Cybersecurity in Remote Work: Protect your Internet use
Now that Remote Work became a bigger reality with the COVID-19 outbreak, cybersecurity has gained a whole new level of importance.
In this article we will cover the How’s and Why’s and offer strategies and tips to keep all your devices and data safe from cyberattacks.
An indirect result of the world’s attempt at fighting the spread of Covid-19 has been the shift towards remote work. In many countries governments have instructed companies to make their employees work from home unless they are in an essential business.
Whilst many articles have been written on the benefits of remote working, less have focussed on its challenges. One that has been mainly overlooked is cybersecurity for remote workers.
What is cybersecurity?
Cybersecurity refers to the measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack. (Merriam-Webster dictionary)
In particular, it means the application of technologies (such as computer programs), processes (such as “Best Practice”s), and controls (such as protocols) to protect systems, networks, programs, devices, and data from cyber-attacks.
We already use cybersecurity measures in our personal life, as we want to keep our files private and secure, and that is why so many of us have an antivirus installed on our computers.
But… Is that enough?
Why is cybersecurity important for remote workers NOW more than ever?
There are several reasons why cybersecurity should be everyone’s concern. The obvious ones are keeping confidential information safe, protect sensitive data, defend proprietary files, and data integrity. That applies to digital workers as well as companies and organisations alike.
However, the world has never had so many employees working from home. Many are talking about a global experiment on remote work caused by Covid-19.
A 2020 Buffer study showed that 98% of interviewed would like to continue working remotely at least some time, for the rest of their career.
The answer to the question “Are we going to keep working remotely after the pandemic?” also hinges on whether we can do that cyber safely or not.
We are off to an encouraging start, though. It seems that people at home tend to follow security protocols more closely. Conducted between April 15 and 23, 1Password’s survey targeted 1,000 desk-based knowledge workers in the United States, with half of them IT professionals. Among the IT workers polled, 63% said they believe employees are actually adhering to security guidelines better when working from home. And 58% of the employees agreed with that assessment. A conclusion they drew was that people working in offices are lulled into a greater sense of security, which doesn’t necessarily translate when you’re working by yourself at your home.
How to be cyber secure if you work remotely?
Generally, when you work in an office, cybersecurity is taken care of for you. We rely heavily, and somewhat blindly, on our IT department and know that as long as we don’t step out of line, we can’t be blamed.
Now that we have taken our work home (or somewhere else when possible), it is on us to keep it safe. Is it safe on our computer? Is it safe in our communications? Is it safe when we transfer information or hand in the final product?
“Allowing employees to access critical business systems and data from machines and networks you don’t manage or trust means the risk grows exponentially.” — Alex Willis, BlackBerry’s Vice President, Sales Engineering and ISV Partners
The endpoint – Computer security
If you’re working on a company issue computer, then the IT department would have set it up with protection. Even so though, have you really never forwarded something to your own email to “check in on the go” or edit it in front of the TV, or your home printer is only connected to your own device, etc.
If you have your own device, or are a freelance, keeping your work safe and confidential falls entirely on your shoulders.
When you work remotely, you have to make sure that the endpoint (your computer) is fully protected so that not only malware and attackers can’t steal data but they can’t change it. For instance, financial and healthcare institutions in particular need to be aware that protecting the data also means maintaining the integrity of the data as well.
That means that you need to spend time checking your antivirus protection and activating your computer’s and router’s firewall.
Hot tip: Make sure your router password is complicated and long, ideally between 12 and 20 characters long.
The connection – Network security
When you work on your company’s network, there are layers of security in place protecting the company’s sensitive data. Who has not had to request permission from IT to access a certain program or have to log in a second time to certain systems?
When you work at home on your personal network, you work without some of those layers of security, which means your data becomes more vulnerable. Your own home network and the tools you use to communicate with coworkers or clients are all vulnerable to certain threats.
You should never trust a public Wi-Fi and you should make sure that yours is secure, encrypted and hidden. If you’re working remotely, you can help protect data by using a virtual private network (VPN).
Types of cyber-attacks in Remote Work
Two of the most common cyber-attacks are:
A phishing attack is an attempt to gain information. A common phishing attempt is an email that asks you to verify your credentials, check recent transactions, or make a donation to charity. They often include a link to click that takes you to a page where you can enter the personal information they are after.
