The COVID-19 pandemic has resulted in even more Coasties working from home, many for the first time. Working from home can be a fantastic opportunity enabling you to gain back precious time once wasted on commuting, not to mention additional flexibility. However, it does also bring with it increased specific cyber security risks. When compromised, unauthorised access to your stored information can have a devastating effect on your emotional, financial and working life.
Here are 9 things you can do to in your new working environment to protect your work and your household’s cyber security.
- Beware of scams
Cybercriminals see a crisis as an opportunity. Major change brings disruption, and businesses transitioning to working from home arrangements can be an attractive target.
- Be aware that the COVID-19 pandemic will be used by cybercriminals to try to scam people out of their money, data and to gain access to systems. While working from home you should:
- Exercise critical thinking and vigilance when you receive phone calls, messages and emails.
- Take caution when opening messages, attachments, or clicking on links from unknown senders.
- Be wary of any requests for personal details, passwords or bank details, particularly if the message conveys a sense of urgency.
- If in any doubt of the communicator’s identity, delay any immediate action. Re-establish communication later using contact methods that you have sourced yourself.
- Use strong and unique passphrases
Passwords are passé! Strong passphrases are your first line of defence. Enable a strong and unique passphrase on portable devices such as laptops, mobile phones and tablets.
Use a different passphrase for each website and app, particularly those that store your credit card details or personal information. To use the same username (such as an email address) and passphrase for multiple accounts means that if one is compromised, they are all at risk.
- Implement multi-factor authentication
Multi-factor authentication is one of the most effective controls you can implement to prevent unauthorised access to computers, applications and online services. Using multiple layers of authentication makes it much harder to access your systems. Criminals might manage to steal one type of proof of identity (for example, your PIN) but it is very difficult to steal the correct combination of several proofs for any given account.
Multi-factor authentication can use a combination of:
- something the user knows (a passphrase, PIN or an answer to a secret question)
- something the user physically possesses (such as a card, token or security key)
- something the user inherently possesses (such as a fingerprint or retina pattern).
If your device supports biometric identification (such as a fingerprint scan) it provides an additional level of security, as well as a convenient way to unlock the device after you have logged in with your passphrase.
- Update your software and operating systems
It is important to allow automatic updates on your devices and systems like your computers, laptops, tablets and mobile phones. Often, software updates (for operating systems and applications, for example) are developed to address security issues. Updates also often include new security features that protect your data and device.
- Use a Virtual Private Network (VPN)
Virtual Private Network (VPN) connections are a popular method to connect portable devices to a work network. VPNs secure your web browsing and remote network access.
Sometimes organisations specify that you use a VPN on work devices. If this is the case, you should familiarise yourself with your organisation’s VPN requirements, policies and procedures.
- Use trusted Wi-Fi
Using free wireless internet may be tempting; it can also put your information at risk. Free Wi-Fi by its very nature is insecure and can expose your browsing activity to cybercriminals. Cybercriminals have also been known to set up rogue Wi-Fi hotspots with names that look legitimate and can intercept communications, steal your banking credentials, account passwords, and other valuable information.
Use trusted connections when working from home, such as your home internet or mobile internet service from your telecommunications provider.
- Secure your devices when not in use
It’s much easier to access your information if other people have access to your devices. Do not leave your device unattended and lock your computer when not in use, even if it’s only for a short period of time.
You should also carefully consider who has access to your devices. Don’t lend laptops to children or other members of the household using your work profile or account. They could unintentionally share or delete important information, or introduce malicious software to your device.
If you do share your computers or devices with family or your household, have separate profiles so that each person logs in with a unique username and passphrase.
- Avoid using portable storage devices
When transporting work from the office or shop etc to home, portable storage devices like USB drives and cards are easily misplaced and, if access isn’t properly controlled, can harm your computer systems with malware.
If possible, transfer files in more secure ways, such as your organisation’s cloud storage or collaboration solutions. When using USBs and external drives, make sure they are protected with encryption and passphrases.
- Use trusted sources for information
Cybercriminals and other malicious actors use popular and trending topics such as COVID-19 to spread disinformation or scam people. Impersonating, cloning or creating websites to look genuine is one way to do this (see ‘Beware of scams’ above). Producing and sharing false information on social media is another.
Be sure to only use trusted and verified information from government and research institution’s websites. Think critically about the sources of information that you use and balance all evidence before believing what people share.
For the latest COVID-19 information, see:
Australian Government COVID-19 website.
CCTS are here to support you and your business during this challenging time.
Please contact our professional and friendly team if you have any queries, we are happy to discuss options with you and guide you as best we can. Keep well, stay safe.
More information on how we help here