Staying cyber-safe while working from home
The Australian Cyber Security Centre has shared their tips on how to protect your data, and your work data, while working remotely during COVID-19. We've summarised their advice below.
1. Beware of Scams
Unfortunately some people see our current global pandemic as an opportunity to take advantage of others and scam people out of their
money and data.
The major changes and disruptions we're seeing in everyone's personal lives and business practices, including transitioning to working from home, can be an attractive target for cybercriminals.
Official advice from the ACSC on avoiding scams is as follows:
- Exercise critical thinking and vigilance when you receive phone calls, messages and emails.
- Exercise caution in opening messages, attachments, or clicking on links from unknown senders.
- Be wary of any requests for personal details, passwords or bank details, particularly if the message conveys a sense of urgency.
- If in any doubt of the communicator's identity, delay any immediate action. Re-establish communication later using contact methods that you have sourced yourself. For more ACSC information on how to identify and protect yourself from scams
We have an article here on identifying scam emails.
2. Use strong and unique passphrases - not passwords
The new rule of cyber security is that passwords aren't enough. Strong passphrases are the recommended first line of defence e.g. full sentences or phrases.
Use strong and unique passphrase on all your devices including laptops, mobile phones and tablets - especially anything with important data stored on it. The trick with this is still to pick one that you will remember, it's not secure if you have to write it down!
You should also use different passphrases for each website and app, especially those that store your credit card details or personal information.
If you use the same email address and passphrase as a login on multiple accounts and websites it means that if one is compromised, the rest of your accounts are vulnerable. It's only one key opening all your locks.
3. Implement multi-factor/two-factor authentication
Most people have come across multi-factor or two-fator authentication now. It's becomming widely used, and often required, for popular websites, applications and systems (such as Xero).
Multi-factor authentication is one of the most effective controls you can implement to prevent unauthorised access to your data, it makes it much harder to access your systems. Scammers or hackers might get access to your PIN or passphrase, but it is very difficult to steal the correct information for all steps of your multi-factoring authentication.
Multi-factor authentication can use a combination of:
• Something the user knows (a passphrase, pin or an answer to a secret question).
• Something the user physically possesses (such as a card, token or security key).
• Something the user inherently possesses (such as a fingerprint, or retina pattern).
Fingerprint scanners also provide an additional level of security, if it's supported on your device. It's also much more convenient and less time consuming.
4. Update your software and operating systems
It is important to allow automatic updates on your devices and systems like your computers, laptops, tablets and mobile phones. Often, software updates (for operating systems and applications, for example) are developed to address security issues. Updates also often include new security features that protect your data and device.
5. Use a Virtual Private Network (VPN)
This is getting a little bit more technical now, and more towards the business-owner end of the spectrum of responsibility.
Virtual Private Network (VPN) connections are popular method to connect portable devices to a work network. They also secure your web browsing and remote network access.
If you're interested in using a VPN to help your employees log in to your work systems remotely, you should contact an IT consultant to ensure everything is set up securely.
If your workplace is using a VPN, you should familiarise yourself with your organisation’s VPN requirements, policies and procedures - especially regarding passwords and shared devices.
6. Use trusted Wi-Fi
Free Wi-Fi is insecure and can expose your browsing activity. Cybercriminals have been known to set up rogue Wi-Fi hotspots under false names and can use the connedction to intercept communications, steal your banking details, passwords, and other valuable information.
Use trusted connections like (most obviously) your own home internet, or your mobile internet service hotspot.
So while using a public, free wifi source could be tempting, it's not something you should be using to access important data.
7. Secure your devices when not in use
Never leave your device unattended and lock your computer when not in use, even if it's only for a short period of time.
You should also carefully consider who has access to your devices. Don’t lend laptops to children or other members of the household using your work profile or account.
They could unintentionally share or delete important information or introduce malicious software to your device.
If you do share your computers or devices with family or your household, have separate profiles so that each person logs in with a unique username and passphrase.
8. Avoid using portable storage devices
When transporting work from the office or shop to home, portable storage devices like USB drives and cards are easily misplaced and if access isn’t properly controlled, can harm your computer systems with malware If possible, transfer files in more secure ways such as your organisation's cloud storage or collaboration solutions. When using USBs and external drives, make sure they are protected with encryption and passphrases.
9. Use trusted sources for information
Cybercriminals often use trending topics such as COVID-19 to spread false information and/or to scam people.
Impersonating, cloning or creating websites to look genuine, or sharing false information on social media are common ways.
Be sure to only use trusted and verified information from government and research institution’s websites. Think critically about the
sources of information that you use and balance all evidence before believing what people share.
For more information and advice from the Australian Cyber Security Centre, visit their website: https://www.cyber.gov.au/.