of the chat and file sharing functions or disable entirely if not required.
  • Consider making registration a requirement.
  • Ensure that you are familiar with Zoom settings so that you can control the meeting as the host: lock the meeting, control screen sharing, mute participants, etc.
 

If you are an attendee:

  • Make sure you are happy with your details given at registration.
  • Choose whether you want to enter the meeting with your microphone or video on (if not set to off by the host).
  • Ensure that you are comfortable with the information presented in the background of your video.
  • Avoid oversharing if you need to screen share. Accidents happen, so don’t leave windows open that you don’t want to share.
  • Familiarise yourself with Zoom settings.

NB. Keep the application updated at all times!

Passwords

The idea with strong passwords is to make it difficult for a perpetrator to guess. With modern technologies, software is commonly used to guess passwords. Since software can crunch huge amounts of data in a short time, it makes passwords even easier to hack. That is why it is recommended to use two-factor authentication (2FA) as this makes it even harder to guess.

 

If you have business sensitive documents stored that require password access (such as cloud storage or any third-party software), it is advised that you use strong passwords and update them regularly. Ensure that all your business-critical passwords are securely stored in the event anything happens to key personnel. As they say – prevention is better than cure.

 

It is recommended that a strong password should be longer than 8 characters, contain upper and lower case characters, numbers and punctuation/special characters. This is an example of a strong password: “[email protected]$J3d!2020“ Don’t use common phrases or quotes, personal words like family or pet names, or words or abbreviations associated with your organisation or industry.

 

It is impossible to keep track of multiple strong passwords, so we recommend using a password manager like LastPass or Keeper. Password managers are much better than relying on your memory, writing them down or saving passwords on your device! However, they are only as good as the passwords they store, so it is still up to you to ensure that the passwords are unique and strong.

 

Never use the same password twice (or on multiple accounts) and change your passwords regularly if you don’t use 2FA. At the very least, regularly change the passwords to your emails, social media accounts, and website CMS. We recommend at least every 1-3 months if used for business purposes.

 

If you want to find out if your personal or business email and password have been compromised, you can look here: https://haveibeenpwned.com/

Phishing Scams

Covid-19 has brought about many worrying trends, including an increase in phishing attacks and vishing (voice phishing) scams. Cyber criminals have adapted to the pandemic to prey on people’s fears and anxieties during this time. They are also exploiting new Covid-related business practices and creating malware with Covid themes.

 

It is more important than ever to be vigilant against such schemes. Be especially suspicious of any emails or phone calls asking to check or renew your credentials even if it seems to come from a trusted source.

 

Be wary of:

  • emails from people you don’t know- especially if they ask you to click on links or open files.
  • emails that create a sense of urgency or severe consequences.
  • emails sent from people you know, but asking for unusual things or making unexpected requests.
  • attachments with strange or alpha-numeric file names, especially if coming via other messenger apps like Facebook Messenger.

Congratulations on making it all the way to the end of this article! We hope you now understand the importance of securing your home office and how to keep your business operating safely online.

 

If you have further questions or need help in implementing any of these measures, don’t hesitate to reach out to the team at [email protected].