Cybersecurity in the Work-From-Home Era
If ever there was a positive to rise from the COVID-19 pandemic, it’s that we have available to us the technology and capacity to be able to work from the safety of home. That said, having a decentralised office brings an increased threat of cybersecurity breaches. Under normal working conditions, all office staff are connected to a single network that’s centrally protected. Having staff working from home dramatically amplifies the risk of cybercrime because there are significantly more networks that need to be secured. Add to this the fact that malicious activity has seen an increase during the COVID pandemic and there’s cause for concern.
Fear not for there are plenty of simple ways to protect you and your staff from malicious activity, and while many are common sense, they’re just as easy to forget as they are to implement, so a timely reminder is in order.
Always be Sceptical
As the Australian Cyber Security Centre (ACSC) says, the majority of COVID-related cybercrime is “phishing” scams. Phishing involves sending fraudulent emails and text messages, usually under the guise of government bodies and authorities or major companies such as internet and phone service providers. These messages will include links to websites, often with URLs that appear legitimate, that will either attempt to download malicious files to your device or ask for sensitive information such as usernames and passwords.
Far too many phishing sites are so good at disguising themselves as the real deal, meaning we all have to be extra-vigilant. One area cybercriminals still haven’t manage to master is the masking of original emails – that is, the email that sent you the phishing email can be visible if you hover your mouse over the sender’s ‘masked’ email. Regardless, when receiving any text or email message from governmental bodies or companies and agencies (especially those that mention COVID-19), always pay extra attention to the number or email address it was sent from, as well as the link included. If you’re unsure, it’s always best to err on the side of caution and not click on any unfamiliar links.
For a current list of common COVID-related phishing scams, click here.
Be Up to Date
When cybercriminals find and exploit vulnerabilities in apps and operating systems, developers will respond quickly to update and remove the issue, thereby thwarting said cybercriminals. This is why it’s so important to always be updating software when prompted. It may seem like an inconvenience to wait 15 minutes for Windows to update and restart, but it’s nowhere near as painful as having your data stolen. Even when applications receive updates, those cybercriminals don’t simply give up; instead they rely on and target the thousands of people who choose to postpone their updates.
Windows, mobile phone apps, web browsers, emails and more can all be subject to these exploited vulnerabilities and should all be updated as soon as possible. If you aren’t sure you’re using the latest version, try to find an “About” button, usually in the settings. This will tell you your version number which you can compare to the latest version found using Google. Even more conveniently, many programs will have a “Check for updates” option in the settings.
Never use Public WiFi
It might seem clever to save your data by tapping into the WiFi of the Starbucks next door, but public WiFi represents a serious security risk. If you’re at home, stick to your own private internet connection and be sure any wireless capability is properly secured with a password, ideally using WPA2 or WPA3 (these should be the default protection types on your router, but you can call your internet service provider if you want to be certain).
If you’re on the road and need to use the internet, always choose your provider’s wireless network, such as 4G, as these are much more secure than public hotspots. Ideally, all internet activity that involves private information such as banking should be done at home or in the office on a secure network. The ACSC also has resources on the use of public WiFi which can be viewed here.
Use a Virtual Private Network (VPN)
Most people have probably heard the term VPN from trying to find out how to watch US Netflix from Australia, and while that’s one use for them, cybersecurity is another (and probably more important). Put simply, a VPN is a secure connection between external devices, meaning a home computer could connect to a server in an office without fear of data being intercepted or “sniffed” (where data is read and recorded in transit across a network). VPNs are typically inexpensive to set up, and could prove invaluable.
If your agency operates from a central database that contains sensitive information such as finance details or a CRM with customer’s private data, then accessing that information remotely without a VPN has the potential to result in a disastrous breach. On the topic of sensitive data, try to avoid using physical portable storage devices such as USB sticks and external hard drives to store valuable or sensitive information, simply because they can easily be misplaced or stolen.
Use Anti-Virus Software
Programs that protect against unwanted and malicious software (malware) are often seen as the be-all and end-all of cybersecurity, but the fact is they act as a last line of defence. Anti-virus software cannot protect your data from being stolen across networks, it can’t save you from phishing scams that ask for your passwords and if it isn’t always kept up-to-date it may fail to save you from the latest threats. Your anti-virus is a kind of safety net to help if you do fail to properly protect yourself, such as by only visiting known web pages and always using VPNs and secure networks. In an ideal scenario, your anti-virus will never have to do anything.
Most anti-virus programs have the functionality to do regular scans of your computer to pick up any unwanted files that slip through the cracks, and while they may seem an inconvenience to run, it’s a good habit to get into. Run them overnight or when you’re out for lunch. Even if the results are negative, you’ll have peace of mind that your sensitive information is safe.