4 WFH cybersecurity lessons we learned during the pandemic

#1 Secure every employee’s devices and networks

Think of cybersecurity as building a fortress. The more obstacles you can add, the harder it will be for hackers to gain access.

As an employer, you want to make sure your employees are using secure devices and networks. To do that, work through this checklist:

• Ask employees to connect to a Virtual Private Network (VPN) at home. VPNs secure your WiFi (News - Alert) connection, encrypt the data you send and receive, and hide your IP address. The best home WiFi security, they improve your privacy and anonymity online, and can be accessed on portable devices like smartphones and tablets, too. While the setup process isn’t difficult, just be conscious of employees who may not be tech-savvy, and offer to help them out.
• Install antivirus and anti-theft software on all devices. When your employees are using company devices at home, there's a higher risk of falling victim to malware, ransomware, identity theft or other cyber attacks. The reason is simple: they probably don’t have the same security protocols as you do at the office. A sophisticated home antivirus software will protect your WiFi network and webcam against various cyber attacks, and scan attachments and images for viruses. ESET (News - Alert) has a suite of software to keep your company (and its data) safe, and all programs are updated regularly to respond to new cyber threats. If you need to install software on a number of devices, check out the Business Security Packs.
• Encrypt all data. Chances are, your employees share data every day — and hackers know how valuable data is to a company’s success. With that in mind, all data should be end-to-end encrypted, and access should be limited to the employees who need that information to do their jobs. As for how to encrypt data, most operating systems fully encrypt stored data and prevent unauthorised access, so ask your employees to keep up with updates. If your company devices don’t have that feature, consider investing in a third-party data encryption software.
• Look into endpoint protection. The Internet and Cloud have made it possible to work remotely, as we can access information no matter where we are in the world. The downside? This opens up opportunities for hackers trying to access our wireless devices. ESET Cloud Office Security detects and analyses potential attacks, and protects devices from spam, malware and phishing attacks.
• Choose the strictest security settings for tools like Zoom and Microsoft (News - Alert) Teams. We’re using online collaboration tools more than ever, but they’re not without their flaws. To tighten security, make full use of  built-in security features like waiting rooms and meeting passwords.

#2 Pay attention to possible scams

In the cybersecurity world, one of the biggest lessons of the pandemic was to not take the bait! Phishing attempts (or email scams) have always been popular among cybercriminals, but they exploded in 2020 — in fact, people lost $57 million to phishing schemes in 2020 according to the FBI’s Internet Crime Complaint Center.

Hackers are opportunities, so they’re taking advantage of the fear and uncertainty around COVID-19 to send phishing emails. Their goal? To steal your data or extort you for money. Healthcare-related scams aside, we’re seeing an uptick in classic phishing emails pretending to be from banks, social media sites and online stores.

While phishing emails often look authentic, there are a few red flags, like requests for sensitive information (like passwords or credit card numbers). You can also look out for typos in the subject line or body copy, weird language, or email addresses that don’t match the company’s URL or previous emails you’ve received from them. There might also be suspicious links or attachments in the email — if you hover over the link and spot a strange URL or file type (like .exe or .zip), that’s a clue the email isn’t legitimate.

If you get a phishing email, take action right away to mitigate any damage. Here’s what to do with suspicious emails:

• Don’t open any emails from unknown senders, or with odd subject lines.
• Mark suspicious emails as spam, or report them to your company’s IT department.
• Avoid clicking on links or attachments.
• Scan attachments using your antivirus software, and update your software if you accidentally click on a link.
• Don’t reply to requests for personal or financial information. Instead, call the supposed sender (like your bank) to confirm whether they emailed you.

#3 Use multi-factor authentication (MFA (News - Alert))

On a typical workday, employees might hop between email, storage drives, payroll software, messaging platforms and video-conferencing programs. With all of that movement, it’s important to use multi-factor authentication solutions.

This requires you to provide at least two forms of verification before you can access the site or system you’re trying to enter. For example, your employees might type in their password, and then enter a code they received via email or text. This makes it more difficult to unlock your accounts and gain access to sensitive information.

And it works. This work from home cybersecurity step blocks 100% of automated attacks, according to Google! To help you protect your business against attackers, the Australian Cyber Security Center has put together practical guides on how to set up multi-factor authentication on your various accounts.

#4 Train employees on cybersecurity best practices

Sometimes, cyber attacks are successful because of human error — like an employee opening a phishing email or clicking on a link that downloads a virus to their computer. Your employees might not be aware of cybersecurity best practices, which can leave your company vulnerable to a breach.

That’s where cybersecurity awareness training coms in. Whether you run a small business or a large corporation, it’s a good idea to set up a training that teaches employees how to protect their devices and networks and flag any threats.

Along with the other tips we mentioned, these are key points to cover:

• Create strong passwords, and change them every 60 days. Your password shouldn’t reveal personal information or be easy to guess. The more random it is, the better — so use unusual phrases and include a mix of numbers, capital letters and special characters. You can also improve password security by using a password manager.
• Rename your home internet network. Your router probably has a default name, and you want to change that to boost your home router security. Ideally, your WiFi network’s name or Service Set Identifier (SSDI) shouldn’t mention your name, address or phone number.
• Update your security settings. To encrypt data, go to your network settings and select WiFi-Protected Access 2 for your network (also known as WPA2) and pick AES for your algorithm.
• Never skip software updates. Manufacturers are constantly releasing patches and fixing flaws, which is why those notifications pop up all the time. To stay on top of cybersecurity, it’s important for staff members to accept updates as soon as they receive them.
• Use your work devices for work purposes only. Avoid storing personal passwords or information on your company devices, and use a different browser if you’re searching the net outside of work.

Get more work from home security tips

One of the upsides of the pandemic was that it made workplaces more flexible, but it also opened the door for hackers to do their dirty work. Luckily, there are a few ways to strengthen your company’s cybersecurity and give yourself the peace of mind in knowing your data is safe.

Questions? Get in touch with ESET to learn about the best home antivirus software for employees.

Author bio: ESET is a global internet security company, providing threat detection solutions for businesses and consumers in more than 200 countries and territories.