Staying Safe In AND Out of the Office: Safer Internet Day Edition

Central Pennsylvania Organizations Must Keep Data Security Top of Mind

We’re all embracing more remote work than usual these days, but that doesn’t mean data security and other technology priorities can be put on the backburner.

Unfortunately, cybercrime is on the rise and hackers are becoming more sophisticated with each passing day. Although working from home feels a lot different than working in the office, you need to use the same security precautions, regardless of where you are.

After all, 36% of organizations have dealt with a security incident due to an unsecured remote worker. Furthermore, according to Morphisec’s Work-from-Home Employee Cybersecurity Threat Index, 20% of workers said their IT team had not provided any tips as they shifted to working from home.

In honor of Safer Internet Day, we’ve put together some of the most important cybersecurity tips for those working in AND out of the office.

14 Tips To Stay Secure In AND Out Of The Office

1. Implement Multi-Factor Authentication: Multi-factor authentication is a great way to add an extra layer of protection to the existing system and account logins. By requiring a second piece of information like a randomly-generated numerical code sent by text message, you’re able to make sure that the person using the login credentials is actually who they say they are. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards.
2. Verify Payments Via Phone: As you can’t meet in person to verify major financial transactions, the least you can do is confirm over the phone with the contact. Never execute a financial transfer based on an email request alone — it could very well be a cybercriminal posing as a business contact or third party organization.
3. Use A VPN: When you use a virtual private network (VPN), your data is encrypted, or hidden, as it moves from your device to the VPN and then continues onto the Internet. That makes it harder for an attacker to identify you as the source of the data — no matter whether you’re on your mobile device’s data connection, or using an unsecured retail Wi-Fi network while you’re in line for coffee.
4. Stay Safe While Mobile: Don’t download apps that aren’t approved by your smartphone provider’s app store. Unauthorized apps are a common way for hackers to sneak malware onto your device. Always be skeptical of the permissions you grant and the data you provide when using mobile technology.
5. Keep An Eye On Your Hardware: It sounds simple, but it’s important. Don’t let your phone or laptop out of your sight. Stolen devices can directly compromise your data. In the event that you do forget something at a coffee shop, make sure you have remote wipe capability so that you can remove any sensitive data from the hardware.
6. Implement Stronger Security Settings: You know you shouldn’t trust default security settings, right? Just because a program is generally considered to follow standard security practices, that doesn’t mean that it’s as secure as it should be “out of the box”. Greater security often means less convenience — albeit, in small ways. Regardless, when it comes to modern products and services, the priority is usually to enhance the user experience, rather than configure the best security settings possible. After all, technology should be set up to better suit you, not the companies that develop it — don’t let default settings share too much of your data.
7. Stay Up To Date: Did you know that one of the most common ways that cybercriminals get into a network is through loopholes in popular software? Much of the software you rely on to get work done every day could have flaws — or “exploits” — that leave you vulnerable to security breaches.  To address this, developers regularly release software patches and updates to fix those flaws and protect users. This is why it’s imperative that you keep your applications and systems up to date.
8. Protect Your Physical Workspace: At the office, make sure to keep an eye out for those trying to enter secure areas, whether that’s by following you through a locked door, or waiting to get in as you exit. At home, ensure your workspace is set up so that your computer screen is not viewable through a window or from a shared space. Whenever you leave your computer unattended, make sure to lock it so it can be accessed while you’re away.
9. Email Security – Check The Right Fields: If you’re unsure about an email, check the details on the email itself – specifically the “mailed-by” and “signed-by”, both of which should match the domain of the sender’s address.
10. Email Security – Suspicious Links: Always be sure to hover your mouse over a link in an email before clicking it. That allows you to see where it actually leads. While it may look harmless, the actual URL may show otherwise, so always look, and rarely click.
11. Email Security – Spelling and Grammar: Modern cybersecurity awareness comes down to paying attention to the details. When reading a suspicious email, keep an eye out for any typos or glaring errors. Whereas legitimate messages from your bank or vendors would be properly edited, phishing emails are notorious for basic spelling and grammatical mistakes.
12. Email Security – Specificity: Another point to consider is how vague the email is. Whereas legitimate senders will likely have your information already (such as your first name) and will use it in the salutation, scammers will often employ vaguer terminology, such as “Valued Customer” — this allows them to use the same email for multiple targets in a mass attack.
13. Email Security – Urgent and Threatening: If the subject line makes it sound like an emergency — “Your account has been suspended”, or “You’re being hacked” — that’s another red flag. It’s in the scammer’s interest to make you panic and move quickly, which might lead to you overlooking other indicators that it’s a phishing email.
14. Email Security – Attachments: Phishers will often try to get you to open an attachment, so, if you see an attachment in combination with any of the above indicators, it’s only more proof that the email is likely part of a phishing attempt.

Never Take Your Cybersecurity For Granted

The bottom line is that, even though you need remote access to keep your business running right now, you shouldn’t sacrifice cybersecurity in the process.

If you’re having trouble navigating cybersecurity in the remote workspace or back at the office, then reach out to TREYSTA for expert assistance. We’re here to provide knowledge and guidance for businesses trying to maintain continuity and productivity during the coronavirus pandemic and beyond.