Working from home isn’t something we’re all used too, but with the continuing COVID-19 global pandemic it seems many of us will be making the move back home and that will likely be our 9-5 for the foreseeable future. Although working from home may feel great to begin with there are risks relating to cybersecurity you need to be aware of.
Today I’ll offer you advice on how to reduce cyberattack risks on your deployed devices including laptops, mobiles and tablets as well as a few warnings for catching out Phishing scams (which have seen a spike since the COVID-19 outbreak).
The first subject we’ll cover fits under communication. Working from home requires a lot of it, sometimes more so than when you are on-site. Therefore its highly likely that many organisations will implement some form of team messaging platform to help keep workflow at its most efficient (if you need a platform set-up we highly recommend Slack). With all-new apps you’ll likely need to make a new account, considering the information that may be sent across these channels it’s crucial to follow strict security procedures around each account.
All passwords should be randomised and saved in a password manager such as 1Password and we highly recommend using Multi-Factor Authentication if possible within the said application. Multi-Factor Authentication reduces the chance of cybercriminals accessing data by an incredible margin and should be used where available.
With many jobs, it’s important to use specific software and applications. It can be easy to think that using these at home will bear the same consequences but this isn’t always the case, you may have to install new programs and software to do your job while working from home. Its important that your company is aware of this and writes guides for all the new functions you will need to carry out.
With the current lockdown at hand, even the team here at Pentest People have had to implement new software to allow a continuous business flow. We’ve implemented the SecureGateway that allows our consultants the same internal access to a clients system without the need for them to be on site. As you can imagine this then requires us to set up procedures and risk factors surrounding this new system, just as your business should with new software or applications.
Its no myth that you’re more likely to lose or have your devices stolen when out of the office. Considering the amount of time we may have to stay working from home it is recommended that you allow devices to encrypt data whilst at rest. Encrypting data allows it to stay safe even if lost or stolen. I will add that many modern devices have encryption built-in but you may need to turn this function on or configure the settings to allow the encryption.
As COVID-19 is the most popular thing in the media, many cybercriminals will attempt to use it for their own personal gain. We’ve already seen a huge spike in activity revolving around fake malicious websites, phishing scams and fake news articles. Considering the sheer amount of people now using home computers/laptops and other devices for work while at home there are certain things you need to look out for.
Although we have a full blog post on email phishing, what it is and how to watch out for it (which can be found here: https://www.pentestpeople.com/what-is-phishing/) we wanted to talk through some known scam attempts relating to the coronavirus.
The first things to focus on is the content of the email, due to COVID-19 you’ll likely receive many emails claiming to have found a vaccine, offering you financial help and also for donating to help fund a cure. Rule of thumb would be to simply ignore emails such as these. The endgame of such emails will be to make you click on a malicious link that leads to the download of malware onto your computer or steals passwords.
Although it seems there’s a lot to focus on the key theme throughout is to stay vigilant. Not just employees but business owners also. This is an interesting time for everyone remote working but we hope the information we’ve provided in this guide will help you. Whether you’re new to working from home or simply don’t know the full extent of what to look out for!