How to reduce risk
Since so many workers are new to working from home, there’s a great chance that many are unclear on how they may be putting themselves at security risk. Let's take a look at a few areas where remote employees may encounter risks.
Removable media
Be sure to share with your employees the importance of being careful with removable media. Removable media is considered any device or portable storage medium that allows a user to download and/or copy data to it and transport it elsewhere. This includes USB drives, smartphones, SD cards, music players, and more.
While removable media is inexpensive and convenient for storage, it can be dangerous. Malware can be planted on removable media, which can easily be replicated and distributed to other unprotected devices that use the removable media. This can pose serious risks to your organization’s cyber security. If your employees choose to use removable media, make sure their device is protected, that they do not share it or plug it into unknown ports, and they understand how to properly and securely transfer data.
USB key drop
Delving further into USB devices, there is another risk your employees may not be aware of: USB key drop attacks. A USB key drop attack is when a cyber criminal purposefully leaves behind a USB device for someone to find. The idea is that whoever finds the device will plug it into their computer, giving way to an attack. These criminals may do so through malicious code, social engineering, or human interface device spoofing. To prevent this from happening, warn employees about the dangers of plugging in unknown or “lost” USB devices. This includes USB devices such as fans, headsets battery chargers, etc. While they may have good intentions in trying to return the device to its rightful owner, that’s not always the case. Curiosity often gets the best of people and that’s exactly what cyber criminals prey on. The risks are just too high.
Dumpster diving
Though it may seem silly, dumpster diving is a real threat to the security of your organization. Sometimes employees may have a careless moment and trash something containing important information, whether through disposing of a hard drive, items in your Recycle folder, or literally documents in the garbage can. If a cyber criminal gets a hold of this information, they could use it against your organization.
Talk to your employees about the dangers of dumpster diving and run through the list of information cyber criminals typically seek. This can include marketing information, employee addresses, and other contact information, account logins, medical records, and more.
Confidential material
Speaking of private information, teach your employees about keeping everything confidential. It can be easy to slip while working remotely, but everyone in the organization should be doing everything in their power to conceal their private information and ensure it is only accessible to those who are authorized to do so. If someone who is not authorized to view this information gains access, it’s considered a data breach or breach of confidentiality.
Work with your employees to ensure the appropriate passwords and two-factor authentications are in place so no one accidentally falls victim. And make sure they do not post pictures on social media with their work screens in view. Again, it may seem like a no-brainer, but it happens more than you’d think.
Free WiFi
We get it, working at home can get pretty cramped. Maybe you skip down to the coffee shop to get some work done, or a local hotel is your oasis. But free access to public WiFi is a breeding ground for cyber criminals since organizations scarcely take the proper security measures to keep malware out.
With free WiFi, criminals can spy on and even intercept data that is transferred on the network. Through this method, cyber criminals can gain access to confidential information to both the user and their organization. While it is quick and convenient to use free WiFi, encourage employees to use personal or work hotspots to get work done whenever they are working in a public setting.
Home WiFi
You may think your home WiFi is safe and secure but think again. Have you ever noticed your neighbor’s WiFi networks pop up when you’re connecting? Your WiFi reaches further than just the confines of your home. When people outside of your home can pick up a signal from your router, that means they can likely also capture data and crack your passwords. This could easily lead to a cyber criminal installing malware on your network.
Employees should implement firewalls and strong passwords and be sure not to use the default router names and logins given at installation. Wireless protected access 2 (WPA2) is particularly helpful in this situation. By locking down your WiFi to just your home, you’ll be able to stay safe and secure.