Edge Slideshows

11/25/2019
01:45 PM
Ericka Chickowski
Ericka Chickowski
Edge Slideshows
Connect Directly
Twitter
RSS
E-Mail

Home Safe: 20 Cybersecurity Tips for Your Remote Workers

How can you protect your precious corporate endpoints from the mysterious dangers that might await when you're not by their side? Empower home office users with these tips.



Image Source: Adobe (glowonconcept)

Image Source: Adobe (glowonconcept)

According to data from Global Workplace Analytics, the population of work-at-home employees among those who work for organizations has grown by 159% since 2005. That's a growth rate 11 times faster than the workforce itself. This arrangement offers flexibility and productivity to organizations and their workers alike, but it also poses challenges for cybersecurity strategists.

"Digitization has caused a paradigm shift in where and how work is done," says Nima Baiati, global director and head of cybersecurity solutions at Lenovo. "Increasingly, work is being done from locations outside of the traditional office, with an emphasis placed on hiring the best talent and allowing the flexibility for where and how they work. As this shift accelerates, organizations need to adjust their approach to security."

A key ingredient to securing home-office workers is providing them with the knowledge and tools they need to work securely and efficiently. Dark Reading recently asked a number of security experts for the most important advice they'd tell IT departments to impart to their remote workers, whether they're working at home on the road. Here's what they had to say.

 



Use Two Separate Machines

'Do work on your work computer and personal computing on your personal computer. If you intermix the two, you increase the chance that an infection will contaminate both your work and personal life. This will be especially bad if you get infected on a business email or communication and it moves over into your personal accounts.' 
--Zack Allen, director of threat operations, ZeroFOX 

Image Source: Adobe Stock (SasinParaska)

Use Two Separate Machines

"Do work on your work computer and personal computing on your personal computer. If you intermix the two, you increase the chance that an infection will contaminate both your work and personal life. This will be especially bad if you get infected on a business email or communication and it moves over into your personal accounts."
--Zack Allen, director of threat operations, ZeroFOX

Image Source: Adobe Stock (SasinParaska)



Use the Tools the Company Gives You

'There is a reason for the IT and security teams: to aid you to do your job in the most secure method. The tools that are used on a company level typically go through some type of vetting and assessments for potential security impacts. Stick with the condoned tools and you will have support and security for the application. Use something not authorized and you could have any number of vulnerabilities to be exploited.'  
--Amanda Fennell, CSO, Relativity


Image Source: Adobe (kai)

Use the Tools the Company Gives You

"There is a reason for the IT and security teams: to aid you to do your job in the most secure method. The tools that are used on a company level typically go through some type of vetting and assessments for potential security impacts. Stick with the condoned tools and you will have support and security for the application. Use something not authorized and you could have any number of vulnerabilities to be exploited."
--Amanda Fennell, CSO, Relativity

Image Source: Adobe (kai)



Don't Rely on a Consumer-Grade Router

'A large part of the risk in home networks is in the routers. Home Wi-Fi routers are notoriously cheaply made and full of bugs, meaning many can be easily compromised. Inform home users of particularly bad routers and provide suggestions and even technical support for those that need to step up their security or change routers.' 
--John Nye, senior director of cybersecurity research and communication, CynergisTek


Image Source: Adobe (phonlamaiphoto)

Don't Rely on a Consumer-Grade Router

"A large part of the risk in home networks is in the routers. Home Wi-Fi routers are notoriously cheaply made and full of bugs, meaning many can be easily compromised. Inform home users of particularly bad routers and provide suggestions and even technical support for those that need to step up their security or change routers."
--John Nye, senior director of cybersecurity research and communication, CynergisTek

Image Source: Adobe (phonlamaiphoto)



Ensure Routers and Firewalls Are Properly Configured

'Follow the manufacturer's instructions and ensure your Internet router/firewall is properly configured, [including] no remote management, no ingress ports, proper outbound filtering, and non-default administrative credentials.' 
--Mat Newfield, CISO, Unisys


Image Source: Adobe (thexfilephoto)

Ensure Routers and Firewalls Are Properly Configured

"Follow the manufacturer's instructions and ensure your Internet router/firewall is properly configured, [including] no remote management, no ingress ports, proper outbound filtering, and non-default administrative credentials."
--Mat Newfield, CISO, Unisys

Image Source: Adobe (thexfilephoto)



