It’s no secret that remote work is on the rise. In the past few years, more and more companies around the world have embraced both remote and flexible ways of working – and the current COVID-19 pandemic has meant more people than ever before are working from home. But many new remote workers are unaware of the security risks they now face, and haven’t been given clear guidance on how to keep their work safe. To bridge that knowledge gap, we’ve pulled together a few basics of cyber security for remote workers.
The security risks of remote work
Before we get into the practical advice, it’s important to understand why remote working poses more of a threat to your security than working from an office. As long as we’re online, we’re at risk – but when you’re at work, in the office, you’re usually using a network that has antivirus software, firewalls, and automatic online backup capabilities. This makes it hard for any malware to access your device or for any personal information to be uncovered.
But if you’re working from home, even though your connection is probably secure, most people simply don’t have the same security tools. And if you’re working from your local cafe or coffee shop – or from any unsecured public wifi network – the risk of security breaches rises rapidly. Luckily, it’s easier than you think to thwart a lot of these risks. Here’s what to do:
1. Use strong passwords
It’s obvious, but essential. Pick a strong password that’s entirely unrelated to your personal details – so no names, addresses or dates of birth. Always include upper and lowercase letters, numbers and special characters – consider using a free password generator to help you out here. Above all, make your passwords single-use; using the same password for multiple accounts puts you at risk of credential stuffing, where a criminal is able to use one leaked password to access all your other accounts. Don’t risk it.
For an additional layer of protection, enable two-factor authentication (2FA) across your accounts. This usually involves entering a one-off code each time you log in, which you receive via email, text or an app, like Google Authenticator.
2. Use a password manager
Obviously, it can be hard to remember multiple passwords, particularly when they’re complex… But that shouldn’t make accessing your work system or sharing accounts a chore. Password managers create strong passwords for you and then help you remember them. Tools like Dashlane, 1Password, LastPass and KeePass save your login info in one secure space for easy access, and allow you to share them securely with colleagues, family or friends for quick and convenient access.
3. Encrypt your devices
Encrypting your devices helps keep your information safe because it prevents unapproved access. If your laptop is stolen, for example, having encrypted files makes it much harder for a thief or any other person to access your data without the password. For Windows, check out BitLocker, and for macOS FileVault. Devices using Anroid 6 and iOS 8 and above are encrypted by default, so check to see what version you’re using. It’s also good practice to seek out encrypted commuication tools for email and instant chat to make sure no one can access your private conversations. Thankfully, many mainstream instant messengers are encrypted by default, including Signal and Telegram.
4. Use a VPN
Using a Virtual Private Network (VPN) is a great idea, particularly if you ever have to use unsecured or public networks. Because it encrypts all your internet traffic, a VPN means no-one can snoop on what you’re doing. It also means websites can’t figure out where you are and prevents your internet provider, government agencies or hackers from keeping tabs on your activity. Using a VPN can slow down internet speeds, potentially affecting the quality of bandwidth-intensive tasks like video calls. Search for VPNs renown for speed and stability.
5. Install regular updates
It can be annoying when a pop-up appears asking you to update your software or operating system – but skip these at your own risk! The software and apps you use can be vulnerable, as can your internet browser, and installing regular updates can protect yourself from potential security weaknesses. Luckily, most updates are installed automatically these days, and you can also choose when the update occurs (ie. while you’re asleep), so there’s little to no interruption to your work.
6. Be aware of phishing
More people working remotely means there’s a greater chance of being hit by a phishing scam. Phishing emails are pretty common, and most of us will have received one before; emails that look like they’re from an online service provider asking for your contact details, or emails containing infected attachments, are common forms of phishing. Always carefully check the sender’s email address and the subject line, as well as the contents of the email itself; spelling mistakes or bad grammar are telltale signs of phishing scams. Instead of clicking any included links, hover over them to reveal their destination URL – if they don’t direct to a provider’s official site, it’s a blatant scam.
7. Lock your device
If you ever work in public places like coffee shops – or you live with people you don’t work with – it’s important to lock your device. It’s easy to forget this, so enable automatic locking. This means if you pop to the bathroom or to get a drink, your device will lock until someone enters the password. For a laptop, a few minutes is usually a safe amount of time before the lock kicks in; for a mobile phone, 30 seconds is advisable.
8. Get antivirus software
And set routine updates! Running antivirus software on your machine is one of the easiest ways to quickly detect and defuse potential malware. Norton, McAfee and Webroot are all household names, but there are a ton of reliable antivirus providers out there worth investigating.