Working remotely from the office presents an IT security challenge because your home or remote location generally doesn't have the same safeguards in place that you have at the office. Here are a few tips to consider that will help to reduce your exposure to cybersecurity risks while working remotely.

Use your company's tech toolbox

Ask your company IT person what tools are in place to help keep you secure and cyber safe when you are working from home. If you are working on company-supplied laptops and mobile devices, they will probably already have antivirus protection, and other security features installed.

This is important because cybercriminals are looking for opportunities whether an individual is working at the office or from home.

Physical security matters 

Part of using your work device in a remote location is to recreate the secure environment that exists in your workplace. Don't let others use your work computer or device; this means family too. It is important that your work device is secure all the time. When you leave your laptop, even for a few minutes, you should lock the screen.

If you are handling sensitive or confidential material - make sure that the sightlines to your screens are blocked when you are working. When you finish working, you should lock the door to your home office.

Consider this extra effort a small price for keeping confidential corporate information safe and secure. Even if outsiders have no access to your home office, it's still worth locking your computer. This way, there will be no accidents like your child sending your supervisor a goofy email or text (that comes from you). When you leave your home office, lock the screen, and of course your computer needs to be password protected.

You should never leave your work computers, tablets or smartphones in the car. Your devices should always be with you while you are on the road (and this includes the trunk, which is not any safer). Someone may be staking out the parking lot, waiting for their next victim - don't take the chance!

Keep your systems, applications and software updated 

Often software is updated in response to new vulnerabilities in the system. If the version of the operating system or app you are using is outdated, your device is not secured against known threats.

Protect your accounts - use unique, strong passwords

For each of your accounts, you should use a different password with at least 12 characters. Use a reputable password manager to make it easier to keep track of all your passwords.

Enable two-factor authentication on your accounts

Activate two-factor authentication on your accounts. If you're not sure if your service supports two-factor authentication, reach out to your IT team.

Change your home WiFi's password

Even if you changed your WiFi password when you first set it up, it is worth changing your password again, especially if you have shared it with guests.

Avoid public WiFi; if necessary, use personal hotspots or some way to encrypt your web connection 

Public WiFi introduces significant security risks. Many people have access to the public network without a firewall between them, which allows bad actors to access your computer from across the room. Interested observers on your current network or other public networks that your data hits, can monitor your traffic as it travels between your remote location and your workplace. We recommend using a personal hotspot or your phone. 

Use a virtual private network (VPN) 

Connecting through a VPN is very secure. Your data will be encrypted regardless of the network settings, and outsiders will not be able to read it.

Make sure there is no confidential information sitting on your desk or in view of the camera

If you are presenting on a video call or sharing your screen online, do not leave documents with sensitive information (i.e. - passwords, links, login credentials) visible. 

Password-protect, or ensure unknown individuals cannot enter video conferences

All your conference calls should be password protected, or you should use services that do not allow uninvited users to join calls. 

Do not share screenshots of video conferences or sensitive information on social media

A recent trend on social media is to post all the cities you have lived in. Many share this information online, not even thinking that "Which city were you born in?" is a very common security question. Posting this information online can certainly put your online accounts and cybersecurity at risk. 

Be careful sharing screenshots of video calls with your coworkers or clients. Even if there is no sensitive information visible in the background, these screenshots can give valuable information to phishers (who, what, when, where you meet with) to create believable phishing attacks.

Be aware of phishing attempts

Do not click on and links from people you do not know. If you have doubts about an email, contact the company or person using a phone number, or website you know is real, not the contact information in the email. Attachments and links can install harmful malware.

Don't Use Random Thumb Drives 

Don't ever use a thumb drive that you don't know where it came from or continue to use one that has been plugged into a system you cannot vouch for. Hackers view USB devices as a vulnerability that can give them access to a single computer or network. If they can get somebody to connect a malware-infected drive into a PC, then they're in. 

These are the security awareness items that will help you act safely no matter where you are working. This is by no means a comprehensive list, but it will give you a good start on the work-from-home security basics.

In the meantime, if you have any questions or need help securing your workplace, feel free to reach out to Michal, our IT Risk Assurance Manager.