Connect to Corporate With a VPN

'Remote workers should be connected to an encrypted, corporate-owned VPN connection in order to get access to any company data. Split tunneling should be disabled to avoid data bridging the encrypted and non-encrypted connections.' 
--Michael Wylie, director of cybersecurity services, Richey May Technology Solutions 


Image Source: Adobe (Denys Prykhodov)

Connect to Corporate With a VPN

"Remote workers should be connected to an encrypted, corporate-owned VPN connection in order to get access to any company data. Split tunneling should be disabled to avoid data bridging the encrypted and non-encrypted connections."
--Michael Wylie, director of cybersecurity services, Richey May Technology Solutions

Image Source: Adobe (Denys Prykhodov)



Be Wary of Public Wi-Fi

'Be careful using public Wi-Fi if you're working on the go. Public Wi-Fi tends to have lax or nonexistent security -- leaving the network and your computer vulnerable to hackers.' 
--Troy Gill, senior cybersecurity analyst, AppRiver


Image Source: Adobe (Aris Suwanmalee)

Be Wary of Public Wi-Fi

"Be careful using public Wi-Fi if you're working on the go. Public Wi-Fi tends to have lax or nonexistent security -- leaving the network and your computer vulnerable to hackers."
--Troy Gill, senior cybersecurity analyst, AppRiver

Image Source: Adobe (Aris Suwanmalee)



Harden Your Wireless Access Points

'Ensure any wireless access points on your network are appropriately hardened. Another recommendation is to turn on wireless beaconing so that you must know your SSID to connect to it.  This is in no way foolproof, but it is an added layer of protection. Many wireless attacks are simply done against the easiest targets in crowded areas. By not broadcasting your SSID, you can minimize your wireless footprint so that only those people who know your SSID can connect to you.' 
--Mat Newfield, CISO, Unisys


Image Source: Adobe (tanvirshafi)

Harden Your Wireless Access Points

"Ensure any wireless access points on your network are appropriately hardened. Another recommendation is to turn on wireless beaconing so that you must know your SSID to connect to it. This is in no way foolproof, but it is an added layer of protection. Many wireless attacks are simply done against the easiest targets in crowded areas. By not broadcasting your SSID, you can minimize your wireless footprint so that only those people who know your SSID can connect to you."
--Mat Newfield, CISO, Unisys

Image Source: Adobe (tanvirshafi)



Keep a Close Eye on Devices on the Road

'Operational security [OpSec] is more important around holidays than any time of the year. As people go out and do their shopping, run errands, etc., they tend to take a laptop along to get work done while they are waiting. Watch for shoulder surfers, sit with your back to a wall with a clear view of the entrance, and never leave anything unattended, not even for a moment. Things walk away quickly, and, worse, someone could stick a low-profile device into an unused USB port you wouldn't notice until they'd key-logged and screen-scraped for a while.' 
--Amanda Fennell, CSO, Relativity


Image Source: Adobe (jcdaddi)

Keep a Close Eye on Devices on the Road

"Operational security [OpSec] is more important around holidays than any time of the year. As people go out and do their shopping, run errands, etc., they tend to take a laptop along to get work done while they are waiting. Watch for shoulder surfers, sit with your back to a wall with a clear view of the entrance, and never leave anything unattended, not even for a moment. Things walk away quickly, and, worse, someone could stick a low-profile device into an unused USB port you wouldn't notice until they'd key-logged and screen-scraped for a while."
--Amanda Fennell, CSO, Relativity

Image Source: Adobe (jcdaddi)



Update System and Software Patches Regularly

'Security researchers show that installing system and software updates is the best defense against common viruses and malware online, particularly for computers running Windows. Software makers often release updates to address specific security threats. By downloading and installing the updates, you patch the vulnerabilities that virus writers rely on to infect your computer.' 
--Troy Gill, senior cybersecurity analyst, AppRiver


Image Source: Adobe (Rawpixel.com)

Update System and Software Patches Regularly

"Security researchers show that installing system and software updates is the best defense against common viruses and malware online, particularly for computers running Windows. Software makers often release updates to address specific security threats. By downloading and installing the updates, you patch the vulnerabilities that virus writers rely on to infect your computer."
--Troy Gill, senior cybersecurity analyst, AppRiver

Image Source: Adobe (Rawpixel.com)



Don't Forget the Firmware

'Any device on the home network should be kept up to date, including the router that allows connection to the Internet.  Remote workers should regularly check for firmware updates on their home routers, printers, scanners, and other peripherals, apply any updates, and use strong passwords -- and multifactor authentication, if possible.' 
--Stacy Clements, retired Air Force cyber operations officer and owner, Milepost 42


