Cyber Security when working from home – get 7 tips
Cyber security when working from home is something you and your employees must take seriously. Maintaining the good habits when you are working from your home office might be difficult to do in practice. Maybe your employees think that cyber security isn’t as important to be aware of while being at home – because what can happen at home? It is very natural that we as human beings forget the good safety routines when we are at home and are not reminded to be cyber aware.
However, just like at work, it is important that you and your employees take precautions and react if something suspicious occurs. As you probably know, no more than one click is necessary to create fatal consequences...
Follow our 7 tips and create a safe working space at home
- Use a VPN connection
- Make sure to lock your computer when leaving it. A set of cat paws or baby fingers can easily press something wrong
- Update your programs
- Have strong passwords and change them regularly
- Make safety calls if you are asked via email to install a program or transfer money to ensure that it is not a hacker pretending to be someone they are not – even if the emails, at first sight, appears to come from your boss or the IT department
- Do not click on links or emails that look suspicious
- Do not open attached files from unknown senders
Cyber Security when working from home is important because...
Malicious hackers can gain access to your systems and install malware and ransomware, which requires valuable time and ressources to be removed. Not to mention the financial consequences that often follow attacks like these because they prevent business-critical tasks from being solved or ransoms in order to unlock files. A cyber attack can easily become an expensive affair and can cost millions to fix again.
If unauthorized people gain access to the organisation’s data, it can have fatal consequences. Therefore, your employees must be aware of how to protect the organisation’s data in the best way – also when working from home.
Cyber security policy
It is important to have clear guidelines for how to react if you or your employees experience something suspicious or receive phishing emails.
We know that it can be tough getting your employees to read the cyber security policy. It is often not of interest or a priority to them. We offer a solution where your employees must sign that they have read and understood the cyber security policy.
Several CSIO’s answered in a survey that they experienced an increased amount of cyber attack attempts during the Covid-19 pandemic. In situations like these, where many people work from home, it is important that everyone has good cyber security habits.
Cyber Security when working from home – the 7 tips elaborated
1. Use A VNP Connection
When you use a VPN connection (Virtual Private Network) your web traffic will be encrypted and you will protect your personal data.
The encryption takes place between your device and the VPN server your device is connected to. Once you have connected to a VPN server, all traffic from your device runs through the external server (and thus the virtual private network) before reaching the internet.
2. Make Sure to Lock Your Computer When Leaving It
3. Keep Your Programs Updated
Make sure to keep your programs, e.g. Microsoft 365, updated. Microsoft Teams use Advanced Threat Protection (ATP), which protects against cyber-attacks and blocks unsafe attached files or links.
4. Have Strong Passwords and Change Them Regularly
Your passwords must be unique and strong so it isn’t possible for unauthorized people to access your computer and your programs. And remember to avoid using the same passwords for multiple purposes.
Password Spray Attacks
Some hackers attack systems by trying popular passwords, such as ‘qwerty’, ‘password’ or ‘123456’, on all accounts in a large organisation hoping to find a match. The hackers are well aware that there are only a certain amount of attempts on each account, so they adjust the number of attempts along the way.
The Centre for Cyber Security
Did you know?
According to the Center for Cyber Security, the typical password behaviour is:
- If the website requires a password of minimum 8 characters, the password created is typically only 8 characters.
- If the password must contain one capital letter, the capital letter is typically placed as the first letter in the password.
- If the password must contain numbers, these are typically placed at the end of the password. The numbers are often between 00-99 or written like a date. It is also common to replace letters with numbers that resemble the letter or is placed close to the letter on the keyboard: “3” as “e”, “0” as “o”, etc.
- The requirement to use special symbols is often solved by only using one. Some symbols are more popular than others. The at-sign (@) and the exclamation point (!) are amongst the most popular symbols.
Do you recognize this behaviour?
- If the password must be changed regularly, people often use cyclic words such as seasons, quarters, months, etc.
- Some words or numbers are very popular and appear in many passwords. Amongst the most used passwords are ”123456”, ”password”, and lines of letters such as ”qwerty”, that follow the letters’ placements on the keyboard.
- The password is the same as or part of the user name.
- The password consists of the names of family, friends, pets etc.
A good tip for creating strong passwords is to use the first letters in a sentence or add numbers and special symbols, such as:
Of course this is a thought example, so don’t use that.
5. Make Safety Calls If You are Asked via Email to Install a Program or Transfer Money
Even if the email, at first sight, appears to be from your manager or the IT department, it could easily be a hacker pretending to be someone they are not.
Imagine this: You receive an email, that looks like it is sent from your manager’s email address, asking you to pay an invoice as soon as possible. This should set off an alarm clock in your mind and you should call your manager to confirm that the email was sent by them.
6. Do Not Click on Emails That Look Suspicious
If you receive an email saying you’ve won a prize or that you must confirm your personal credentials or credit card information, you should be very cautious before doing anything. Most organsations or public institutions would never ask you to confirm such things via email.
7. Do Not Open Attached Files from Unknown Senders
You must be critical of files you receive from unknown senders.
Many HR-departments receive files, that resemble innocent résumés, but this is for some hackers a way to gain access to the organisation’s systems. It can help to have a program that scans the attached documents, e.g. résumés, before they are opened.
Cyber security when working from home via awareness and training
As mentioned by the Centre for Cyber Security as tip #4 in this guide, awareness and training in cyber security is a good way to inform the employees about the hackers’ attack methods and a good way to give advice on e.g. strong passwords. Another way of training the employees’ cyber awareness is via online training with intelligent tests. The benefit of our cyber awareness training is, that your employees can access the course on all devices, 24/7. The platform also offers micro learning so you can send out short modules during the year. E.g. the modules about social engineering and phishing close to holiday seasons. Employees who have completed our cyber security awareness training know the good safety routines, are more cyber aware and react faster when experiencing something suspicious.
Do you want help making your employees more cyber aware? Then contact us and start the dialogue today!
Phishing is when you receive false e-mails with infected links and attachments. Phishing emails are often sent out in large quantities in the hope that someone “bites the hook” and clicks the infected emails or attachments.
The sender will often resemble someone you already know, and because of this, you must be extra cautious, for instance by hovering the mouse over the sender’s name.
Spear phishing is a specific sort of phishing where the attack is targeted at one particular person or organisation. The purpose is to make the targeted person click on an infected link or open an attached file, so the cybercriminal can access the person’s computer and data. In spear phishing, techniques from social engineering are often used; the hacker pretends to be someone you know e.g. your manager or a colleague.
Most hackers often attempt at attacks during the holiday seasons, so you should be extra cautious in times like these.
Smishing is when you receive false text messages that encourage you to click on infected links. Because of this, you must be cautious when receiving text messages from an unknown sender. Always be critical when receiving mails or text messages with a link or a file from an unknown sender.