The global pandemic has forced companies worldwide to rapidly shift and adapt to a primarily remote workforce and decentralised network environments. Unfortunately, employees who are worried about a potentially deadly virus, or who feel underprepared and overwhelmed by the various challenges of working from home, have quickly become the number one target for cybercriminals. Working remotely is rapidly becoming a new standard operating procedure, which is why we’ve put together a list of 21 best practices to help you maintain a strong security practice in 2021, regardless of where or how you get your work done.
1 Install Essential Security Protections
Ensure all your devices, whether company-issued or personal, are protected by actively licensed antivirus and antimalware solutions.
2 Keep Hardware & Software Updated
Cybercriminals will exploit security vulnerabilities in your hardware and software systems. To keep your systems as secure as possible, you need to install security patches right away.
3 Security Practice for your Home Network
When working from home, make sure you’re using a wireless network that is secure and password-protected. Never use the default internet router credentials. Always change them to maximize security.
4 Use a VPN to access company resources
Using a VPN, or virtual private network, while accessing company data or applications helps protect your privacy by encrypting all traffic and data being transmitted.
5 Enable Multifactor Authentication
Multifactor authentication enforces strict control over who logs in to company systems and applications, ultimately protecting against unauthorized access of confidential data should your individual credentials be compromised.
6 Secure Personal Devices
If you have permission to work and access company systems with your personal device, it is imperative that you implement encryption for all data assets and internet traffic and make certain your device is password-protected.
7 Follow Company Password Policies
Weak passwords and bad password hygiene will impair even the best security practice. Make sure you are adhering to your company’s password policies and criteria requirements.
8 No personal devices without a BYOD policy
Using an unsecured personal device for work can expose your company’s network and systems to security risks and cyberthreats or even data theft. Do not use a personal device for work without adhering to your company’s BYOD policy.
9 Learn All About and Adhere to Company Security Policies
An essential security practice when working remotely is to follow your company’s IT and security policies. This helps you securely access your company’s data, networks and resources, and minimise risks.
10 Beware of Phishing Scams
Security risk is one of the trade-offs of remote work and threat actors can easily execute phishing scams. Be cognisant! Read emails carefully before responding and avoid malicious links.
11 Back Up Everything
Data loss can result from a variety of incidents, such as system failures or accidental deletions, and can cause costly downtime. Make sure all files and data are backed up regularly and securely according to your company’s backup policies.
12 Avoid Using Public Wifi
Although it’s free, public WiFi is unsecured and can expose your device and any confidential or sensitive company data to significant security risks. If using a public WiFi connection is unavoidable, always use a secure VPN.
13 Secure Online/Virtual Meetings
Unlike in-person meetings, authenticating attendees is difficult in online meetings. Use one-time PINs or access codes and MFA to ensure only authorised personnel are attending the meetings.
14 Lock Your Device or Log Out When Not In Use
An unlocked device is an invitation for trouble. Make it a habit to lock your device when unattended.
15 Never Share Passwords or Credentials
Never share your passwords or login credentials with anyone — colleagues, family members or friends.
16 Company Issued Devices Are For Your Use Only
Never allow family or friends to use your company-issued devices or any devices that contain private, sensitive or restricted company data or systems.
17 Avoid Printing or Writing Down Sensitive Information
Avoid the risks that come with protecting documented, confidential information by never printing or writing down any sensitive or private data. If necessary, keep records securely locked and out of view.
18 Pay Attention to Prying Eyes
While working from a public place, such as a coffee shop or a library, pay close attention to prying eyes. Skilled shoulder surfers could easily identify sensitive information and obtain your credentials.
19 Company Devices are not for Personal Use
Using company-issued devices for personal activities, such as online shopping, gaming or social networking, puts your company’s sensitive data at risk and could introduce malware into the devices.
20 Stick to Company Approved Communication Resources
Do not use personal emails for business communication. Always use company-provided resources, such as corporate emails and collaboration tools, to communicate or share documents and other information.
21 Complete Security Awareness Training
Make sure you complete the training programs to learn the strategies, measures and actions needed to protect yourself and your company.