NetworkTigers discusses how remote cybersecurity ensures you can work safely from anywhere.
Remote work, and therefore remote cybersecurity, has become a mainstream topic thanks to stay-at-home mandates and safety protocols initiated in response to the COVID-19 pandemic.
However, working from home, while traveling or from a coffee shop creates a potentially dangerous cybersecurity environment. Unsecured wifi and web browsing without the safety of a company-wide firewall or security system can have potentially dire consequences.
In today’s world of remote workforces, what are some ways that you can take full advantage of modern work’s flexibility while still maintaining tight security?
Remote cybersecurity demands excellent password hygiene
Advice regarding passwords is easy to ignore in favor of simple, easy to remember credentials that you can apply across a wide range of user accounts.
However, the importance of strong passwords when it comes to remote cybersecurity can’t be overstated.
With simple guesses and social engineering tactics, the bad guys are experts at exploiting weak login credentials. For users who keep the same passwords across everything from work email accounts to banking apps, a compromise can result in disastrous consequences.
Passwords should be impossible to guess and made up of a random series of letters, characters and numbers. Never use important dates, names of loved ones, sports teams or any other words or phrases that might be guessed.
Also, do not use the same credentials across multiple accounts. Doing so can give a hacker a potential skeleton key that can unlock all of your personal and business accounts.
Set up multi-factor identification
With hackers finding ever more devious ways to scrape the internet for information and leverage credential stuffing to break into user accounts, it takes more than just a challenging password to feel safe.
In addition to login credentials that are randomized and impossible to simply guess, set up multi-factor identification across as many accounts as possible. The more obstacles you can put between your data and the bad guys, the less likely you are to suffer a compromise or breach.
Cybercriminals are largely opportunistic. If you make cracking your account challenging, hackers attempting to break in will likely become disinterested and seek softer targets.
Avoid public wifi whenever possible
Public wifi puts no barriers or walls between your web activity and the eyes of criminals looking for easy targets.
From airports to cafes, public wifi is a convenience that is likely not worth the risk.
Avoid public wifi by using a cellular device as a hotspot. This will prevent the general public from having the means to view your web traffic and keep your work to yourself.
Major carriers, for an additional fee, will allow you to use your smartphone as a hotspot device. While its usage will count against your data allotment, many plans are available that prioritize hotspotting and data usage.
Do the research and invest in the ability to maintain remote cybersecurity while working in public places.
Use a virtual private network (VPN) to maintain remote cybersecurity
Whether working remotely or in the office, it’s wise to use a VPN.
VPNs allow you to shield your network and internet usage from view. To put it plainly, if the internet is a highway then a VPN provides you with your own personal tunnel that prevents your travel from becoming public.
Be sure to shop carefully before purchasing a VPN service. Different providers cater to different types of users. You will want to use a VPN that provides the type of security you’re looking for but doesn’t cost you an arm and a leg in features that you don’t need.
Don’t use your personal devices for work
It can be tempting to use your personal phone, tablet or computer to take care of some quick work details.
IT administrators need to continually keep up with security updates and patches. These updates tend to take place in the background, meaning that your work devices are likely to maintain current security fixes that your personal ones may lack.
Employees utilizing their own, unsecured devices to access company apps and systems is referred to as shadow IT, and is a major headache when it comes to organizations’ efforts to maintain tight cybersecurity.
To keep your data, as well as your company’s, as secure as possible, only use business-provided devices for work.
Hide your screen
It may seem old fashioned, but snooping is still an effective way to gather information on someone that could be used to gain unauthorized account access.
Try to work in areas where people aren’t able to sit behind you to view your computer or phone screen.
You can also install privacy screens on your devices that greatly restrict the viewing angle one needs to actually see your display. This means that only the person directly in front of the screen is able to read or view it.
It may be surprising to learn how critical the prevention of basic social engineering and spying tactics is when it comes to remote cybersecurity.
Don’t neglect physical security
With so much focus on digital espionage and theft, it can be easy to forget about the physical security of your devices.
A stolen laptop, tablet, phone or memory drive can put a tremendous amount of access into the hands of a criminal.
Never leave your devices unattended. Laptops left on a table while you refill your coffee are easy marks for snatch and grab schemes and working regularly from the same area using a range of expensive devices can make you a target.
Additionally, never leave your devices in your car, especially in plain sight.
Keep your devices in a backpack or other bag on your person at all times if you have to get up and move.
Additionally, be sure to keep your devices locked up with a password. While most physical thefts are perpetrated by those looking for a quick resell, criminals are becoming savvier and many are realizing that the data kept on a company-provided laptop may be worth far more than the machine itself.
Never use a mysterious thumb drive
It may sound silly, but hackers will sometimes leave thumb drives loaded with malware near organizations that they wish to breach knowing that human curiosity sometimes outweighs prudence.
Plugging a mysterious USB drive into your machine opens your system up to whatever may be lurking on it.
While a “free” memory stick might be a lucky find, avoid the temptation of looking into it. Instead, bring it to any relevant lost and found desk in case someone accidentally left it behind.
Implement a zero-trust remote cybersecurity strategy
If you are an administrator looking to keep security tight in spite of a remote or hybrid workforce, zero-trust architecture is quickly becoming the new standard for remote cybersecurity.
Zero-trust strategy operates by assuming that every user is a potential security threat. Each access point requires explicit permissions that can be revoked by an identity management system. Implicit trust is no longer granted meaning that every step a user takes is continually validated and vetted for security.
Sources
- Six steps to securely work from anywhere by John Dathan, 28 June 2021, IT World Canada
- 8 Best Practices for Working Remotely by Critical Insight
- Tips For Managing An Efficient And Secure Remote-First Technology Team by Nick Dearden, 5 May 2022, Forbes
- Working From Home? Here’s What You Need for a Secure Setup by Martin Roesler, 26 March 2020, Trend Micro
The Zero Trust Enterprise by Palo Alto Networks
