Work from home? Follow these cybersecurity best practices
It seems impossible that the start of the pandemic that sent so many home to work began 18 months ago. That time has flown for some, and seemed like an eternity to others. Whichever camp you fall into, a lot has changed since the early days left small and large companies alike scrambling to set up employees to work remotely. Now, some companies are considering permanent work-from-home setups while others will return to the office and others still may find themselves navigating a hybrid system of part in-office and part in-home operations.
And just as there are a lot of different work routines to cope, there are just as many security gaps still wide open in remote workforces.
The Canadian Anti-Fraud Centre estimates fewer than five per cent of victims file a fraud report and that a majority of phishing scams that solicit personal information don’t involve direct financial losses. But according to Anna McCrindell, vice president of Commercial Insurance with Wawanesa, financial loss isn’t the only consequence of a security breach. The possibility of loss of intellectual property, compliance fines, damage to a company’s reputation and ultimately, loss customers is still very real.
How cybercriminals trick you
Pandemics, natural disasters and other unusual events are seen by cybercriminals as an opportunity to breach vulnerabilities. Now, 18 months into the pandemic, attacks continue to evolve.
McCrindell says cyberattacks are becoming more sophisticated, and more customized. Victims are enticed to click on malicious links, give up passwords or install unauthorized software. From there, cybercriminals can gain access to corporate systems, steal sensitive data, extort ransom or even add your computer to a botnet to launch malicious attacks on other computers.
How to practice good cyber hygiene
As Canadians continue to work from home or embrace hybrid work, it’s a good time to look at security measures to protect both personal and work-related data.
- Familiarize yourself with potential risks related to your work and your industry, particularly if you handle sensitive information.
- Trust health-related information only when coming from reliable medical sources, and trust professional information only from sources you can verify.
- Use hard-to-guess passwords for email, cloud storage and corporate networks (including VPNs), and use different passwords for different accounts.
- Change the default password on any home network devices, including routers and Wi-Fi access points, and update the firmware. Better yet, use two-factor or multi-factor authentication.
- Use safe methods to exchange documents, spreadsheets, presentations or other files with your colleagues and business partners, and use company email to exchange information with outside business partners.
- Keep your work computer and work-related documents and files in an area at home that is physically separate from your family life.
- Use your work computer for work only, and limit the use of your personal devices for work-related purposes.
- Provide business information, even seemingly innocuous information, to requestors you cannot verify with certainty.
- Use the pandemic as an excuse to bypass regular work processes, such as authorizing payments.
- Disable security software or automatic updates on your work computer.
- Leave work-related files with sensitive information lying around openly at home.
- Give family members or other individuals access to your work computer.
- Use your work computer for private business.
- Email business documents to your personal email account.
- Use any cloud services or install any software on your work computer that your company hasn’t authorized for business use.
McCrindell added that it’s also important to ensure your company has an incident response plan – from who to contact if an incident occurs, to how to isolate infected devices and restore data from the last backup. While there’s no guarantee you or your team won’t be the victim of a security breach, proper cyber hygiene can make you a less attractive target to cybercriminals and mitigate any potential damage.
Source: Wawanesa Mutual Insurance Company