Image Source: Adobe (glowonconcept)

Don't Forget the Firmware

"Any device on the home network should be kept up to date, including the router that allows connection to the Internet. Remote workers should regularly check for firmware updates on their home routers, printers, scanners, and other peripherals, apply any updates, and use strong passwords -- and multifactor authentication, if possible."
--Stacy Clements, retired Air Force cyber operations officer and owner, Milepost 42

Image Source: Adobe (glowonconcept)



Turn on Auto Updates

'Set anything -- routers, smartphones, endpoints -- to update automatically. You will still need to verify the updates were applied, but [you will] save yourself the downtime in installation.' 
--Marcus Prendergast, owner, Belgravia Cybersecurity 


Image Source: Adobe (Pavel Ignatov)

Turn on Auto Updates

"Set anything -- routers, smartphones, endpoints -- to update automatically. You will still need to verify the updates were applied, but [you will] save yourself the downtime in installation."
--Marcus Prendergast, owner, Belgravia Cybersecurity

Image Source: Adobe (Pavel Ignatov)



Segment Off Your Personal Network

'One of the easiest ways of protecting work-at-home endpoints is to put company assets on their own wireless networks. A home user can connect more than one wireless device to their cable modem or other gateway device and keep their personal devices, home automation, or other components on a separate network. Especially if the company configures and provides the device, it can minimize the risks of disclosure of WPA keys or other avenues of attack.' 
--Jacob Ansari, senior manager of payments industry assessment services, Schellman & Co. 


Image Source: Adobe (Antonio)

Segment Off Your Personal Network

"One of the easiest ways of protecting work-at-home endpoints is to put company assets on their own wireless networks. A home user can connect more than one wireless device to their cable modem or other gateway device and keep their personal devices, home automation, or other components on a separate network. Especially if the company configures and provides the device, it can minimize the risks of disclosure of WPA keys or other avenues of attack."
--Jacob Ansari, senior manager of payments industry assessment services, Schellman & Co.

Image Source: Adobe (Antonio)



Use a Password Manager

'Reusing the same password for everything is incredibly common and can put all of your accounts at risk. If an attacker gets one password, then they get them all. A password manager ensures that you have unique and strong passwords for all of your accounts and can make remembering all of the passwords far easier.' 
--Will Ellis, IT security consultant and founder, Privacy Australia


Image Source: Adobe (sepy)

Use a Password Manager

"Reusing the same password for everything is incredibly common and can put all of your accounts at risk. If an attacker gets one password, then they get them all. A password manager ensures that you have unique and strong passwords for all of your accounts and can make remembering all of the passwords far easier."
--Will Ellis, IT security consultant and founder, Privacy Australia

Image Source: Adobe (sepy)



Enable MFA Wherever Possible

'Ensure two-factor authentication is enabled on your personal accounts, and hopefully your professional organization also requires it! Two-factor combats phishing attacks and will help protect against credential stuffing attacks as well. You should also never reuse passwords, especially work and personal passwords, as an attacker can pivot between them with ease.' 
--Zack Allen, director of threat operations, ZeroFOX


Image Source: Adobe (Sashkin)

Enable MFA Wherever Possible

"Ensure two-factor authentication is enabled on your personal accounts, and hopefully your professional organization also requires it! Two-factor combats phishing attacks and will help protect against credential stuffing attacks as well. You should also never reuse passwords, especially work and personal passwords, as an attacker can pivot between them with ease."
--Zack Allen, director of threat operations, ZeroFOX

Image Source: Adobe (Sashkin)



Avoid Browser Extensions

'Compromised extensions can mine employees' credentials, track their activity, and give attackers access to the data stored locally on their devices. When your team is remote, it's important to have a strict extensions policy in place. Browser extensions are notoriously difficult to vet for vulnerabilities. The safest course of action is to ban them entirely.' 
--Matt Davey, COO, 1Password


Image Source: Adobe (Urupong)

Avoid Browser Extensions

"Compromised extensions can mine employees' credentials, track their activity, and give attackers access to the data stored locally on their devices. When your team is remote, it's important to have a strict extensions policy in place. Browser extensions are notoriously difficult to vet for vulnerabilities. The safest course of action is to ban them entirely."
--Matt Davey, COO, 1Password

Image Source: Adobe (Urupong)



