More and more Americans are working remotely due to the stay-at-home orders during the current COVID-19 pandemic. How can your organization ensure the security of your communications and data with so many employees working from home?
How to Safely Work from Home
Non-technical users tend to be complacent about cybersecurity – especially when working from home. They may engage in risky behavior without knowing that it’s risky, and expose your organization’s data to unnecessary threats of intrusion or attack.
To help your staff prepare for the increased amount of remote work, here are ten tips they should apply to reduce cybersecurity risks.
1. Don’t Use Public Wi-Fi
Employees should be instructed to never connect via public Wi-Fi for work purposes. Data and communications sent over these unsecured networks are at risk of hijacking and eavesdropping. Instead, users should save their work until they’re connected to their more secure home network. If an employee must connect in public, they should configure their phone as a hot spot and connect their computer to that.
2. Connect via a Private VPN
Another option for employees connecting in public is to use a virtual private network, or VPN. A VPN, like AWS Wickr’s Smart VPN, provides a secure private tunnel from the user’s device to the corporate network. Hackers cannot easily access VPNs — especially those with end-to-end encryption — providing a secure connection even if the user is connecting over an unprotected public hotspot.
3. Use Strong Passwords
Users should always be encouraged to protect their data, apps, and devices with strong and unique passwords. Half of all users use the same passwords for personal and work accounts, which is risky. Hackers can easily crack weak passwords and gain access to all of the other passwords and sensitive data stored on a stolen device. A device protected by a strong password or biometric credentials is less susceptible to hacking.
4. Enable Two-Factor Authentication
Along with strong passwords, users should be encouraged (if not required) to enable two-factor authentication (2FA) on the devices they work on from home. 2FA provides an extra layer of protection for company devices and data, especially if passwords or other credentials are weak or leaked in a data breach. The extra step can involve email or text verification, or fingerprint or face recognition.
5. Enable Strong Security Protections
All remote workers should enable strong security protections on the devices they use for work. This includes installing a strong anti-malware utility and enabling their device’s firewall.
6. Protect Devices in Public
One of the biggest risks with remote workers is having their computers, phones, and tablets – especially work-issued devices – lost or stolen. Users should never leave their laptops or cases unattended in public; this includes not leaving their devices in their cars.
7. Use Work Computers for Work
Remote workers should use their work computers for work only, not for personal matters. Likewise, they should not do company work on their personal computers or devices. Company-issued devices are typically more secure than personal devices and should get priority use for work matters.
8. Back Up Data
To ensure that all essential data is still available if a computer stops working, is lost, or gets stolen, it’s important for all data on that computer to be regularly backed up – ideally to a cloud-based backup service. This way, if something bad happens, the user’s work data can be easily restored to a replacement device.
9. Guard Against Phishing Scams
Research shows that a third of all data breaches start with a user being fooled by a phishing scam into providing credentials or personal information. IT staff should train all employees — especially remote workers — how to spot and thwart phishing emails and texts.
10. Use Encrypted Communications
The most sensitive data and communications can be secured from unauthorized access via the use of encryption. Data files and emails can be treated with simple encryption, although more sensitive communications and data should be sent via stronger end-to-end encryption, such as that used by AWS Wickr. With end-to-end encryption, only the sender and recipient can decrypt the data – anyone intercepting the message midstream can’t view or otherwise access the encrypted data.
Choose AWS Wickr for Secure Encrypted Communications
AWS Wickr is a robust and secure communications platform ideal for use by a company’s remote workforce. All AWS Wickr communications – including voice and video calling, group collaboration, and file sharing – are protected by end-to-end encryption. AWS Wickr also offers a Smart VPN for employees connecting from public hotspots.