Guest blog: Working wisely means working securely - By Krista Montie - Communications Manager - Global Cyber Alliance
/As the world grapples with a global pandemic, many businesses have been forced to move their day-to-day operations from offices to their employees’ homes. This global remote workforce creates new security risks for businesses, their customers, and their employees, with a significant increase in phishing, malware, and other malicious activity. It is a fitting time to celebrate Work Wise Week 2020 this week and National Work from Home Day on Friday 15 May in the U.K. and put a spotlight on how to work remotely, yet securely.
The Global Cyber Alliance (GCA), along with a coalition of nonprofit organisations from across the globe, launched the Work from Home. Secure Your Business campaign in March focused on shoring up the defences of a newly remote workforce.
The campaign provides clear, actionable guidance including links to tools and step-by-step instructions to put better security in place in the home environment. The campaign incorporates the GCA Cybersecurity Toolkit for Small Business, which offers free and effective tools for immediate action to reduce cyber risk.
Since the launch of the campaign, the coalition has grown to 23 nonprofit organisations, including several based in the UK.
Work From Home. Secure Your Business focuses on several key areas to help users work wisely while working remotely:
Patch to Protect
One quick, easy way to vastly improve security is to apply any security updates, or patches, immediately to ensure your devices are always up to date.
· Anything that is on your network, storing your data, or connecting your devices should be patched.
· Laptops, tablets, phones, and office and home routers should all be configured securely and updated.
· Turn on auto-updates. For most devices this will only take a few minutes each.
Take time to review the guidance provided within the Patch to Protect section of the website.
Sign in Securely
Knowing who is on the network and accessing your information is crucial. An important way to help with that is the use of multi-factor authentication (also known as two-factor authentication, or 2FA).
2FA requires multiple credentials, making it much harder for an attacker to gain access to your accounts. With 2FA, a user needs the following:
· Something you know, such as a password; and/or
· Something you have, such as a token (Google Authenticator, Authy, Okta, RSA, etc.) or a verification code sent to your phone; and/or
· Something you are, such as your fingerprint or face (biometrics).
Depending on your environment, the actions that need to be taken to implement 2FA will differ. If your organisation has a centralized work environment (servers are located at a central office), then the IT department will most likely use RSA, Symantec VIP, or some sort of corporate 2FA mechanism. If your organisation is more decentralized and using the cloud for many services, this is where you and your IT department will enable 2FA on those services and have users download an authenticator tool such as Google Authenticator or Authy. You can find more detailed guidance in the Sign in Securely section of the website.
Defend Against Phishing and Malware
Phishing emails, along with malicious websites and social media links, all pose risks. They are primary vectors behind business email compromise attempts, stolen credentials, ransomware, viruses, and other types of online threats.
Currently there has been a huge increase in phishing and other malicious web activity related to the COVID-19 pandemic. The criminals behind these attacks use social engineering to trick people into giving up their data or clicking on a link.
· Add a protective DNS service, such as Quad9, to block access to known malicious websites from phishing emails, bad social media links, and other types of web-based attacks. Setup is easy and only takes a few minutes. Learn more here.
· Make sure you have current anti-virus software on your computers.
Should you receive an email you believe to be suspicious, forward it to report@phishing.gov.uk. This service is provided by the National Cyber Security Centre (NCSC). The NCSC offers a wealth of guidance and advice for UK businesses to stay safe online; take some time to look around it.
Public Wi-Fi Wisdom
Public Wi-Fi networks are often not secure; however, improvements in the use of encryption have made them better. Home networks and mobile or personal hotspots (like those offered by many wireless carriers via your mobile phone) are the preferred way to connect to a corporate network, but we understand that at times public Wi-Fi may be the only option. Here are some guidelines for using it with security in mind.
· Patch and Update: Ensure that your device’s operating system, browser, and any other apps you will be using are up to date. Many websites use encrypted connections (your browser will warn you if a site does not), which reduces your risk.
· Trust and Verify: Verify the name of the Wi-Fi service you want to use. Be wary of “rogue” Wi-Fi hotspots (often hijacking the name of a business you might trust) which may attempt to steal your login credentials.
· Use a VPN if Required: A Virtual Private Network (VPN) encrypts communications between your device and another network. The vast majority of websites use encryption, reducing the need for a VPN. If your company requires it, follow their directions on how to install, configure, and use it while you are away from the office.
· Consider Additional Encryption: If your work involves sensitive data that requires extreme protection, consider the use of a specialized secure messaging system such as Wickr or Signal.
In addition to the guidance above, Work From Home. Secure Your Business includes the Work From Home Community Forum where people can ask questions and get help from community security experts, including from GCA and other nonprofit organisations. The forum also contains additional resources, including resources from non-campaign partners and government agencies, with new content posted regularly.
We invite you to celebrate Work Wise Week 2020 and National Work from Home Day by checking out the Work From Home. Secure Your Business campaign and learn more about taking steps to make sure you are working securely as you work remotely.