The COVID-19 pandemic has demonstrated that employees within the public, private, and non-profit sectors can, with relative ease, work outside of their traditional workplaces and environments. Remote working, which was normally associated with an organization’s business continuity plans a temporary measure, has become a modern employment methodology that will, with most certainty, become a more common labour structure.
Many businesses have now seen that employees can, for the most part, adapt and work from home, thereby offering a significant savings in relation to facility leasing, workspace furniture, office equipment, and essential utilities. Remote working is relatively convenient, environmentally constructive (reduced vehicle pollutions), and financially advantageous to both the employer and the employee.
Remote working, however, significantly deviates from cybersecurity protocols normally appreciated from within the centralized workplace environment. Remote working facilitates an array of cyber threats, as information is passed outside the confines of protected networks, systems, and devices. Remote work risks undermining an organization’s security efforts and precautions must be taken to protect information from being compromised. Information should never be considered as insignificant, as information always has value to interested parties, no matter how trivial it may seem on the surface.
Wi-Fi Networks & Mobile Devices
Remote work has come to refer primarily to working from home. However, one trip to Starbucks or a restaurant that offers free wi-fi and you’ll likely find a half dozen other patrons also working on laptops, tablets, or smartphones. Whether working from home or in a public location, proactive cybersecurity protocols should be considered:
Corporate devices: If feasible, work only from corporate devices assigned by your employer.
Disable features: Disable GPS andBluetooth and avoid public Wi-Fi networks when possible.
Discretion: Avoid sending sensitive information in email or text messages.
Encryption: When possible, always encrypt personal or sensitive data and messages.
Firewalls and anti-virus software:Activate firewall(s) and anti-virus software, to prevent a successful malware penetration from scanning electronic files held on your device.
Internal memory: Delete all information stored on any device prior to discarding it.
Lost or stolen device: Immediately report a lost or stolen device to your IT help desk.
Multi-factor authentication: Change your settings to require two-factor authentication to unlock your device, such as a PINor password with a personal biometric feature, such as your fingerprint.
Password recall: Do not use “Remember Me”features on websites and mobile applications. Always type in your username and passphrase/password to log in.
Privacy: Check privacy policies and user reviews on applications before downloading and ensure they are reliably sourced.
Protect your Wi-Fi network: Change the default password that was given to you by your service provider and use a passphrase or a strong password that is difficult to guess.
Routine updates: Run updates and patches on your devices to correct and mitigate security vulnerabilities.
Virtual Private Network: As a secondary protection method, use a virtual private network (VPN) to protect information(a VPN is a secure encrypted tunnel through which information is sent).
Sensitive information: Avoid sending sensitive information, both private and work-related, over a public Wi-Fi network. Use a secure wireless network.
Situational awareness: Be cognizant of anyone near you that may be observing you when entering your password or listening to your phone conversation. Understand your personal risks.
Unsolicited messages and texts: Always avoid opening files, clicking links, or calling numbers contained in unsolicited text messages or emails. When in doubt, delete.
Anyone can be a potential target, regardless of how insignificant they believe themselves to be. Potential targets are not limited to senior executives, assistants, or system administrators. Targets can include users with access to sensitive information, such as financial databanks, accounts, personal information, and data related to corporations, programs, systems, businesses, employees, and clients.Employees that remote work must understand that they may not be the ‘primary’ target, but rather, they are the means to gain access to the intended target.
There are a variety of methods to gain access to information stored or transmitted through a mobile device. Threats continue to evolve, and cybersecurity is always a technological step behind. Those employees engaged in remote working should be cognizant that cyber threats are continuous and hacking technologies are easy to use and widely available.Mobile devices are increasingly targeted by sophisticated threat actors, as they are considered a valuable asset due to the potentially sensitive information stored from within. Compromised mobile devices can be remotely accessed and controlled without your knowledge and provides the threat actor with the capability to control your device, activate the location tracking function to track your activities, or to send malicious text messages links to your personal social network while assuming your personal identity.
Know your risks and do your best to diminish your personal vulnerabilities, to protect your organization and personal reputation. Once compromised, the damage cannot be reversed, only mitigated.