We can all agree 2020 has not been the year we had hoped for last December. Far from it!
From the way we live our daily lives, to the way we shop for groceries or do our jobs, everything has been disrupted. As more and more businesses move their employees towards remote work, online security is becoming an ever-growing concern.
What started out of necessity is turning into a new business model. And this has been the trend for years now.
According to an analysis performed by FlexJobs and Global Workplace Analytics (GWA), a research and consulting firm based in San Diego, California, between 2005 and 2017, there has been a 159% growth in remote work.
This trend has accelerated even more as a result of Covid-19.
According to a recent survey by the Global Workplace Analytics (GWA) and Iometrics, a workplace services firm based in Irvine, California, work from home during Covid-19 has increased from 31% to 88%.
Here at SoftSys Hosting many of our employees work remotely as well. I myself have been working remotely for 10+ years now. While more and more businesses are making the shift towards remote work, we are also seeing concerning increases in online security threats.
With this in mind, we have compiled a list of seven tips you should follow to keep your data secure while working remotely.
7 TIPS TO IMPROVE THE SECURITY OF YOUR DATA WHILE WORKING REMOTELY
- Tip #1: Have a Cybersecurity Policy in Place
- Tip #2: Secure Your Website With an SSL Certificate
- Tip #3: Use Strong Passwords
- Tip #4: Avoid Connecting To Public Wi-Fi
- Tip #5: Keep Your Computer Secure
- Tip #6: Beware of Social Engineering Attacks
- Tip #7: Always Have a Backup Plan
ONLINE SECURITY TIP #1: HAVE A CYBERSECURITY POLICY IN PLACE
If you are a business owner, you need to have a data security policy for your organization. Your cybersecurity policy should provide you and your employees’ guidelines on how to keep your data and your customers’ data secure. It should also provide recommendations on how to manage cybersecurity risks.
A good place to start is the National’s Institute of Standards and Technology (NIST) Cybersecurity Framework which includes best practices to help businesses manage cybersecurity risks. The framework has been used by 30% of US organizations, according to Gartner, and the usage was projected to increase to 50% by 2020.
The Cybersecurity Framework consists of five high-level functions that are applicable to risk management in general, including cybersecurity risks. The five core functions depicted are: Identify, Protect, Detect, Respond, and Recover.
Start by assessing your organization’s ability to maintain data security. What data is being collected in your company, how are your data stored by your employees (on local devices, on internal company systems, in the cloud, etc.)?
Ensure that your employees are following workplace security policies. There are some self-evident rules that should be followed in any company (don’t use your work computer to access sites unrelated to your work) but you need to state them in a documented cybersecurity policy.
Once you have documented the policy, share it across your entire organization, and make sure your employees understand and comply with the rules.
ONLINE SECURITY TIP #2: SECURE YOUR WEBSITE WITH AN SSL CERTIFICATE
A Secure Socket Layer certificate (SSL certificate) does exactly that! It will encrypt, or conceal if you will, your data from hackers and bad actors. It’s basically a small data file that will digitally bind an encrypted key to a company’s details.
In addition to encrypting data between your browser and the end server, the SSL certificate will also authenticate the server. In other words, it makes sure that your information is shared with the correct server hosting the website and not with a hacker who tries to steal your information.
While there are some free SSL certificates, such as Let’s Encrypt, we generally recommend a commercial SSL for any website that collects sensitive information. There are several reasons for that, but one good reason is free SSL certificates such as Let’s Encrypt offers no warranty if something goes wrong. All commercial brands will include a warranty. The vetting performed for a commercial SSL is also much more stringent.
At SoftSys Hosting we offer several trusted SSL certificate brands including Comodo, GeoTrust, Symantec and more.
Bottom line, if you collect sensitive information on your website, make sure to protect your customers’ data by using a trusted SSL certificate. By the same token, pay attention what website you and your employees are accessing. These days most browsers will show a warning if a website is not HTTPS secure.
ONLINE SECURITY TIP #3: USE STRONG PASSWORDS
Most of us dread setting up a password. We have so many of them and often times, out of convenience, we tend to either use a common word for a password (like our pet’s name) or use the same password for multiple systems.
According to a study performed by Digital Guardian on password security habits, 10.8% of the responders reuse the same password across all their accounts.
However, I’ve heard of numerous cases where online systems were hacked due to weak passwords. According to a 2020 research by PreciseSecurity.com, 30% of ransomware infections in 2019 were caused by weak passwords.
I myself have been the victim of this when a hacker got into my Netflix account and changed my password. I guess the need to binge-watch Netflix can drive people to do strange things?? Luckily, I was able to fix that issue within minutes and none of my data was stolen.
I got lucky that time. Lesson learned!
“A passphrase is a memorized secret consisting of a sequence of words or other text that a claimant uses to authenticate their identity. A passphrase is similar to a password in usage but is generally longer for added security.” NIST Special Publication 800-63 Revision 3, Digital Identity Guidelines
As a business you need to ensure your employees use passphrases or long passwords with at least 8 characters in length, when accessing your systems. And if you have a lot of passwords, like I do, you might want to use a password manager. Some examples of password managers are 1Password, KeePass and BitWarden.
ONLINE SECURITY TIP #4: AVOID CONNECTING TO PUBLIC WI-FI
You can work remotely from anywhere if you have a quiet place and a good internet connection. Access to public Wi-Fi has been an enormous aid to remote employees these days. You can find free public Wi-Fi in coffee shops, restaurants, hotels, sometimes even in outdoor public spaces. But the truth is they’re not always secure. Sometimes though you might have to travel for work, and you might not have any other options but to use a public Wi-Fi.
