Working from home? Protect your computer from attacks
The COVID-19 pandemic has resulted in an unprecedented number of employees working remotely, many for the first time.
Here are some guidelines we share with our associates to ensure their work is safe and secure. These tips are universal; you can use them to make your work-from-home experience more secure as well.
Protect confidential information
Don’t save your company’s confidential data on your personal devices. Don’t print it from your home printer.
Secure your home Wi-Fi network
This is most likely how you’ll connect to any third-party or corporate networks, so make sure it’s secure! The two most important things to do are:
- Change the default admin password on your router. If you’re not sure how to do this, check the documentation for your particular model or visit the manufacturer’s website.
- Make sure your network requires a strong password for connection, and make sure it’s not the same as the admin password.
Don’t let family or friends use your work computer
This could accidentally expose confidential information, or worse, they could accidentally infect your device — which could then spread to the entire network!
Make sure all your devices are up to date
Your company’s IT department likely has set rules regarding device updates. But if you’re using a personal device, make sure you have set it up to update automatically.
Why? Because attackers are always looking for vulnerabilities to exploit. Once a new vulnerability is discovered, companies like Microsoft work hard to patch those holes with updates.
Computers aren’t the only devices that should be updated regularly. This should be done for all of your smart devices, like TVs, baby monitors, security cameras, etc.
Be aware of social engineering
This includes phishing emails, but it may also come in the form of phone calls or messages. According to sans.org, the most common tip-offs to a social engineering attack are:
- Someone creating a tremendous sense of urgency, often through fear, intimidation, a crisis or an important deadline.
- Pressure to bypass or ignore security policies or procedures, or an offer too good to be true (no, you did not win the lottery!).
- A message from a friend or coworker in which the signature, tone of voice or wording does not sound like them.
If you are uncertain about the validity of a call or message, slow down and verify. Tell the person you will get back to them — then contact them on a phone number or email address you know to be valid, not one they provide you.
If it’s an email, don’t click any links or use the reply button. If your email service or IT department has included a “Report Phishing” button, be sure to use it.
Whether using a work computer or your own home network, you are the first line of defense against digital attackers. Stay safe, stay smart and stay secure.
Jeri Leonard, CISSP, is a technical team lead with Spartanburg Regional Healthcare System’s Information Security department.