When our team was coming up with our editorial calendar, this particular blog was supposed to offer up business travelers some advice on how to stay safe from cyber threats while on the road.
However, with the coronavirus outbreak putting the brakes on so much business and pleasure travel for the foreseeable future, we thought this post was in need of a pivot. Interestingly, many of the pointers that we compiled for travelers can actually cross over to help any remote worker stay cybersafe outside of the office.
So, if you're normally an office dweller who has been asked to work outside the bounds of the corporate firewall for the first time in a long time, this article is for you. Sorry, we can't offer you any advice on how to avoid snacking all day or getting out of your pajamas by noon—but we can give you some commonsense cybersecurity tips to use as a newly remote worker:
Keep Track of Policy Updates and Changes to Remote Work Procedures
With COVID-19 causing a lot of organizations to rapidly spin up a whole legion of brand-new home office workers, many organizations will likely be bringing in new tech and new processes to securely support the scale out.
This means you may need to stay on top of new tools and procedures as the edicts come down. Hopefully the systems they roll out will be seamless and help workflows rather than slow them down, but it's important to follow the latest policies.
With new tools comes new account credentials and software updates to manage, so be sure you follow best practices with regard to the creation of strong passwords, and never reuse passwords from other accounts or share your login credentials. Note that no software provider will ever ask for your account credentials via email, and only logon to browser-based accounts by way of typing the URL directly into the address bar – don’t click on links in emails and enter your credentials. Password managers can help, but be sure to check if using them is within your company’s policies. Your company may benefit from the security and ease-of-use advantages that continuous authentication solutions offer.
And be sure to keep your software updated to the latest versions with the most recent patches - this task can be simplified by enabling automatic updates for most commonly used applications.
Only Work on Approved and Protected Devices
Be sure that the devices you work from are the ones that your organization has approved to connect to the office and to corporate systems and assets. Your working devices should be fully updated with the latest versions of firmware, operating systems, and software, and should have the corporate approved endpoint protections and other security software installed.
If your company allows BYOD and you are using personal devices for work activities, refresh yourself on internet hygiene to assure you are not engaged in risky behaviors that could put your device, yourself and your company at risk. Also be sure to use screen lock options to password protect your devices and never leave them unattended in public even for a brief moment.
Don't Use Rogue Communication Channels and Connections
Yes, we know that sometimes the corporate connections that you'll be asked to use may be slow and cumbersome, especially if your organization is dependent on sluggish VPN connections and is not offering the speed and security today’s mobility and collaboration alternatives offer.
Nevertheless, beware of risky workarounds that have you communicating across non-approved channels. Doing so could put your firm at risk of attack through less protected connections, and official written exchanges or activities made on rogue channels make it hard for the legal team to discover necessary data should an event require disclosures. Either way, it's opening you up to censure or worse from your bosses.
Also remember to avoid using insecure public Wi-Fi connections – while it’s nice to get work done at the coffee shop, use of personal Mi-Fi or connecting by way of your wireless hotspot feature on your mobile phone can offer better security. To further assure workflows are secured while working remotely, consider using a secure browser-based solution to connect seamlessly to the corporate network without the need for cumbersome VPN systems that may not offer the same level of security or performance.
Share Assets Responsibly
Similarly, while expedience may tempt you into sharing sensitive files with co-workers, partners, or customers using SaaS accounts that aren't approved or routed through corporate channels, don't do it. Ideally, your organization will be providing a simple path for doing this work - ask around to make sure there aren't better options already available to you.
Sharing of assets through approved applications is more than just being a good corporate citizen and “playing by the rules.” Unless you happen to be one of the few legal or compliance experts within your organization, chances are you have little to no knowledge of the myriad of regulatory mandates your organization must abide by. How proprietary data, information about customers and partners, and other sensitive information is handled within an organization can mean the difference between being in or out of compliance, and with recent developments in data regulation it can also mean very significant penalties for companies found to be in violation.
Always assure you are using approved collaboration tools that provide the ability to secure files containing sensitive data and meet regulatory mandates for the protection of customer privacy.
Protect Your Screen
While social distancing will have many remote workers firmly planted on the couch until coronavirus concerns settle down, you may live in an area where you'll feel it's safe enough to get out a bit on the town and work in a public setting.
In these instances, be sure to keep your screen protected from shoulder surfers by using some form of screen shield. Doing so can keep someone from reading valuable corporate intelligence, learning strategy secrets, and so on.
Avoid Plugging into Unknown Sources
If you are working outside of the home, be careful about where you charge your devices. Security researchers and government authorities are increasingly warning remote workers of an attack called "juice jacking," where criminals booby trap USB charging stations so that they can load malware onto any device connected to them, steal info off the device, and remotely access online accounts associated with the device.
Remember that USB power cords are also designed to be data transfer cables, so anytime you are plugging a device into a USB outlet, you could potentially and unknowingly connecting that device to another. When working remotely, it’s always a good idea to have extra backup batteries for your laptop or tablet and make the small investment in a portable charger for your mobile phone.
As you start to settle in for a potentially long haul of office-free work, these tips should help get you started on the path to remote work cybersecurity. One final note to remember is that cyber criminals never let a good crisis go to waste. So now is the time to be wary of coronavirus related scams and phishing attempts as you receive email, platform notifications, and other important communication. Think before you click!