10 Steps for maintaining web security (and sanity) while working from home during Coronavirus
Governments across the globe have put extreme measures in place to limit the spread of coronavirus, prohibiting large public gatherings, closing schools and day care facilities, and encouraging “social distancing” to keep new coronavirus cases as low as possible. And of course, office workers everywhere are on strict work-from-home schedules to mitigate COVID-19’s spread.
While many in the workforce have a home office setup already, the same cyber hygiene and web security standards that can be found at corporate offices are not generally in place at home. With that in mind, the following 10 steps can be used to help avoid cyber-related mistakes, which may linger long after global recovery from COVID-19.
- Maintain regular working hours, but also plan breaks to avoid breaches caused by human error. Working from home requires a different kind of discipline than the typical workplace and it can be difficult to adapt. Planning your working hours and penciling in suitable breaks will allow you to focus on what needs to be done and when. Similarly, it can be easy to get caught up in a task as you make progress, but regular breaks from a computer screen are essential to avoiding fatigue, strain or headaches from excessive use. All these factors may increase the chances of human error and therefore the chance of a breach.
- If sharing your home with others, designate a workspace and ground rules. Family members or roommates can present a distraction during any self-quarantine, particularly if there’s limited space to work and live in. Be clear from the outset as to where your working space is, and the hours you’ll be working.
- Take precautions around web security at home. For example, ensure your home router is secure, does not use a generic default password, is utilizing encryption and has its firewall switched on. All these measures will help to secure your home network for personal as well as work use, and increase the likelihood of being able to work safely and securely without compromise. This is even more prudent in the age of connected devices. Today, TVs, baby monitors, smart speakers, doorbells, and even lightbulbs can be connected to your network, presenting potential routes into your home network to compromise your more secure work devices and web security. Two-factor authentication, a password, your router and your firewall may be all that keeps them secure. Ensure all your devices have been changed from their default passwords and that any available security measures are enabled.
- Keep an eye on bandwidth, which may be more limited than usual due to the increased numbers of people working from home. Increased usage of the internet at home will place greater strain on home networks, and in many cases, the capacity of local infrastructure is shared. Be aware that you may experience slower speeds than usual. If sending work files, resist any temptation to work around existing security measures or the network to save time. Risking compromise of the whole network and its existing web security standards is not worth a few seconds’ expediency.
- Mobile data and networks will likely suffer the same issues. Data usage may significantly slow and calls may not connect. Ask yourself: Is the communication urgent? Consider alternative but approved workplace communication via Slack, Skype, Zoom or other approved applications if necessary. Do not use less secure communication channels.
- Resist the temptation to use unfamiliar WiFi for work or private browsing. It might be tempting to connect to a neighbor’s or public unsecured WiFi if the signal appears stronger and your connection appears to be very slow, but it’s critical not to do this for private or work-related purposes, since it’s impossible to discern whether you’re inadvertently giving away your credentials to a tech-savvy attacker.
- Ensure you’re using encryption. Webmail or private email are unencrypted, leaving your devices at significant risk of compromise via interception or “man in the middle attacks,” and can make your home network vulnerable to compromise as attackers may piggyback on you to compromise an otherwise secure environment.
- Supplement encryption with a Virtual Private Network. For an extra layer of web security and encryption, always use a VPN. Most workplaces now have these installed on workplace or business machines and these should be used when available.
- Use Multi-factor/two-factor (MFA/2FA) authentication whenever possible. This extra layer of web security may prevent compromise of work applications. Be particularly wary of social engineering during this time, such as contact which may seek to obtain disclosure of an MFA/2FA code.
- Be aware of increased phishing and other forms of cyberattack through electronic communication. With many people self-isolating and working from home there will be a significant appetite for news on developments. However, workers must be aware that this is almost certainly not going to be delivered via any unsolicited electronic communication. Do not click links or attachments in any unsolicited communications offering help or advice, particularly relating to COVID-19 (or really any other significant global events that may be occurring). Stay up to date using reputable news providers and trustworthy government websites for informed and credible updates.
According to Mimecast threat intelligence researchers, threat actors and criminals will almost certainly seek to exploit the increased numbers of employees working from home and see them as an opportunity to compromise secure workplace networks. Working from home presents additional complexities, potential weak points and vulnerabilities for attackers to exploit, particularly if employees let cyber hygiene slip.
Workplace safety measures and social distancing will almost certainly result in threat actors targeting individuals at home and via their more vulnerable home WiFi networks. Mimecast researchers believe there may well be a significant increase in spam mail and phishing attacks against individuals as well as businesses.
Human error accounts for over 90% of cyber incidents, with at least 90% of breaches involving email as a delivery vector at some stage. The overarching aim of any attack is to encourage the target to type credentials into forged sites, or to covertly install malicious software that will permit data exfiltration or network access, from clicking on malicious links. Take your time and apply the usual diligence to any electronic communication and do not click on links within these emails.
 Mimecast - The State of Email Security Report 2019 (https://www.mimecast.com/the-state-of-email-security-2019/)