Cyber Security risks and how to keep safe working from home

4 mins

When remote working, what can you do to make sure you keep protected from Cyber-attacks? &...

When remote working, what can you do to make sure you keep protected from Cyber-attacks?

Remaining vigilant and doing simple things will help to prevent hackers from gaining access to any information and keep your business network secure.

  • If you receive an unusual email from a colleague, check that it has come from them. The true email address will be visible at the top.  If it is not, you can click on reply to see the actual address from where it has come from. Delete immediately and then inform your colleagues to be wary of such emails.
  • Phishing emails can have a business name attached to them to fool you into thinking it is an official email, such as a Banks name or Internet Provider. Use the technique above to double-check the real sender.
  • Do not open any attachments or links from senders you are not familiar with. If there is a link, by simply hovering your mouse over the link, will display what website you will be routed to.
  • If you are asked for personal and private information, do not under any circumstances respond.
  • If you are unsure of an email, speak to your IT team or forward it on so they can check for you.

This may seem like an obvious one, but people can be lazy when it comes to passwords.

  • Use password management tools rather than local storage
  • Follow the guideline of creating strong passwords. Ensure they are at least 8 characters long and include special characters, uppercase letters and numbers.
  • Two-step authentication can provide extra security. If you are running Microsoft Windows 10, you can turn this function on and Google Authenticator can also provide extra security.

WIFI Security
With your home WIFI, there are a few things you can do to make it more secure. Some easy steps for you to follow are:

  • Change the name of your Network – Most Providers will provide you with a router with a predetermined username and password - they are typically printed on a label somewhere on the device. Many people stick with this default login, but the standard username and passwords are fairly well-known. The SSID (the name that is displayed when scanning for networks) is usually a provider-related name, eg SKYXXX, BTXXX, VMXXX, or the manufactures name, eg, Netgear, Belkin, etc. This gives the hackers information on what type of router you have and how they can exploit it to gain access. Change the name to anything you wish without giving away information.
  • Change the network Password – Just as the network name, this will usually be located on your device. Change it to ensure maximum security.
  • Deactivate WPS – Wifi Protected Setup is not available on all routers. It is a mechanism used to make the connection of wireless devices easier bypassing the need for a password. It is usually activated by a button on the device labelled WPS.  Some experts question its security and to be on the side of caution, just deactivate it in your router settings. 
  • Do not broadcast your network – It usually defaults that your network will broadcast its SSID for users to find when scanning for networks. By removing that function and keeping your network hidden will obviously make it more secure.  There are issues with doing this, as not only will unwanted devices not be able to detect your network, neither will your devices.  All it means is you will have to manually enter the network name for your devices to pick it up. 
  • Enable your router firewall – Numerous routers have programmable firewalls that can be switched on or off. Under the router settings, makes sure yours is enabled.  It's not completely infallible, but it is worth adding another security layer. The firewall will filter the data checking what is safe whilst blocking unauthorised access.  Tools such as Norton, Kaspersky include firewalls adding even more security. 
  • Ensuring the router's firmware is up to date – As with everything the router will have firmware that needs to be updated. The majority will update automatically but check your router settings to check if there is an update. 
  • Unknown Devices – Check to see what is connected to your network and make sure there are no unknown devices. You can as well, filter MAC addresses. All devices including phones will have a MAC address, if you use an iPhone you can find it under Settings>General>About>Wifi Address.  If you are using an Android under Settings>General>About>Wifi MAC Address. You can then filter MAC addresses and only accept access from approved devices.  If you are unsure how to access your Routers control settings, you can use a search engine to look it up. 
  • Never share Passwords – Keep this information private and do not divulge it with anyone outside your organisation, or household. 
  • Act with caution with downloading applications - Quite often these can hide malicious data, so check the source of where they are from and check they are from a reputable app store.

 Providing a Secure Business environment
Businesses will ensure that they provide a secure environment, with known websites, systems, software, and tools approved.  Any websites that may pose as a threat will be blocked.  The security may become compromised if employees are using devices with no supervision, uploading new tools or systems, or accessing websites.  To pre-empt any risks and security threats, you need to ensure that staff know if there is a desire or need for a new system, tool or software to be used by them, that there is a clear process for giving approval and integration into your systems.

As with every eventuality, communication is key. With organisations varying in size, industry and sector, different security challenges that will require a much wider scope of security measures to be put in place. Keeping the flow of information cascading through the ranks and encouraging staff to report anything they suspect is imperative.  Information is power and warnings about what they should be on the lookout for is important.  As is the information from yourselves and how you are combating the potential cyber-attacks and what extra measures you are putting in, will reassure your employees.