Cybersecurity Awareness Work-from-Home Guide
Everything you need to know to create a secure work-from-home workforce during the COVID-19 pandemic and beyond.
Quickly train employees to work from home safely and securely.
In response to the coronavirus pandemic, organizations worldwide are implementing work-from-home policies. Yet for many businesses, managing an entirely remote workforce is completely new, which means they may lack the processes, policies and technologies that enable employees to work from home safely and securely. In addition, many employees may be unfamiliar or uncomfortable with the idea of working from home.
You need to think of your employee’s location as an extension of your office. Therefore the same protections you have in place at your office need to be applied to your employee remote location.
This should include but not limited to:
- Firewall
- VPN
- Virus and Malware Software
- Identity management access control
- 2FA (two-factor authentication)
- Secure work environment
Not many employees have applied any or all of these to their home environment and think it’s immune from cybersecurity protections. This is a myth.
Working From Home Securely
For larger organizations that need to roll out a security training initiative to secure your workforce, use the Cybersecurity Awareness Work-from-Home Guide below. For very small organizations, families or individuals, simply reference the factsheet below.
For Organizations – Securely Work-from-Home Guide
This kit provides a strategic step-by-step guide on how to quickly execute an awareness initiative to secure your remote workforce, including how to identify what to teach your workforce, the top risks to focus on, what departments to coordinate with and how to effectively engage and communicate to your workforce.
5 Tips for Securely Work-from-Home Guide
1. You
You are the best defense, technology can’t replace your awareness and response thinking.
Cyber attackers have learned how to leverage social engineering to exploit our human weaknesses. Things like using urgency time pressures, fear and authority sounding communication.
If cyber criminals want access to your password they are going to manipulate you through phishing campaigns. This can include email, text message (SMS) and social media invites. They will try to trick you into giving them your password by cloning your login screen or sending you a message that you want to access. Then when you click on the link they provide it takes you to a page that asks you to log in to that account. But it’s a fake login screen that redirects to the real login screen.
Here are common phishing email threat indicators:
Urgency: Someone creating a tremendous sense of urgency, often through fear, intimidation, a crisis or an important deadline. Cyber attackers are good at creating convincing messages that appear to come from trusted organizations, such as banks, government or international organizations.
Policies: Pressure to bypass or ignore security policies or procedures, or an offer too good to be true (no, you did not win the lottery!)
Contacts: A message from a friend or co-worker in which the signature, tone of voice or wording does not sound like them.
2. Your Home Network
Almost every home network starts with a wireless (often called Wi-Fi) network. This is what enables all of your devices to connect to the Internet. Most home wireless networks are controlled by your Internet router or a separate, dedicated wireless access point. Both work in the same way: by broadcasting wireless signals to which home devices connect. This means securing your wireless network is a key part of protecting your home. We recommend the following steps to secure it:
Change the default administrator password: The administrator account is what allows you to configure the settings for your wireless network. An attacker can easily discover the default password that the manufacturer has provided.
Allow only people that you trust: Do this by enabling strong security so that only people you trust can connect to your wireless network. Strong security will require a password for anyone to connect to your wireless network. It will encrypt their activity once they are connected.
Make passwords strong: The passwords people use to connect to your wireless network must be strong and different from the administrator password. Remember, you only need to enter the password once for each of your devices, as they store and remember the password. You should be using passphrases and not passwords learn more about that here.
Not sure how to do these steps? Ask your Internet Service Provider, check their website, check the documentation that came with your wireless access point, or refer to the vendor’s website.
3. Passwords
When a site asks you to create a password: create a strong password, the more characters it has, the stronger it is. Using a passphrase is one of the simplest ways to ensure that you have a strong password. A passphrase is nothing more than a password made up of multiple words, such as “bee honey bourbon.” Using a unique passphrase means using a different one for each device or online account. This way if one passphrase is compromised, all of your other accounts and devices are still safe. Can’t remember all those passphrases?
Use a password manager, which is a specialized program that securely stores all your passphrases in an encrypted format (and has lots of other great features, too!). Finally, enable two-step verification (also called two-factor or multi-factor authentication) whenever possible. It uses your password, but also adds a second step, such as a code sent to your smartphone or an app that generates the code for you. Two-step verification is probably the most important step you can take to protect your online accounts and it’s much easier than you may think.
4. Updates
Make sure each of your computers, mobile devices, programs and apps are running the latest version of its software. Cyber attackers are constantly looking for new vulnerabilities in the software your devices use. When they discover vulnerabilities, they use special programs to exploit them and hack into the devices you are using.
Meanwhile, the companies that created the software for these devices are hard at work fixing them by releasing updates. By ensuring your computers and mobile devices install these updates promptly, you make it much harder for someone to hack you. To stay current, simply enable automatic updating whenever possible.
This rule applies to almost any technology connected to a network, including not only your work devices but Internet-connected TV’s, baby monitors, security cameras, home routers, gaming consoles or even your car.
5. Kids and Guests
Something you most likely don’t have to worry about at the office is children, guests or other family members using your work laptop or other work devices. Make sure family and friends understand they cannot use your work devices, as they can accidentally erase or modify information, or, perhaps even worse, accidentally infect the device.
Most Wifi routers provide you with an option to have a guest network. This is the network you should connect your kids and any guest’s digital devices. This isolates guests and children who can do strange things from your work network.
Your work network should be your sacred space, and when you treat it as such you will become more secure.
Helping Business Owners start conversations about their cybersecurity culture. Cybersecurity does not have to be like chasing Bigfoot. Quantify your cybersecurity risk and instantly understand your vulnerabilities with ChatFortress Cybersecurity Report Cards. Your Cybersecurity Report Card will be automatically generated within seconds… tell us your website URL and let us amaze you!Gain the Hacker’s View of your Cybersecurity Risk in Seconds with your Free Cybersecurity Assessment!
Discover How Hackers Exploit Your Business… If you had a no cost quick and easy way to check the safety of your business from cyber-attacks, would you do it?
Discover Your Cybersecurity Risk in Minutes for FREE!
Nothing to Install, Nothing to Download, Anyone Can Do It!Enter a website URL below to claim your report card instantly!
Who is ChatFortress
ChatFortress is a leading cybersecurity company helping business owners protect their assets from cybercriminals. We provide companies with access to the latest technologies, social engineering and human behavioral strategies, and user education to create a proactive cybersecurity culture. Helping you fortify your business against cyberattacks.
Detect and Remove BAD Emails in 3 Seconds!
ChatFortress Email Guardian is the Ultimate Anti-phishing Program as it Detects and Mitgates Email Phishing Attacks in 3 seconds using A.i Real-Time Inbox Scanning for Phishing Prevention!
We support Small Business and have released the Small Business Cybersecurity Scholarship Program.
Providing Small Business with enterprise cybersecurity protection without the enterprise price tag! You can save over $699/month if you qualify for one of our Small Business Scholarships.