In those cases, try to avoid Wi-Fi networks that don’t require a Wi-Fi Protected Access (WPA) or WPA2 password. Between the two WPA2 is more secure. You should also ensure that you have logged out from your systems when you finish working.
If you regularly use public Wi-Fi you can have a secure connection, even when using public Wi-Fi, by using a VPN service. A VPN can be configured in multiple ways. One popular way to configure a secure VPN service is as a Remote Client VPN (also known as Remote Access VPN).
This type of VPN configuration will encrypt traffic between your local device and the system/business software that you are accessing. Note that a Remote Client VPN won’t encrypt everything that you access through your computer. Only those specific systems for which the VPN has been configured will be secured.
The VPN will create a secure tunnel all the way, regardless of what Wi-Fi connection you are using.
There are multiple popular VPN solutions like VyOS, Vyatta, OPNSense, and more. Be aware though that some VPN providers might be the target of cyberattacks themselves. That is the case with unpatched Pulse Secure VPN servers who have been the target of malicious attacks.
ONLINE SECURITY TIP #5: KEEP YOUR COMPUTER SECURE
In today’s technological world we use our computers, laptops, smart phones every single day. In fact, what are you doing right now?
Most of us store work-related information on our local devices: client proposals, website descriptions, accounting information, login credentials, you name it! Hackers, scammers and other bad actors are becoming more and more clever these days. It’s almost as if their only purpose in life is to find new ways to steal your data.
From malware and ransomware to spyware, hackers will try anything to get their hands on your credit/debit cards, PayPal accounts, and other sensitive information.
According to a survey by Positive Technologies in the last quarter of 2019 credit/debit card information made up 32% of all information stolen. In other words, one-third of the information stolen by hackers was payment card information!
What can you do to prevent hackers from gaining access to your sensitive data? Start with an antivirus. Some popular antivirus solutions are Malwarebytes, Avast, and Bitdefender. You should set up regular automatic full system scans using a reliable antivirus solution.
But an antivirus is not enough! It will not protect your computer against malware and other types of malware attacks. You need a solution that’s specifically designed for that.
At SoftSys Hosting we have partnered with Acronis to bring you Acronis Cyber Protect, a security solution that integrates backups, disaster recovery, a next-generation anti-malware and cybersecurity into one single affordable and easy-to-use solution. The Acronis Cyber Protect solution can be enabled on any local computer, mobile device (Android/iOS), Virtual Machine, cPanel/Plesk Web Hosting Servers and more.
Lastly, when thinking about the security of your local computers you should make sure all your software is up to date. Software vendors often time include critical security patches when releasing a new software version. If you use software that’s no longer supported or End of Life (EOL) as it is often called, you are only increasing the risk of getting hacked.
ONLINE SECURITY TIP #6: BEWARE OF SOCIAL ENGINEERING ATTACKS
A social engineering attack is a type of email that aims to manipulate users into giving up sensitive information like passwords or bank account information. It typically aims to create a sense of urgency, fear, or manipulate emotions, and prompts the user to take some sort of action. This action could be clicking on a link or downloading a file on your computer.
Two common types of social engineering attacks are:
1. Phishing – where the attacker pretends to be a legitimate business, like your bank or a popular retailer.
The term “phishing” was first used on January 2, 1996, and it’s an analogy to the popular sport of “fishing” because the attackers try to “lure” users into disclosing sensitive information. Since Covid-19 phishing emails have been on the rise as well.
In April 2020 Google disclosed that they’ve blocked over 18 million phishing emails and malware per day!
2. Email spoofing – is similar to phishing, except the attacker will “spoof” the email header. The email could appear to be from your bank, except the email domain will not be the bank’s email domain. In other words, the sender’s email will not match the sender’s name.
The Ohio Graydon-Toole Group has a great comparison between the two.
As a rule of thumb, your bank will never ask you to provide sensitive information via email. Most of these bad actors also have a lot of grammar errors, so pay attention! Most importantly you can configure an anti-phishing solution. If you use a commercial email service such as Microsoft 365 (formerly known as Office 365) there are multiple solutions available including Microsoft Office Advanced Threat Protection (ATP).
ONLINE SECURITY TIP #7: ALWAYS HAVE A BACKUP PLAN
You should always have at least one backup of your critical data! I cannot reiterate enough how important this is.
Most of us live hectic lives. There are so many things on our daily to-do lists, we often time forget (or ignore) the really important ones. Having an automated backup solution is not something that should be taken lightly!
But I never had a backup before and nothing happened! Why should I get one now!?
I’ve read about and seen countless cases of people losing their data and they would give ANYTHING to get it back. There are some fortunate cases, where they might find an old backup amongst their files, but I’ve also seen situations where everything has been lost.
If you get so unlucky to fall victim to a ransomware attack you might lose years’ worth of work if you don’t have a backup.
At SoftSys Hosting we offer Acronis Cyber Backup both as a standalone solution or bundled with our managed service package. Acronis Cyber Backup is a trusted backup and recovery solution that allows you to configure automated backups with an hourly/daily/weekly/monthly retention. And because backups are incremental you can take more backups without running the usage/costs high.
If you are interested in a managed backup solution, contact [email protected].