A Gartner survey of company leaders found that 80% plan to allow employees to continue to work at least part of the time remotely. Additionally, employees have begun allowing work travel again. However, whether you are at home, traveling, or working from a coffee shop, being outside of your company’s four walls limits the amount of security control. As an employee, it is key to maintain productivity wherever your office is for the day, but imperative you remain dedicated to protecting your data.

In the September Security Awareness News, we dive into remote security, including:

  • Being a Human Firewall at Home
  • Security Awareness for Travelers
  • Mobile Device Security

Being a Human Firewall at Home
Working from home blends convenience for employees with security challenges for organizations. Unlike traditional work environments, home offices limit various security controls typically implemented to protect data and reduce risk. That limitation places more responsibility on remote workers, who not only must maintain productivity expectations, but also maintain a firm dedication to security awareness. With that in mind, here’s how you can become a human firewall at home and secure your office-away-from-the-office:

  • Know and follow policy
    • Organizational policies are designed to protect everyone’s privacy and improve overall security. Those policies still apply when you work from home. In fact, there may be additional policies that remote workers must follow. It’s your responsibility to know what they are and to never circumvent them for any reason..
  • Click with caution
    • Phishing attacks don’t suddenly go away when you leave the office. In fact, with so many people working remotely, cybercriminals have capitalized on new phishing opportunities (malicious video call invites, for example). Always thoroughly inspect messages and never click on a link or attachment unless you can confirm it’s safe.
  • Protect your network
    • Secure your home network and WiFi with strong, unique passwords. Consider setting up a guest network for visitors, which prevents them from accessing any shared files or devices. Make sure your router is always running the latest firmware and software updates.
  • Separate work and personal
    • Don’t use work devices or accounts for personal reasons. If you have approval to work on a personal computer, protect it with antivirus software and ensure it receives crucial security updates. Additionally, never let other members of your household access anything work-related.

Security Awareness for Travelers
Whether traveling for work or for pleasure, be sure to pack your security awareness skills for the journey. Additional threats emerge in the physical world, requiring an additional focus for travelers. Don’t leave home without paying mind to these tips and tricks for security on the go.

  • Update before departing
  • Enable “find my phone” services
  • Mind your things
  • Use discretion
  • Avoid public WiFi
  • Have a backup plan
  • Remember policy

Mobile Device Security

There are over four billion active smartphones in the world today. Most of them have an unprecedented amount of access to personal and professional data, including bank accounts, social media profiles, email addresses, payment services, and more.

The convenience of this access ushers in nearly endless opportunities for cybercriminals, who continue to escalate attacks on mobile devices. As such, we need to respond with equivalent measures that improve security and ensure data privacy.

We can accomplish this without sacrificing too much convenience. In fact, the path to mobile device security is a familiar one with three main areas of focus: networks, applications, and phishing.

  • Network Security
    • Many devices will save and automatically reconnect to networks they’ve connected to in the past. This convenient feature gets abused by cybercriminals who create malicious, imposter networks designed to steal data. If you’re curious about how such an attack is possible, look up “WiFi pineapple” (a device that creates rogue access points). In the meantime, prevent your device from remembering public networks and consider disabling WiFi when not in use.
  • Application Security
    • Last year alone, there were over 218 billion applications downloaded by smartphone users worldwide. You might call that a target-rich environment for scammers, who often create malicious applications that serve no purpose other than to steal information or money. Don’t get scammed. Research developers and read reviews before installing anything. After installing, limit permissions as much as possible. Many applications ask for access to text messaging, location, pictures, and so on. Only allow the minimum permissions necessary for functionality purposes.
  • Phishing Prevention
    • If you check email on your phone, then you need to be alert for phishing scams, which are sometimes less obvious in mobile environments with smaller screens. Smartphones can be infected with malware, so don’t click on any links or download any attachments unless you can confirm they’re trustworthy. Additionally, note that smishing attacks (phishing via text message) are becoming more and more common. They often feature warning signs similar to traditional phishing such as threatening language, a sense of urgency, poor grammar, and suspicious links. Always think before you click!

As a reminder, if you use a work-issued device, always follow policy regarding what
applications you may install and what networks you may connect to.