1. Securing home Wi-Fi
Strengthening the security of a home Wi-Fi network is a relatively straightforward action that employees who are working from home can take to boost cybersecurity.
You can access your router’s settings page by typing the router’s address which is typically ‘192.168.0.1’ or ‘192.168.1.1’ into your browser and changing the default password that was provided with the router. Make sure that you create a strong, unique new password. You can also change the name of your wireless network (SSID: Service Set IDentifier), on the same page to make it more difficult for anyone to identify and access your home Wi-Fi network. Avoid using your name, address, or any other personal information that could be used to identify you.
Enable network encryption, via the security settings on your wireless configuration page. You will have several security methods to choose from, such as WEP, WPA, and WPA2. The strongest, if you are using newer hardware, is WPA2.
Always ensure that you have the latest version of your firmware by regularly visiting your router setting page. Software updates are essential tools in addressing potential security concerns.
Every device that connects to your network has a unique MAC address. You can limit network access to specific MAC addresses. If you know the addresses of verified devices, you can add these to your wireless router’s settings. Only these devices can then connect to your Wi-Fi network
A VPN is a Virtual Private Network. Often when you work from home, you are required to connect to your organisation’s VPN connection. All organisations should take the necessary steps to ensure that their VPNs are as secure as possible and educate staff on best practices and policy but having it in place still provides cyber criminals with a possible 'back door’ to exploit.
VPN security can be enhanced in several ways:
- Quality antivirus /security software
- Configure wireless routers and personal firewalls to protect home networks.
- Update passwords regularly
- When the VPN is not required, it should be turned off, including any time the device is turned on for personal use.
- VPNs often require a username and password. It is possible to upgrade to the use of a smart card.
- Enhanced encryption methods for VPN access, including the use of a Layer Two Tunnelling Protocol (L2TP).
A simple and straight forward security recommendation is to strengthen your passwords on all of your devices and apps.
The best passwords are long (at least 12 x characters), strong, and unique (numbers, symbols, capital, and lower-case letters). Password manager apps save and manage all of your passwords in one safe place and can be useful if you have multiple passwords to remember. Your devices should be set up to look for a password every time you access them. If your device is breached or is stolen, it then becomes more difficult for a third party to access any sensitive data.
4. Email security
Emails are one of the most common methods of communication used by employees but are also one of the most commonly used methods (eg. Phishing) that cybercriminals use to exploit and compromise organisations.
Since the onset of Covid-19, organisations around the world have invested heavily in additional resources such as laptops, to equip their employees for a remote working environment. This has increased the volume of devices that organisations have in circulation and consequently, has increased the likelihood of a device being lost or stolen. Most modern devices are set up to encrypt data while at rest, protecting emails and data if they are lost or stolen but it is the duty of every organisation to ensure that this is the case. On some devices, encryption may have to be manually turned on.
Emails should only be accessed securely using the organisation’s VPN. This creates an encrypted network connection that authenticates the user, device, whilst encrypting data in transit between the user and your services.
5. Home antivirus and internet security software
One of the best and most obvious security recommendations to organisations is to invest in a quality, comprehensive antivirus suite for employees. It is worth bearing in mind when purchasing security software, that the outlay could prevent a cyber-attack from causing enough monetary, operational, and reputational damage to take down an organisation temporarily or permanently.
These products are designed to provide silent, unobtrusive, protection against all manner of attacks: ransomware, malware, DDoS , spyware, viruses, trojans, and many others. They will also regularly automatically update, evolving to combat new and emerging cyberthreats.
Quick employer / employee checklist:
Are your organisations devices secured by company-approved antivirus and internet security software?
Is encryption enabled and configured on all devices, including for Zoom/Teams? Have you enabled ‘Find my device’ and remote wipe on all devices?
Do you keep your operating system and software up to date?
Do you have and encourage the use of two-factor authentication?
Do you have aVPN, is it set up correctly, and kept up to date with security patches?
Do you store data in the cloud?
Do you have remote working policies and are they enhancing your organisational cybersecurity?
As an employer, how effective is the level of cyber security awareness training you are providing to your employees? Does it provide them with sufficient knowledge to….
- Secure their home Wi-Fi?
- Usea VPN?
- Create strong, secure passwords?
- Identify a potential phishing scam, avoiding clicking on links or opening attachments in suspicious emails?
- Backup data?
- Understand company IT Policies
- Shadow IT don’t use software or devices that have not been approved by IT department.