IT Department

Cyber Security while working from home

By: Jeff Shrum, Information Technology Manager

As businesses rushed to comply with Executive Orders or simply for ensuring the safety of their employees during their response to COVID-19, a target rich environment was offered to cyber criminals with so many moving to working from home.  Employees no longer have that daily, immediate face-to-face interaction and communication that allows information to flow freely.  People are much more dependent on technology to communicate within their own groups.  Attackers are taking advantage of that, while also taking advantage of the fact that many people who are working from home have not applied the same security on their networks that would be in place in a work environment.  Below are some tips to help companies and individuals navigate these uncharted territories.

  • Encourage employees to keep in contact with the business.  Employees need to engage constantly within their groups and with the company.  Good communication within a group will keep them and the business up to date on anything abnormal that is seen.  
  • Maintain good password hygiene.  Employees should use complex passwords and change these passwords frequently.
  • Update systems and software.  Individuals should install updates and patches in a timely manner.  This includes home devices attached to their network.  All devices that talk to the outside world need to be secured to prevent vulnerabilities.
  • Secure your WiFi access point.  People should change their default settings and passwords in order to reduce the potential impact on their work of an attack via other connected devices.
  • Use a virtual private network (VPN). VPNs can help create a trusted connection between employees and their organizations and ensure ongoing access to corporate tools. Corporate VPNs provide additional protection against phishing and malware attacks, the same way corporate firewalls do in the office.
  • Be wary of COVID-19 scams. There are many phishing e-mails, malicious domains and fake apps out in the wild already with COVID-19 themes. Threat actors love to exploit real-world tragedies, and this one is no different.
  • Don’t mix personal and work. Employees should use their work devices to do work and their personal devices for personal matters. If you wouldn’t install or use a service while you’re at the office, don’t do it while at home on your work device.