This blog was written by Nik Vargas, founder of Cybersecurity firm Nimble Defense.
Nimble Defense was built to help small businesses tackle cybersecurity - even during a pandemic.
We understand that many people are working from home during this COVID-19 crisis. So, what are the most efficient ways to tackle cybersecurity at home?
These are our top recommendations:
* A reminder: Your IT Team at work should be responsible for protecting your work computer and the instructions below are not to be applied to any corporate assets.
- Check with your manager and IT Team to fully understand any policies regarding accessing corporate systems from home.
- During this time threat actors are sending phishing emails claiming to be from the World Health Organization or the Centers for Disease Control or generally claiming to contain COVID-19 information, but these emails contain malicious links and/or payloads. Don’t open these emails, don’t click on links they contain, and don’t open files they have attached. Instead, visit the known websites by typing the correct addresses into your web browser.
- Make sure all the computers on the home network are patched. Hackers love to take advantage of unpatched machines and use them as launchpads for ongoing reconnaissance or attacks. Here is how to run Windows Updates on Windows 10—if you aren’t on Windows 10, you should be because Windows 7 is no longer supported by Microsoft. Here is how to keep your Mac up to date.
- Windows users can also update common third party software like Firefox, Chrome, Java and Adobe on home PCs using this free utility from Patch My PC.
- Install anti-virus software on all computers in the home. The anti-virus that originally shipped with your home computer is probably expired or out-of-date. Uninstall it and upgrade to next-generation anti-virus with this solution from Cylance that leverages artificial intelligence and behavioral analysis to protect you from modern threats like ransomware. It is compatible with Windows and Mac (yes, Macs should have anti-virus protection too.)
- Smart TVs, Amazon Echo, Google Home, web cameras and even smart lightbulbs all can put your home network at risk. Periodically scan your network for devices that may have vulnerabilities using this free Home Scanner utility from BitDefender. If it finds vulnerabilities, you may have to visit the manufacturer’s website or contact support to apply the recommended fix.
- Use MFA (Multi-Factor Authentication) everywhere possible. Use it to protect your personal Gmail, Facebook, and bank accounts. Always enable it when setting up IoT (Internet of Things) device accounts like Ring doorbell cameras, Nest thermostats, etc. If given the choice to use an MFA application or text messages containing One Time Passwords (OTP) codes, opt for using an MFA app like Duo, Authy or Google Authenticator because text messages can be intercepted.
- Your wireless network name should not be easily identifiable. Avoid using your last name, address, or any other associated personal information. Pick a random name like “bird” or “cake.” Ideally, house guests should connect to a separate guest network. Devices like Google Nest Wifi or eero provide ways to offer guests separate wireless access.
- Ensure your wireless router is using WPA2 security encryption and set the key (the password you must enter when connecting a device to the wireless network for the first time) to be at least 20 characters long (maximum is 63). This will help prevent a hacker from easily cracking the key and getting on your network. Change the password every year.
- Invest in a password manager like LastPass to create and store all your sensitive login information. Every site and service you use on the Internet should have a unique and complex passphrase. Unique means don’t just increment the numbers at the end of a password (summer19 vs summer20 doesn’t count as unique). Complex means you should use a passphrase ideally 20+ characters long or a mix of letters, numbers and symbols if you must use fewer characters.
With a little effort, you can get into the rhythm of keeping your home network safe and secure from cyber threats, leaving you confident that you aren’t putting corporate assets at risk when working from home.