Tips for a more secure remote work environment

March 31, 2020 | Boundless Team | Blog

Introduction

The COVID-19 crisis represents the perfect storm for malicious cyber attackers, who are actively intensifying their attacks against individuals and organization worldwide.

With millions of companies having their employees work from home, remote workers become vulnerable targets for hackers aiming to access company networks.

These incidents are likely to increase in frequency and severity over the coming weeks and months.

This is why it’s important for companies and individuals to be aware of the most common risks and cyber threats linked to remote work, and put in place routine cyber-hygiene practices to strengthen the security of your company.

Main cyber threats linked to remote work

Nowadays, the cybercrime landscape is diverse. Cyberattacks include threats like computer viruses, data breaches, and Denial of Service (DoS) attacks.
 
Do you know what are the most common cyberattacks threatening remote workers?

Phishing

What is it? A type of online scam used by cyber-attackers to steal confidential information, such as passwords, personal data or bank information.

Mode of action: Hackers disguise themselves as a trustworthy entity to send their messages, which can be delivered by emails, SMS, chats, social media or other digital communication mean.

Potential risks: Hack of professional accounts, intrusion into company networks, ransomware, fraud, etc.

Ransomware

What is it? A type of malicious software designed to block access to a computer system or computer files until a sum of money is paid. This type of attack is often followed by data theft and destruction of backups.

Mode of Action: The attacks often spread through phishing emails containing malicious attachments, or through drive-by downloading amongst other ways.

Potential risks: Business downtime, data loss, etc.

Data theft

What is it? The act of breaking into a corporate network or external hosting system to steal digital information with the intent to compromise privacy, reselling confidential data or damaging a company’s image.

Mode of action: As with ransomware, these attacks often happen through intrusion into a company network or hosting systems via remote access, or even by compromising an employee’s equipment.

Potential risks: Business activity disruption and damage to the company’s image.

False transfer orders (FOVI/BEC)

What is it? A type of fraud where a cyber attacker usurps an identity with malicious intentions, such as requesting a money transfer (exceptionally and confidentially), or a change in the payment details of an invoice or salary.

Mode of action: Hackers usually usurp the identity of a manager, a service provider or even an employee, and use telephone or email as communication means.

Potential risks: Financial loss for the company or organization.

Beware of these kinds of cyber threats and alert your company supervisor or IT team if you notice any abnormal activity, or fear your equipment has been compromised.

Digital hygiene tips for remote workers

When working from home, it is important to ensure you protect your company and yourself from potential cyberattacks.

Check out these 10 tips, which can help you contribute as much as possible to the security of your company.

illustration user organigram

Keep your professional and personal life apart.

Separate your personal and professional life – if possible, by using different devices. If you have a corporate device, use it for business tasks only.

Likewise, your personal equipment should be used for your personal life – so no mixing business with personal.

Your company’s security policies should also apply at home.

Your company has created security guidelines to protect and avoid potential risks.

And we all know risks can be found anywhere, so this should apply also when working on remote.

If for some reason you cannot comply with a given rule or policy, let your company know as soon as possible, so you work out a suitable solution together.

Don’t do at your home office what you wouldn’t do at your work office.

When working from home we tend to feel more comfortable and carefree than at the office.
This is great! But it could also trick us into making security mistakes.
 
At home, as in the office, protect your equipment and your keep data safe. Small actions like locking your session when you walk away or keeping your professional access codes secured could keep you away from taking an unnecessary risk.

Your devices can also suffer from FOMO – keep them updated!

Here we are talking about security updates. These are proposed to fix potential security bugs that could be used by hackers to attack you and your company. 

Make sure your connected devices are always up-to-date.

Scan your devices regularly for hidden threats.

Make sure your equipment has an antivirus installed and that this is up-to-date.

Then conduct regular scans to reveal potential threats.

If any device cannot have a security antivirus installed, avoid using it to access your corporate network.

Strengthen your passwords.

Most attacks are due to weak or repeated passwords.

When choosing a password, make sure this one is long and complex enough not to be easily figured out.

Also, use different passwords for each equipment and services you use – especially for your personal and professional devices!

Make your WiFi great again, by protecting it.

If unprotected, your home WiFi could also serve as an entry door for hackers to infiltrate your network.

By securing it with a strong password and using WPA2 encryption, you can help protect your internet environment.

Your work sometimes needs a backup.

Making regular backups of your work, either on your company network or on a protected hard drive, can save you a lot of frustration.
 
Not only in case of cyberattacks, also if your equipment breaks or gets stolen.

Beware of unexpected messages.

Your supervisor emails you requesting to make an immediate bank transfer to a new provider, whose bank details are included. What do you do?
This email could be fully legitimate, but could also be phishing. 

If you receive an unexpected or panicky message, double-check the legitimacy of the message, if possible through a different communication mean.

Verify the reliability of what you install.

Applications and programs downloaded from the internet can contain malware.

To mitigate the risks, use official stores to download applications (like Apple AppStore or Google Play) and avoid fraudulent or suspicious websites (like streaming ones).

If you use a corporate device, check with your IT team before installing anything on your equipment.

By practicing a good cyber-hygiene you can contribute to security of your company and help keep your data safe and well-protected. 

Find out more tips and information on:
https://www.cybermalveillance.gouv.fr/tous-nos-contenus/actualites/recommandations-securite-informatique-teletravail

Source: Recommandations de sécurité informatique pour le télétravail en situation de crise. DOP 23 March 2020. Cybermalveillance.gouv.fr (https://www.cybermalveillance.gouv.fr/tous-nos-contenus/actualites/recommandations-securite-informatique-teletravail) [Last accessed: 31 March 2020).

Icons made by Freepik from www.flaticon.com

Boundless Digital can help you protect your remote workforce from online threats.

Download the Boundless Security leaflet to learn more.

Stay up to speed.
Subscribe to our newsletter.