Beginning in 2020, the COVID-19 pandemic forced businesses around the world to embrace remote working as a strategy to keep operating. And many of them did so, having little to no experience with the technologies needed to make it work. For IT professionals, it represented a massive challenge at an unprecedented scale.
For cybercriminals, it represented the opportunity of a lifetime.
Almost overnight, millions of people began working from home using hastily-configured solutions. And it didn’t take long for the bad guys to exploit the numerous security weaknesses that were created. What followed was a wave of cybercrime that persists to this day.
And now, with 2022 just around the corner, it’s becoming clear that the pandemic isn’t going away anytime soon. And that means it’s well past time for the legions of remote workers to take some steps to secure their work-from-home setups and stop the hackers in their tracks. Here’s how they can do it.
Enable 2FA Everywhere
The first step toward securing a work-from-home setup is to try depriving hackers of what they want most: passwords. And to understand why that’s so important in this context, here’s a little background.
For decades, business IT security revolved around the idea that all company data assets and those that accessed them would be inside a private network. That meant that an attacker would have to find a way past a firewall or other gateway device to get at anything important.
But now, remote work has turned that concept on its head. Through remote work, business data is getting accessed from endpoints all over the internet. And that means passwords are now the primary line of defense against intruders. It’s no wonder that 81% of business data breaches in 2020 involved stolen or compromised passwords.
And one of the best ways to slow down such attacks is to make it such that passwords aren’t the only thing an attacker needs to gain access to business data. Right now, two-factor authentication (2FA) is the most widely-available way to do that. With 2FA turned on, an attacker would need a user’s password and a single-use, time-limited token to get into protected systems. That extra bit of protection reduces the odds that an unauthorized user will get into a system where they don’t belong.
Install Endpoint Protection
Quite a few supposed cybersecurity “experts” are making the rounds online, claiming that antivirus software is no longer necessary. But their opinion is based on some remarkably suspect logic. The crux of their argument seems to be that viruses haven’t threatened the average user much for decades. And they also claim that the built-in protections of most modern computing devices do a good enough job of keeping them safe.
But that opinion is, quite frankly, insane.
Modern antivirus programs are most often a part of what’s called an endpoint protection suite. And that means they do an awful lot more than guarding against viruses. Most also look out for spyware, malware, ransomware, and other unwanted programs. And that’s where they prove their worth.
In objective testing, countless antivirus products scored higher at detecting and removing malware than Microsoft’s built-in protection did. That alone is enough of a reason to recommend that remote workers protect their devices with a commercial antivirus product. With so many inexpensive options to choose from, they’d be crazy not to.
And, despite Apple’s reputation for security, they’re no more immune to advanced malware and ransomware threats than any other type of device. Apple’s own head of software, Craig Federighi, even admitted as much during a recent legal hearing in the US. So, it’s also worthwhile for Apple users to buy and install an antivirus for macOS if they haven’t done so already.
Secure Your Home Office
Physical safety should not be compromised when you are working from home. Lock your home office when you leave, just like you do daily at a company office. Laptops and mobiles are likely to be stolen from the home office, living room, or backyard. Keep your laptop in a safe place and lock the door whenever you go out for any reason. Your home workspace should reflect your regular office in terms of security.
Secure Your Home Router
Hackers usually gain access to your device by using the default password on home routers because users don’t bother to change it. Changing the router’s default credentials to unique ones is simple and can keep malicious actors out of your home network.
Along with this, you can also take further steps. For instance, be sure to install firmware updates as soon as possible to reduce the risk of vulnerabilities.
Keep Work and Personal Devices Separate
When working from home, it becomes essential to distinguish between home life and work life. There’s no doubt that switching devices for household tasks like paying bills or online shopping can be irritating, but make sure your work device isn’t being used for errands. If you apply this principle to a mobile device, it will also provide more protection.
Keep Operating System Up-To-Date
If you are utilizing an operating system, it may take longer than usual between mitigation and vulnerability discovery. Wormable zero-day exploits can reproduce serious issues if the window is left open for a long time. Enable all the security patches to reduce the risk. Modern devices have an automatic default process for updates, but you may need to apply it to complete the patching process.
Enable Automatic Locking
Be sure to lock your device if you leave it in the home office or go to a coffee shop, shopping mall, or co-working space. We take it for granted, so we forget as we go. Automatic locking protects the device in your absence.
Ensure the duration is not unreasonably long, such as five minutes for laptops and 30 seconds for mobile devices. Modern devices have automatic locking by default.
Use a VPN
A virtual private network (VPN) enables users to send or receive data through an encrypted virtual tunnel over a public network. A VPN helps increase the security of financial transactions, personal information, web sessions, and transmitted data.
At the same time, it makes it harder for cybercriminals to disrupt your operations or spoof your traffic and reduces the risk of MITM attacks. They prevent ISPs and government agencies from tracking online activity and keep you anonymous by changing location. Always choose a reliable VPN to increase digital security.
Deploy Encryption Where Possible
One of the biggest security challenges surrounding remote work is that home networks, and other equipment were never designed to meet the security standards of business users. For that reason, the average home network and personal computing device are far more vulnerable to hackers than similar business-grade equivalents.
For one thing, home networking equipment doesn’t always enable the strongest possible encryption by default. Business-grade equipment not only does so but even feature newer and more secure encryption schemes. The same thing goes for business-grade computing devices. They’re far more likely to use data storage encryption than a personal device would.
But that doesn’t mean home users are defenseless.
Home networking equipment and devices typically do support some types of encryption, and any encryption is better than none. To start with, it’s a good idea to make sure that the WiFi network being used for remote work has its highest encryption standard turned on. Most often, the highest standard on a home router will be WPA2-PSK.
And then it’s also a good idea to enable storage encryption on the device used for connecting remotely. On a Windows PC, this is done through a feature called BitLocker. On a Mac, it’s done through FileVault. Turning those features on means that even if an attacker did somehow gain access to the device, any data they exfiltrate from it would be useless to them.
Learn How to Spot Phishing Scams
When it comes to cybersecurity, the end-user is always the weakest link. That’s why most attempts by hackers to penetrate protected systems almost always begin with social engineering – and most often phishing attempts. That’s when an attacker tries to trick a user into giving them access to a protected system or turning over the credentials needed to gain access to it. And remote workers who are unaware of what a phishing attempt looks like are sitting ducks.
That’s why an essential part of securing any work-from-home setup is for the remote worker to learn everything they can about common phishing tactics. That way, they can act as the first line of defense that makes most of the other security steps outlined above redundant. After all, phishing is how attackers steal passwords, get users to unwittingly install malware, or gain unauthorized access to data in the first place.
So, the bottom line is that the better a remote worker is at spotting attempts to trick them, the safer their systems will be. As noted earlier, the vast majority of data breaches in 2020 stemmed from stolen passwords. And the vast majority of those – 85% to be precise – involved a human element. That means the only way for remote workers to stay secure is if they contribute to their own defense by looking out for anything suspicious.
The Bottom Line
At the end of the day, remote workers are now on the front line of a cybersecurity war that’s been going on for decades. And that means they have a major role to play in preventing hackers from getting the upper hand. They can no longer rely on the security of their office networks to do the work for them.
But, by applying the concepts above, it’s not hard to secure a work-from-home setup and keep hackers at bay. And since it’s now becoming obvious that a wholesale return to offices isn’t going to happen for the foreseeable future, now’s as good a time as any to get started.
By Andrej Kovacevic
Updated on 26th August 2022