Bring a Fresh Battery Pack

'You need to power up your tablet, so why not just plug your cord into that handy USB port at the airport kiosk? The answer is because you don't know if that port has been hacked and is capable of transmitting malware to your device. The best way to not pick up malware from a public port is to carry your own portable battery pack or to use a charging cable that plugs into the power supply, not the USB port.'  
--Tom Pendergast, chief learning officer, MediaPRO


Image Source: Adobe (jipen)

Bring a Fresh Battery Pack

"You need to power up your tablet, so why not just plug your cord into that handy USB port at the airport kiosk? The answer is because you don't know if that port has been hacked and is capable of transmitting malware to your device. The best way to not pick up malware from a public port is to carry your own portable battery pack or to use a charging cable that plugs into the power supply, not the USB port."
--Tom Pendergast, chief learning officer, MediaPRO

Image Source: Adobe (jipen)



Unsecured Document Sharing Can Be Your Downfall

'The downfall of many an employee is actions upon frustration. When documents have issues uploading in email or in authorized applications, the employee may use alternative means, such as Google Drive. ... If you need to share a document and the size is an issue, reach out to your IT help desk for direction in a secure fashion.' 
--Amanda Fennell, CSO, Relativity


Image Source: Adobe (thodonal)

Unsecured Document Sharing Can Be Your Downfall

"The downfall of many an employee is actions upon frustration. When documents have issues uploading in email or in authorized applications, the employee may use alternative means, such as Google Drive. ... If you need to share a document and the size is an issue, reach out to your IT help desk for direction in a secure fashion."
--Amanda Fennell, CSO, Relativity

Image Source: Adobe (thodonal)



Double Down on Skepticism

'When you're working remotely, chances are you'll be catching up with email and other communications while on the move -- and that means you may not be as suspicious or critical about scanning for signs of phishing or social engineering as usual. You've got to turn your risk detector on high when you're working remotely. If you've got any doubt about a message in your inbox when you're on your phone, defer acting on that message until you can look more closely.' 
--Tom Pendergast, chief learning officer, MediaPRO


Image Source: Adobe (PhotoPlus+)

Double Down on Skepticism

"When you're working remotely, chances are you'll be catching up with email and other communications while on the move -- and that means you may not be as suspicious or critical about scanning for signs of phishing or social engineering as usual. You've got to turn your risk detector on high when you're working remotely. If you've got any doubt about a message in your inbox when you're on your phone, defer acting on that message until you can look more closely."
--Tom Pendergast, chief learning officer, MediaPRO

Image Source: Adobe (PhotoPlus+)



Follow the Dang Policy (There Is a Policy, Right?!)

'While a majority of business executives believe that remote workers increase the risk of a data breach, over half of small-business owners have no policy governing employees who work remotely [according to a recent Shred-It survey of businesses in Canada and the United States]. Cybersecurity policies for remote workers should emphasize the need for vigilance and require regular cyber-awareness training, as well as provide technical best practices for employees to follow.' 
--Stacy Clements, retired Air Force cyber operations officer and owner, Milepost 42



Image Source: Adobe (MarekPhotoDesign)

Follow the Dang Policy (There Is a Policy, Right?!)

"While a majority of business executives believe that remote workers increase the risk of a data breach, over half of small-business owners have no policy governing employees who work remotely [according to a recent Shred-It survey of businesses in Canada and the United States]. Cybersecurity policies for remote workers should emphasize the need for vigilance and require regular cyber-awareness training, as well as provide technical best practices for employees to follow."
--Stacy Clements, retired Air Force cyber operations officer and owner, Milepost 42

Image Source: Adobe (MarekPhotoDesign)



Get to Know Us

'Be personable and get to know your IT and security departments! They are people, too, and asking questions and getting feedback from your organization on how to stay secure will not only help educate yourself on best practices, but the rapport developed with these organizations can help you with woes later down the road if you ever fall victim to an attack.' 
--Zack Allen, director of threat operations, ZeroFOX


Image Source: Adobe (REDPIXEL)

Get to Know Us

"Be personable and get to know your IT and security departments! They are people, too, and asking questions and getting feedback from your organization on how to stay secure will not only help educate yourself on best practices, but the rapport developed with these organizations can help you with woes later down the road if you ever fall victim to an attack."
--Zack Allen, director of threat operations, ZeroFOX

Image Source: Adobe (REDPIXEL)

Related Content:

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio
 

Recommended Reading:

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2021 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service