Cybersecurity is an increasingly persistent threat, driven by global connectivity and use of cloud services to store sensitive data and personal information. With a majority of employees working from home indefinitely, there has been a massive shift in corporate devices connecting to at-home networks, outside secure company firewalls. Along with the continued surge of personally owned connected devices, Internet of Things (IoT), and growing cadre of remote workers, the attack surface continues to expand.
The “attack surface” is the total number of points or vectors a bad actor can attempt to attack.
The majority of cyber attacks encountered while working from home can be mitigated by practicing basic cyber hygiene routines.
February 9th, National Safer Internet Day calls upon all stakeholders to join forces against cyber threats to make the internet a safer place for all. In support of this initiative, we outlined a few best practices you can implement for a more secure work from home environment.
Five Ways to Prevent Cyber Attacks at Home
Secure your home Wifi router
- Keep your firmware up to date! Use WPA2 AES, disable WPS, and do not broadcast your network SSID. Center your signal and adjust signal strength to cover just the intended area.
- If possible, consider purchasing your Wifi router, allowing you to select a model that meets your needs rather than having to use the one provided by your ISP.
- Some modern models allow you to create profiles or containers where you can group kid’s devices or all IoT devices to have a unique policy applied with more restrictive settings.
Use a secure browser and VPN, TOR when needed
- NEVER use public wifi. This technology improves your online security and privacy. Also, encryption of your data prevents numerous forms of Man in the Middle attacks.
- VPN, secure browsers, and search engines (such as DuckDuckGo) will provide privacy; TOR will provide anonymity.
Invest in a Reputable Anti Virus Software
- Anti Virus solutions protect your hardware, emails, cloud environment, IP information, and data.
- It is essential to keep this software up to date with the latest virus definitions.
Use strong passwords
- Change all default passwords! Manufacturer configured passwords are easily found online and will be the first one an attacker will try.
- Use password complexity: minimum of 8 characters (or more), consisting of upper and lower case letters, numbers, and special characters.
- For additional security, change your passwords every 90 days.
- Apple users rejoice! Macs using IOS12 or later have a feature that automatically creates strong passwords for you.
Backup your data
- Maintain encrypted backups of your most essential data in multiple locations, such as on an IronKey external USB drive as well as the cloud.
- Having your backup in multiple places mitigates the chance of losing data to a ransomware attack, hardware failure, or stolen device.
This is by no means an all-inclusive list of security against cyber threats, but it does provide a good foundation for an employee working from home. If you are a business owner or responsible for information security, make sure your workforce has general awareness and education of company cyber policy as well as procedures and how to respond to common attacks such as phishing scams. Practicing basic cyber hygiene by eliminating low hanging fruit vulnerabilities will discourage hackers and send them searching for an easier target.
Making the internet safer is a continuous process that requires constant vigilance and maintenance. The slogan “Together for a better internet” reminds us all a safe internet is everyone’s responsibility. If you’re interested in learning more or getting involved in future Safer Internet Day campaigns, check out their website to learn more or join the conversation online using #SID2021.
About the Author
Tyler Gorman is Program Manager at RIVA Solutions. Tyler has 15 years of experience in the security field holding roles such as consultant, auditor, and penetration tester supporting the Army, NOAA, and many small to medium-sized clients in the private and non-profit space. Tyler is a Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and Security+ certified professional. If you’re interested in learning more about RIVA’s cybersecurity practice area, reach out to Tyler.