How to Secure Your Work-From-Home Setup Against Common Cyberthreats

Beginning in 2020, the COVID-19 pandemic forced businesses around the world to embrace remote working as a strategy to keep operating. And many of them did so having little to no experience with the technologies needed to make it work. For IT professionals, it represented a massive challenge at an unprecedented scale.

For cybercriminals, it represented the opportunity of a lifetime.

Almost overnight, millions of people began working from home using hastily-configured solutions. And it didn’t take long for the bad guys to exploit the numerous security weaknesses that created. What followed was a wave of cybercrime that persists to this day.

And now, with 2022 just around the corner, it’s becoming clear that the pandemic isn’t going away anytime soon. And that means it’s well past time for the legions of remote workers to take some steps to secure their work-from-home setups and stop the hackers in their tracks. Here’s how they can do it.

Enable 2FA Everywhere

The first step toward securing a work-from-home setup is to try and deprive hackers of the thing they want most: passwords. And to understand why that’s so important in this context here’s a little background.

For decades, business IT security revolved around the idea that all company data assets and the people that accessed them would be inside of a private network. That meant that an attacker would have to find a way past a firewall or other gateway device to get at anything important.

But now, remote work has turned that concept on its head. Through remote work, business data is getting accessed from endpoints all over the internet. And that means passwords are now the primary line of defence against intruders. It’s no wonder, then, that 81% of business data breaches in 2020 involved stolen or compromised passwords.

And one of the best ways to slow down such attacks is to make it such that passwords aren’t the only thing an attacker needs to gain access to business data. Right now, two-factor authentication (2FA) is the most widely-available way to do that. With 2FA turned on, an attacker would need a user’s password and a single-use time-limited token to get into protected systems. That extra bit of protection reduces the odds that an unauthorised user will get into a system where they don’t belong.

Note:

Unfortunately, 2FA isn’t a perfect solution. Although it makes the job of an attacker harder, there are already some exploits that can defeat it. That means users must still take additional steps to keep their work-from-home setup secure.

Install Endpoint Protection

There are quite a few supposed cybersecurity “experts” making the rounds online claiming that antivirus software is no longer necessary. But their opinion is based on some remarkably suspect logic. The crux of their argument seems to be that viruses haven’t been much of a threat to the average user for decades. And they also claim that the built-in protections of most modern computing devices do a good enough job of keeping them safe, anyway.

But that opinion is, quite frankly, insane.

Modern antivirus programs are most often a part of what’s called an endpoint protection suite. And that means they do an awful lot more than guarding against viruses. Most also look out for spyware, malware, ransomware, and other unwanted programs. And that’s where they prove their worth.

In objective testing, countless antivirus products scored higher at detecting and removing malware than Microsoft’s built-in protection did. That alone is enough of a reason to recommend that remote workers protect their devices with a commercial antivirus product. With so many inexpensive options to choose from, they’d be crazy not to.

And, despite Apple’s reputation for security, they’re no more immune to advanced malware and ransomware threats than any other type of device. Apple’s own head of software Craig Federighi even admitted as much during a recent legal hearing in the US. So, it’s also worthwhile for Apple users to buy and install an antivirus for macOS if they haven’t done so already.

Deploy Encryption Where Possible

One of the biggest security challenges surrounding remote work is that home networks and other equipment were never designed to meet the security standards of business users. For that reason, the average home network and personal computing device are far more vulnerable to hackers than similar business-grade equivalents.

For one thing, home networking equipment doesn’t always enable the strongest possible encryption by default. Business-grade equipment not only does so but even feature newer and more secure encryption schemes. The same thing goes for business-grade computing devices. They’re far more likely to use data storage encryption than a personal device would.

But that doesn’t mean home users are defenceless.

Home networking equipment and devices typically do support some types of encryption, and any encryption is better than none. To start with, it’s a good idea to make sure that the WiFi network being used for remote work has its highest encryption standard turned on. Most often, the highest standard on a home router will be WPA2-PSK.

And then, it’s also a good idea to enable storage encryption on the device used for connecting remotely. On a Windows PC, this is done through a feature called BitLocker. On a Mac, it’s done through FileVault. Turning those features on means that even if an attacker did somehow gain access to the device, any data they exfiltrate from it would be useless to them.

Important:

Home versions of Microsoft Windows 10 don’t include BitLocker. The same goes for earlier Windows Home versions. So, it’s not advisable to use such systems for remote work purposes. They should be upgraded or replaced as soon as possible. It’s also worth noting that storage encryption is also available on most Android devices and all iOS devices, but since those typically aren’t used as primary remote work devices, they’re outside the scope of this article.

Learn How to Spot Phishing Scams

When it comes to cybersecurity, the end-user is always the weakest link. That’s why most attempts by hackers to penetrate protected systems almost always begin with social engineering – and most often phishing attempts. That’s when an attacker tries to trick a user into giving them access to a protected system or to turn over the credentials needed to gain access to it. And remote workers who are unaware of what a phishing attempt looks like are sitting ducks.

That’s why an essential part of securing any work-from-home setup is for the remote worker to learn everything they can about common phishing tactics. That way, they can act as the first line of defence that makes most of the other security steps outlined above redundant. After all, phishing is how attackers steal passwords, get users to unwittingly install malware, or gain unauthorised access to data in the first place.

So, the bottom line is, the better a remote worker is at spotting attempts to trick them, the safer their systems will be. As noted earlier, the vast majority of data breaches in 2020 stemmed from stolen passwords. And the vast majority of those – 85% to be precise – involved a human element. That means the only way for remote workers to stay secure is if they contribute to their own defence by looking out for anything suspicious.

The Bottom Line

At the end of the day, remote workers are now on the front line of a cybersecurity war that’s been going on for decades. And that means they have a major role to play in preventing hackers from getting the upper hand. They can no longer rely on the security of their office networks to do the work for them.

But, by applying the concepts above, it’s not hard to secure a work-from-home setup and keep hackers at bay. And since it’s now becoming obvious that a wholesale return to offices isn’t going to happen for the foreseeable future, now’s as good a time as any to get started.