How to remain cyber secure in the age of working from home

  • 03 May 2022

By Charlie Acfield, Technical IT Director at Totality Services

Commercial cybersecurity used to mean exercising rigid control over on-site workstations, routers, servers and connected devices.

The Covid-19 pandemic has established a ‘new normal’ of remote, interconnected workplaces and, with it, a set of working practices that are inherently less secure than gathering staff together on a single LAN, in the same physical space. The following tips will demonstrate what you can do as a business owner to reduce the chance of an intrusion. 

 

1 Address the public Wi-Fi network issue

Remote workers often use public Wi-Fi – a focal point 
for cybercriminals looking to exploit weaknesses in unsecure hardware and extract data. 

A ‘man-in-the-middle’ attack tricks users into connecting to a compromised wireless network that steals data, by giving the Service Set Identifier a similar name to the ‘real’ network. Workers should use:

  •  Encrypted VPN connections  

Use a company-sanctioned virtual private network (VPN) service that secures data by encrypting it during transfer. Invite-only VPN connections work specifically alongside commercial routers, firewalls and switches.

  •  HTTPS websites 

Only use websites that start with ‘https’ instead of ‘http’. HTTPS is a secure version of the HTTP protocol that uses the SSL/TLS protocol for encryption and authentication on public websites.

  •  Verified networks 

Bars, cafés, restaurants, libraries and hospitality venues are low-hanging fruit for cybercriminals. Seek out the correct access point by asking staff, or reading Wi-Fi information in the building.  

2 Complex passwords 

The easiest and most cost-effective way to ensure a network is safe from threats is through password protocols that prevent unauthorised access and limit the number 
of options hackers have to exploit weak passwords. 

  •  Two-factor authentication

Passwords in isolation are less secure than requiring several methods of authentication, so use two-factor authentication (2FA). When remote workers log in to a cloud-based or on-premise network, 2FA requires them to verify two pieces of extra information, such as biometric information or an SMS code sent to a company mobile phone. You can specify the factors required before a user is granted access. 

 

  •  Make passwords hard to guess 

Remote workers may use the same password across private and public platforms. This can cause data breaches to escalate from minor intrusions to large scale corporate theft, using the same password across platforms. Deploy password management protocols – including 30-day expiry terms, 2FA and complexity guidelines – to ensure workers aren’t exposing employer data. Use a secure password generator to create custom passwords that meet complex requirements.
 
3 Store data responsibly 

Your remote working policy should prevent staff from saving data on personal devices, or on the hard disk drive of their company device – where possible, employees should only ever store data on company-shared drives held on a dedicated storage device. 

If your company permits the use of external storage drives, ensure you’re doing the most you can to protect the data. All devices should be encrypted and password-protected, and only used in line with company guidelines. 

Charlie Acfield is Technical IT Director at Totality Services
 

Related topics