Stay Cyber-Safe while working remote

With COVID19 now reaching nearly every spot on the planet, lots of us are forced to work from home as much as possible. Whilst before this pandemic, teleworking wasn’t possible for everyone for various reasons, it now has become the standard way of working for many. This sudden change is not stress-free since besides the technology aspect, teleworkers also have to adapt how they collaborate from remote with their colleagues, partners and customers in getting things done. On top of this, it’s not a normal remote working situation. People often need to balance the time they work with parenting, suffer from social distancing, and are bombarded with a never-ending flow of alarming news about this virus and its impact.

People with less good intentions see all these new teleworkers as an opportunity to make money abusing their sudden changed way of working and the current emotions of fear, uncertainty, and doubt around this virus.
Another challenge for organizations is making sure that confidential data such as customer information and company secrets are still protected in the same way as before, and that the integrity of essential business processes like invoicing and purchasing remains in place.

Some tips to safely work from home:

  • Since the COVID19 outbreak, there is a considerable uplift in phishing attacks that try to obtain access to your system or steal your credentials. Besides email, also text messages and calls are used to accomplish this. An attacker crafts emails or text messages, seemingly coming from a trusted source and with familiar content such as your supplier, your bank, or from government agencies involved in combatting COVID19, and either attaches a malicious file that looks like a normal document or asks you to click a link. Teleworkers in stressful times click more on links in dodgy emails than usual and criminals will play your emotions to lure you into their scam. Also informational messages might be used to trick you into visiting malicious websites, examples are COVID19 spreading map websites that try to spread Malware onto your computer.
    Hence, be extra vigilant when you receive emails asking you to review a document or to click a link that asks for your credentials. Always try to validate if the source is real. When in doubt, get in contact with the sender via phone or instant messaging to validate the authenticity of the message. When this would not be possible, get in contact with your IT department.
  • A sudden changed way of working could impact your fraud detection capability. ‘Four-eye’ or social validation checks of invoices that used to work in the physical world with people sitting next to each other might need to be translated to remote working procedures that provide the same outcome. For example, get in contact with your supplier via phone if you receive a request to update a supplier’s bank account number that is used to pay the bills. Don’t check this via email as your contact’s email might have been compromised too.
    We also see fraudsters abusing a famous brand’s name contacting companies with the message that they are looking for new suppliers as their existing stocks have been depleted because of Corona. Make sure to check the authenticity of a company that is suddenly asking you for a quotation and where you haven’t done business with before.
  • Always follow the guidelines from your organization with respect to teleworking and IT policies in general. When in doubt, get in contact with your IT department or HR.
  • People tend to become very creative in finding workarounds when they got stuck while working from home. If you can’t get your work done by following the standard process, get in contact with your manager or IT department to find a solution. Don’t get creative by for instance sharing company information with others through non-company approved solution such as WhatsApp, Dropbox, Google Hangouts, personal email, etc. You might be exposing this information to third parties with no control whatsoever, hereby putting both corporate and personal data at risk for a potentially very long time.
  • When in the office, there is usually a process to securely dispose paper documents that contain sensitive information. At home, this will be less apparent, as such keep all paper documents in one place so that you can take them with you to the office later on for secure disposal or when available use a shredder at home that meets your company’s standards with respect to secure disposal. Never throw away work-related documents without making them unreadable first. 
  • Make sure each of your computers, mobile devices, programs and apps are running the latest versions and updates of its software. Cyber attackers are constantly looking for new vulnerabilities in the software your devices use. When they discover vulnerabilities, they exploit them and hack into the devices you are using. Meanwhile, the companies that created the software for these devices are hard at work fixing these vulnerabilities by releasing updates. By ensuring your computers and mobile devices install these updates promptly, you make it much harder for someone to hack you. To stay current, simply enable automatic updating whenever possible. This rule applies to almost any technology connected to a network, including not only your work devices but Internet-connected TV’s, baby monitors, security cameras, home routers, gaming consoles or even your car. Also make sure to change the default password on these devices as default credentials will be found and abused by hackers, giving them a way into your home network and all other connected devices.
  • Protect each system with up-to-date end-point protection software (e.g. anti-virus, anti-phishing, web-protection).
  • Kids / Guests: Something you most likely don’t have to worry about at the office is children, guests or other family members using your work laptop or other work devices. Make sure family and friends understand they cannot use your work devices, as they can accidentally erase or modify information, or, perhaps even worse, accidentally infect the device.
This article was written for Prevent, a knowledge centre that develops and disseminates knowledge about sustainable work.  It is published in Dutch and French as well.