To protect against phishing:
- Always look carefully at the email address a message was sent from, not just the name of the sender. You can do so by clicking on the name if that’s the only part that shows. Make sure the email address is completely correct because often fake email accounts will look very authentic except for one or two letters being different.
- Only exchange personal information by phone or a secure medium. No organization or coworker should ask you to share them over emails.
A domain is the address of a website; it’s what you type into the search bar to reach a specific website. Domain spoofing is when an attacker includes a link that looks like it leads to a legitimate website, but it actually leads somewhere else. This kind of attack is very simple.
A more sophisticated type of domain spoofing attack occurs when attackers actually build a website that looks legitimate and uses a very similar URL. Victims visit the site and enter their credentials, thinking they are entering the correct site, only to have their credentials stolen.
To protect against domain spoofing:
- Hover your mouse over links before clicking on them. In many web browsers, a box will pop up showing you the actual URL contained in the link. If the link says safewebsite.com, but the text in the box says something different, then you know this site is suspicious.
- Pay close attention to the spelling of URLs. If even one letter is off, be suspicious.
- If you are suspicious of a link, use one of these free link checking tools to make sure it is actually the link you think it is.
How to share data safely
An integral part of working from home involves sending and receiving data. It’s essential that you learn to do it safely.
Emails are generally a viable exchange system, as long as you took our previous advice and set up a secure VPN.
Another option, that many remote workers use, is platforms like Dropbox, OneDrive, iCloud, or Google Drive. They are generally a good enough solution. They all encrypt data in transit, while it’s transferred in and out of the cloud. Some also encrypt it at rest, when it’s stored.
However, if you are using a Cloud or a SaaS (Software as a service) solution, you are trusting that vendor with the security of your data. They also do not provide a clear insight into where sensitive data resides thus it’s an IT concern. To answer both concerns, you could pre-encrypt your data before trusting it to these platforms and use tools such as MFT (managed file transfer). It provides data security, centralized access controls, file encryption, and activity tracking. Your choice depends on how sensitive your data is.
Cybersecurity for beginners, 5 easy actions to take:
- Don’t store or share sensitive data online
- Don’t use the same password for everything, adapt to each account
- Change your passwords at least twice a year
- Make sure you have Antivirus software installed
- Set up a VPN for public Wi-Fi networks
Cybersecurity – How is our Remote Work community staying safe?
As always, we had to ask our amazing Support Community for Remote Workers of Nomad X what they are doing in regard to cybersecurity, some tips and tricks they do to keep everything safe, and these are a few answers that reflect the whole reaction from the group:
- “I use 1 secure password and adapt this to each site in a way that I can easily identify when I see the site. It works like a charm. 💪” – Kim
- “LastPass creates and stores all the passwords and I can even collaborate with clients and keep their passwords safe. I only have to remember one super-long password :)” – Mirakme
- “Have 5 different passwords for everything and alternate them. Change them for some others every 4-6 months.” – Carlos
- “If you really want to be safe, you have to use generated secure passwords for every single site – or similar strengthened ones. The next question is the security of the services we use to store them. If you really need to make sure no one can access it – I think you can’t use any services. I personally use Lastpass as well, but it’s not like nothing can’t ever go wrong. I use it, while I consider all these kinda services as a liability.” – Timo
- “I was a phishing victim once and that completely opened my eyes!! I try to have an adapted password for every account and use VPN on every public wi-fi!” – Miguel (from TravelB4Settle)
- “Stopped using “password” as a password :C” – Joshua
Remote work may not be temporary… The present may be the future! We hope this article helps you raise your cybersecurity and keep all your devices and data safe. Is there anything else you do to stay safe in the online world? Let us know in the comments.
NOMADX is a real estate technology platform developed to meet the needs of the rapidly growing global community of location-independent remote workers, or “Digital Nomads”.
As Digital Nomads ourselves, we know what the market is looking for: trusted, affordable accommodations in highly-attractive locations worldwide at 50% less than AirBNB. We also offer educational masterclasses to help master the lifestyle as well as community events to help foster new friendships.
Please join our community of Digital Nomads and remote workers from around the world:
ABOUT THE AUTHOR
Matilde & Miguel are a Portuguese couple who combined the passion for traveling with entrepreneurship and became Digital Nomads. They created the TravelB4Settle brand in late 2017 and since then they focused on Content Creation and Digital Marketing. Their main goal is to inspire and educate others to become Digital Nomads and help businesses all around the world to grow their presence online.