However you slice it, remote working is making itself at home as a new norm.
Chances are you've caught up on some work-related emails from your sofa today, or you've spent your morning in online meetings. Maybe this afternoon's plans involve starting your latest report from the backyard while you enjoy a piece of cake and a coffee.
Whether remote working is a choice or a requirement for you, you'll want to be able to use all the tools and services you need to get your job done, just like you do when you're in the office. You'll be able to access some of these tools from the cloud, and others may live within your organisation's network.
We use the internet so much these days that it's become part of the furniture. It's easy to forget that just by accessing our organisation's systems and data online, we're being exposed to cyber security risks — and when we're exposed to those risks, so are our organisations.
So, what are some of the significant risks, and how can we manage them?
Common cyber security risks when working remotely
Whether you're working from home or using a Wi-Fi connection from somewhere else, there are a few important things to keep in mind.
- You’re probably not the only person working remotely, and since people on your team will be in different places, they’ll be connecting from a bunch of different IP addresses (the unique address that identifies your device on the internet or a local network). That means your work systems will be set up so they can accept connections from different locations on the internet — this is necessary, but it comes with some risk.
- You won't always be able to trust the network you're using.
- You won’t be in your usual work setting or office, which makes it more likely that someone who shouldn't be able to access your computer will be able to do so — which also makes it more likely they can access your organisation's network. Not ideal.
Think about remote access to your systems as a doorway into your organisation. Having the right security tools and practices in place makes sure only the right people are allowed in because they have the key that unlocks the door.
But just like with actual buildings, unwelcome prowlers may try to find an open window or an unlocked backdoor. And if they're successful, they'll have access to your organisation's network and systems.
If your organisation has a policy on connecting to its network and tools securely when you're remote, that policy is your friend. Follow it to the letter, and you'll be in a much safer spot.
Not all organisations will have a policy like this, though. If that's the situation you find yourself in, here are some easy tips you can follow to cut down the potential security risks of working remotely.
Protect and lock your devices, and take them with you if you’re going somewhere
- This point is essential if you're in a public place, but even if you're at home, make sure your devices are protected with a PIN or password and get into the habit of locking your screens when you step away from them.
- Keeping your devices secure can save you plenty of headaches, and practicing this while you're at home will set you up nicely for any higher-risk situations.
Use secure, trusted Wi-Fi networks
- Wi-Fi networks that are public, free, or openly accessible (no password required) might seem convenient, but they're best avoided for connecting to your work accounts. You don't know how they're set up or who could be on the network with you. Treat them as untrusted places and think about what would happen if someone was to see your internet traffic.
- If you have to use a public Wi-Fi network, it's best to use a virtual private network (VPN). Using a VPN creates a secure tunnel between your device and another location on the internet. Your IT support should be able to help you get this set up if it's an option your organisation uses.
- If you're using your network at home, change the default Wi-Fi password to a more secure one. Check out CERT NZ’s guide to securing your home network if you’d like to know more about how to do this.
Use strong, unique passwords, and keep them safe
- If your password habits could do with some work, you're not alone. That said, poor quality passwords have been linked to a whopping 81% of data breaches (based on data from Verizon’s 2017 Data Breach Investigations Report), so now's as good a time as any to sort those habits out.
- Choose long, unique passwords (more than 16 characters) and avoid reusing them across different accounts. You can even make up a password by stringing together names of 4-5 objects — say, "correct-horse-battery-staple".
- Long passphrases and passwords aren’t as easy for mobile devices, but you can use a long PIN instead. Just avoid ones that are easy to guess, like your birthday or “1234”.
- Once you have these passwords, store them safely. Password managers are great if that's your jam, but as long as you don't write down your passwords and leave them where people can easily find them, you're off to a great start.
Keep your software up to date
- You know those annoying notifications you keep getting about updating your software? Turns out they're trying to be helpful! All our devices run on software, and all software has the potential for security flaws. As those flaws are discovered, the software is updated to guard against them — but we have to apply the updates to get the benefits.
Staying secure without the office safety net
When you're in the office, your IT environment probably has some security controls in place, like firewalls, access control, or data encryption. You may never have thought about these things before or even known they were in place, but they're there to protect you. Neat!
That's great for when you're in the office, but when you're not, it's up to you to take some extra precautions to protect yourself and your connection to your organisation. These precautions also come in handy when you're travelling for work — even if "travel" just means hopping on a bus across town.
Here are a few steps you can take to start building your own safety net.
- Stick with using your own devices for accessing your work accounts. Using someone else's devices can open a real can of worms. You never know what was downloaded or installed on that device before, so it's best not to risk accessing your organisation's tools or network from there.
- Keep your work devices for work only. It's hard, we know — but resist the temptation to let others use your work devices. With cyber security threats being so common these days, it's 100% possible for your kids to accidentally download malware to your work machine while playing an online game.
- Use your mobile device as an internet hotspot. If your mobile data plan is up to it, this is an excellent option for secure online access while you're out and about.
- Secure the connection to your organisation. Your organisation might provide remote access software, like a VPN, that lets you securely connect to your organisation's office network. Only use the remote access software that's installed and supported by your organisation. Keep your remote access software up to date, and be sure to restart your computer after applying software updates.
What to do when something goes wrong
As much as we try to do everything right, there'll always be situations where things don't go according to plan. It could happen to any of us, so the best thing we can do is be prepared.
Get these 3 things in place now to make life easier for future you.
- Have the contact details of your IT support team saved on your phone or written down somewhere safe.
- Know who to contact if something unexpected happens to your devices or any of the tools you use.
- Make sure you have a backup strategy in place and can recover critical data if you need to.
Security for everyone and everywhere
At SafeStack Academy, we believe cyber security skills and knowledge are essential for every organisation, no matter if they're big or small.
Many cyber security awareness training programmes are made for bigger organisations, so we've created our online Security Awareness training programme with smaller teams in mind.
Everyone has a part to play in staying safe online, and we're here to help your team grow their cyber security superpowers with our budget-friendly, bite-sized courses. Grab a free 14-day trial with full access today.