Since the start of the Covid 19 pandemic, remote working has rapidly gone from something which was seen as the preserve of a few workers in the IT sector, to something which is now part of the fundamental work pattern for many of us, regardless of where we work. Although a lot of people have returned to their office spaces since the peak of the pandemic, hybrid working is now the norm for many. In fact, 44% of UK workers now work either fully remotely or on a hybrid pattern, as opposed to only 5% working mainly from home before the pandemic.
This new-found flexibility has brought a raft of benefits for both employers and their staff. However, logging on to your work computer from home also carries its own risks. With the whole world being digitised, these risks are an issue for any company whose staff work from home, and those staff members, whether working in IT or any other field.
In this blog, we will explore why cyber-security concerns all of us. We will look at specific cyber threats and how to combat them, as well as familiarising ourselves with cyber security best practices for remote workers.
What is cyber security and why is it important for remote workers?
The National Cyber Security Centre defines cyber security as “how individuals and organisations reduce the risk of cyber-attack”. This is done by protecting computers, servers, networks, and data from unauthorised access, damage, or theft.
This is particularly important for remote workers, who are at increased risk due to the fact that they are logging on to their corporate networks from outside the office – often from their homes, or in some cases from a public network. Relying on potentially unsecured internet connections leaves the user vulnerable to various cyber threats, such as malware, data breaches or phishing attacks as it means that any other user also on this public network with the right capabilities can see your activity and hack into your data or sensitive information.
3 Tips for being safe while using public Wi-Fi
- Only visit websites with HTTPs as these are secure websites. HTTP means they are not secure and therefore higher risk of a cyber-attack.
- Switch to mobile Hotspot instead of public Wi-Fi.
- Try using a virtual private network, also known as a VPN, which can help to protect your data as the network is more secure.
Another vulnerability for remote workers is that they may also be connecting via their own laptop rather than a company device. Personal devices often lack the robust security of their corporate counterparts. They may have weaker password protection, their software is usually updated less frequently meaning it may not always have the latest patches, and as they are used for both work and personal activities, there is always the risk that malicious websites may inadvertently be accessed, and nefarious software downloaded.
All of these factors potentially increase exposure to malware or virus attacks, which can compromise sensitive corporate data.
Understand the different types of cyber attacks
There are many different cyber-attacks in which bad actors attempt to steal passwords, financial credentials or other sensitive data, both from companies and individuals. It is important to be familiar with the most widespread methods.
● Malware is any program or code that is created with the intent to do harm to a computer, network or server. Malware is a blanket term which covers many attacks which leverage software in a malicious way, such as ransomware, trojans, spyware, viruses, worms, keyloggers, bots, and cryptojacking (where bad actors hack a device and use it to mine crypto without the owner’s consent).
● DoS (denial of service) attack—disruption of end-user access to the wireless network by sending de-authentication packets. This floods a network with false requests, in order to disrupt business operations.
● Phishing attacks use email, SMS, phone, social media, and social engineering techniques to trick a victim into sharing sensitive information, such as passwords or financial credentials, or into downloading malicious files which install viruses on their device.
● Man In The Middle (MitM attacks), which encourage users to disconnect from their session and reconnect to a rogue access point, such as an Evil Twin.
● Ad-hoc networks or peer-to-peer Wi-Fi networks typically involve a corporate-issued device connecting to another non-corporate network that may have been set up as a wireless network by a malicious actor. Connecting to one of these makes it easy for malware to infect a network since its traffic is not going through the corporate network firewall.
How to counteract the most common cyber threats
Malware countermeasures include: installing reputable anti-virus software and keeping it up to date, exercising care when downloading attachments or installing software, and keeping your system updated with the latest security patches.
DoS attack countermeasures include: monitoring the network in order to filter out malicious traffic, and using firewalls and IPS (intrusion prevention system) solutions to block traffic from suspicious sources.
Phishing scam countermeasures include: only clicking on links or opening email attachments if you are sure of their veracity, enabling spam filters, and educating yourself about phishing techniques.
MitM countermeasures include: using encryption protocols such as SSL/TLS (HTTPS) to protect data from being interfered with, ensuring that your Wi-Fi is secure, by avoiding public networks and using a reliable VPN, and enabling 2FA (two factor authentication) when logging on, so that confirmation from an extra device such as your mobile is needed in order to you to access the network.
Cyber security best practice – 5 top tips to keep yourself safe when working remotely
1. Use strong, unique passwords. Keep them safe and change them regularly. Enable 2FA or MFA (two or multi-factor authentication).
2. Enable 2FA or MFA (two or multi-factor authentication) whenever possible, to give you an extra security layer by requiring a second form of verification, such as a code sent to your mobile device.
3. Take updating seriously. From your personal mobile to your company laptop and anything in between, all your devices should be regularly updated with the latest security patches against known vulnerabilities which nefarious players can exploit. This is especially important when it comes to your web browser and operating system.
4. Exercise extreme caution with links, attachments and downloads, especially those from an unknown source. If in doubt about something received by email, contact the sender for confirmation that it is genuine before proceeding.
5. Educate yourself! If you keep yourself informed about the latest malware, phishing scams and other security threats, you are more likely to notice a red flag when it pops up. And don’t be shy about sharing any information you have with your friends and colleagues. The more people who are aware of such scams, the less effective they will be.
Stay safe online with Freestyle TS
Whether you are an employee who works from home, an employer whose staff work remotely or on a hybrid regime, or just a regular internet user, cyber security has never been more important. As a Cyber Essentials Plus member, Freestyle TS works hard to keep your data safe by providing cyber security solutions for a range of businesses. Speak to us today to find out how we can help you become Cyber Essentials certified to instil confidence and reassurance to your customers that you business is secure.
If you want a free phishing test which you can send to all your employees or friends to make sure that they are as cyber-secure as possible, get in touch with Freestyle TS today.