According to a survey by OpenVPN, 36% of organizations experienced a security incident caused by the actions of a remote employee.

The rushed response to COVID-19 in the business arena has created massive gaps in cybersecurity, and security incidents have increased as a result. Because of this, remote workers find themselves as prime targets for cyberattacks.

Hackers at all levels of motivation have redoubled their efforts to capitalize on the disarray as businesses adapted their transactions and supply chain processes to be more paperless. The volume of phishing campaigns increased from roughly 3,000 per month to over 40,000 per month since stayat-home orders were implemented, all while IT departments are struggling to combat traditional network assaults.

Ensuring that remote workers make a conscious effort to practice safe cybersecurity practices provides the best defense against data breaches and business disruptions. Though not an exhaustive list, we’ve outlined some hidden dangers to remote work and some precautions that can be taken for safe computing at home.

This brief is intended for organizations with employees working remotely, perhaps for the first time, and who are handling sensitive information such as that associated with the manufacturing industries, financial and legal services, and health care. That said, any business with employees working on home computers and laptops, all with questionable levels of security, stands to benefit from this brief.

Unsecure Home Networks

Your router is the heart of all communications for your connected devices.

Home network routers are not managed by your company’s IT departments which means they demand special attention to ensure they aren’t compromised by hackers who are either sitting in a vehicle outside of your home, or trying to breach it remotely. Once a hacker has breached your router they have the ability to:

• Redirect you to a web page that phishes for your credentials
• Eavesdrop on your communications
• Dupe you into installing malware-laced versions of legitimate software
• Spy on you via Internet-of-Things (IoT) devices
• Use your devices to mine cryptocurrency
• Disable your router and prevent internet access
• Change the admin password used to access the router

Factory default administrative passwords are widely published. Use a strong password: 16+ alpha-numeric characters, avoiding dictionary words.

Use WPA2 or WPA3 strong wireless encryption.

Weaker WPA and WEP encryption make it very easy hackers to gain access to your router Use a strong password: 16+ alpha-numeric characters, avoiding dictionary words.

Hide your SSID

An SSID (or Service Set Identifier) is your network name. If your network is not visible, it is much less likely to be targeted. You can hide it after logging into your router administrative web page. Also, use a password protected Guest Network, not just for guests but for IoT devices so that they can’t reach sensitive devices on you main network

Update your router’s firmware.

Firmware updates fix crucial security flaws and are released regularly by the router manufacturer. .

Enable the firewall

Most modern routers have a builtin firewall that will deny all unsolicited inbound internet connections.

Improper Device Usage

Computer access control and maintenance is critical to prevent unauthorized data storage and data loss.

Our devices can be a bit of a free for all in a hectic home environment, but special care needs to be taken for our work issued computers. Securing these devices while away for the corporate network is challenging for IT departments. Through proper usage, we can reduce data loss and security breaches.

When using personal devices for business, it is important that employees make them as secure as possible in addition to following the company issued Bring-Your-Own-Device guidelines.

Refrain from using your work computer for personal business.

Not only does this reduce the presence of personally identifiable information (PII) being improperly stored on company owned devices, it also reduces the likelihood of family members or guests installing applications, falling for phishing scams as they check their mail, or visiting malicious websites

Use your company’s Virtual Private Network (VPN).

Many companies have implemented VPN’s that will encrypt all connections to the company network which makes sending e-mails and files much safer

Check-in / Backup your work at end of the day to the company servers or cloud.

Returning your files to company systems so that they can be properly stored and backed-up is critical in the event that your computer is compromised by ransomware

Use a reputable anti-virus application obtained directly from the vendor/publisher and enable automatic operating system updates.

Use the Firefox or Chrome web browser and keep them updated for maximum security

Use a VPN service when accessing public Wi-Fi. Hackers will be unable to read your encrypted transmissions.

Use a standard “User” account for everyday computer usage and a “Admin” account only when needed to prevent unwanted system wide changes

Poor Password Hygiene

Most reported data breaches are caused by weak, default or stolen passwords.

The dark web contains troves of passwords that were harvested from data breaches and phishing campaigns. Due to poor password hygiene employed by most users, hackers have found it easy to access e-mail, financial, cloud storage, and social media accounts as most people use a single password across all of their accounts and do not change them frequently.
If a hacker obtains access to your personal or business email account, they will have a gateway to compromise your other accounts, customers, or transactions. Therefore password security is paramount for your business and personal digital safety.

Use a strong password.

d. Check how strong your password is at: www.HowSecureIsMyPassword.net . Use a mixture of upper and lower-case letters, numbers and symbols. Avoid names, places and dictionary words where possible, and use at least 16 characters..

Use different passwords for each of your accounts

This insures that hackers can’t access to your other online accounts if one password gets compromised. Also, never reuse the same passwords. Consider using a password manager from LastPass, DashLane, or KeePass that will help you keep track of all passwords.

Don’t save your password in browsers.

Most modern browsers offer to save your credentials when you log into a site. The data is not encrypted and can allow a hacker easy access. Also, do not store passwords in a .txt file or any other unencrypted means. Ideally use a password manager.

Use Dual/Two Factor Authentication or Two-Step Authentication for websites and services.

If your password is compromised, two-step authentication deters malicious logins. Check www.twofactorauth.org to see a list of supported websites.

Be cautious when using someone else’s device to check your work e-mail.

Since you can’t be sure that the device is malware free, use a private session (like Incognito mode) to prevent sensitive data storage if you must.

Avoid phishing scams.

. If you receive an email from someone you don’t recognize, don’t reply, click on any links, or download attachments. Verify the domain names and email addresses of all senders and call the sender first before executing any financial transactions.

The Next Step in Hardening Your Defenses.

When it comes to keeping your data, assets, and transactions safe, you need experts on your team. COSEC delivers comprehensive cybersecurity consulting services from experienced professionals who face the gamut of cyberthreats every day.
Discover how COSEC can assess security threats to your technology and processes, and implement an Employee Cybersecurity Awareness Program that addresses the human element of security breaches.
Our advisement will help executives and IT Departments answer the following questions:

• Are you able to prove that your business is in compliance with HIPPA, NYDFS, FFIEC, GDPR, NIST, and other State regulatory privacy and security standards?
• Is cyber insurance right for your business and how much coverage is necessary?
• Have you measured the cybersecurity awareness of your employees?
• Are you sure that your vendors are protecting your data and will notify you when they are breached?
• Are you using the right technologies, are your systems up to date, and can you recover from a disaster?

EXPERIENCE COSEC’S INDUSTRY-LEADING CYBERSECURITY AT YOUR BUSINESS

COSEC is wholly-owned subsidiary of Cozen O’Connor that leverages the knowledge, processes, and technology of a global law firm with over thirty offices to provide superior cybersecurity consulting and advisory services to traditionally underserved small business, family office, and private clients.
Our cybersecurity and organizational controls have a perfect record of SOC 1 Type 2 AND ISO 27001 compliance.

Contact us today to schedule a free consultation.