Work From Home Security Tips
Now that the world has shifted to working from home there are new questions and concerns for employers, employees, and clients. CMIT Solutions is here to answer those for you in order to make working from home both efficient and safe.
Did you ever suspect there would be a hacker in your system?
This past week we addressed a client whose work email was hacked on his home computer. We also helped another client who was a victim of ransomware that resulted in the loss of company files. We even received a call from another client whose home computer was hacked, 1,000 + of his contacts were deleted, and all of his recycle bins were emptied. Do not let yourself be the next victim of hacking because of a lack of education about working safely from home.
Below are some responses to common questions about work from home security.
Q: All of my files are in Microsoft 365 or a Cloud-hosted application. The cloud is supposed to give the ability to work from anywhere, can’t I just work from my home computer?
Q: I know about computers, I have anti-virus software installed, isn’t that enough?
Q: What are the specific risks posed by working from a home computer?
Q: This won’t happen to me; the probability is so small.
Q: What can I do to secure my home computer?
Risks posed by at-home computers
- Home computer accounts run with administrative privileges allowing malware to be installed
- Malware can infect files that are then uploaded to your file server, Microsoft 365, or your cloud-hosted application
- Keylogger malware can record and transmit your password. MFA can be bypassed
- Workers tend to copy files locally that can then be vulnerable to malware that steals, corrupts, or infects
- Due to insufficient security on the home computer and the home network, a hacker can gain access to a computer that is interfacing with your companies systems; this includes systems that are cloud-based
- Home computers are often accessed by multiple people who visit various websites and execute many different pieces of software, any of which can infect your computer with malware – making it easy for a hacker to attack your business the next time you remotely access your office network.
- Home computers usually use weak passwords or no passwords at all, making it easy to gain access to your machine, which can then be used to access your office data if you remotely connect to your business’s network.
- Most consumer-ready antivirus products won’t stop sophisticated hackers targeting your organization – which is what most home computers are running.
- VPN connections without MFA can be hacked
- Most cloud-based applications don’t scan incoming files for malicious code
- Connecting to an unsecured Wi-Fi network, visiting malicious sites, and downloading hazardous software are practices that many endpoint users engage in – making a man-in-the-middle attack and other hacking methods for infecting your computer very easy.
- Even if your VPN is secure, the infected machine can grant the hacker access to your companies private network.
How to secure your home computer
- Install business-grade endpoint protection
- Make sure operating system and third-party software is updated regularly
- Install a DNS filtering tool
- Turn on Windows Firewall
- Fresh install of the operating system
- Update BIOS and drivers
- Uninstall all unnecessary software (each installed software is a security risk if it is not patched)
- Change the local account you are using to “standard” so that the account doesn’t have administrator privileges
How to secure your home network
- Update the firmware on all network equipment; modems, routers, network switches, wifi equipment, IoT (internet of things) devices, printers
- Set up secure wifi
- Buy and configure a business-grade firewall or at least a router
- Have a separate network for work
How CMIT can help
- If you are a client and have an unlimited Help Desk we can install our management and security licenses at no cost. Call 203-595-9091 option 2 to start the process. You now have the most important items 1-4 taken care of.
- Call and ask for an appointment for a home network review and we can assist you in putting together a plan to handle items 5-12.
The Ultimate Guide to Secure Remote Work
12 ways to Hack Multi-Factor Authentication
4 Remote Access Risks and How to Solve Them
Virus Detection in SharePoint Online
For Small Business Owners – CyberSecurity Training from KnowBe4 https://tinyurl.com/w9sk9vt