In 2020, there has been a mass exodus of people moving to remote workspaces to hide out from COVID-19. This means a very real shift of the cybersecurity perimeter to include the walls of employees' own homes! 😎
Below are the 7 deadly sins that people commit - in their own homes - which most often lead to remote compromise of their organizations.
1. Connecting to Un-trusted WiFi - If no VPN, then make sure to connect ONLY to trusted home WiFi or personal hotspots like MiFis or LTE when working with sensitive information. Avoid public WiFi - or your neighbor's WiFi - whenever possible.
2. Neglecting to use a VPN - The safer route is to check with your IT department about a VPN, or virtual private network. This is the most secure way to work with sensitive data remotely because it routes your internet traffic through your work network.
3. Leaving your Devices Unlocked when Not in Use - Lock your computer when getting up from your home workspace, by pressing Windows+L or Cmd+Ctrl+Q on a mac. This reduces the likelihood that a family member or child could accidentally destroy work material. It's not a bad idea, either, to securely store your devices when not in use.
4. Moving Work Data to Personal Devices - It may be tempting to send work emails with personal accounts, use your personal Cloud storage Drive or offload data to personal devices and USBs. But it will only put your organization and your co-workers more at risk of data breach or data leakage. It's just not worth the risk...
5. Ignoring COVID-themed Scams - According to reports, phishing scams surrounding "coronavirus" have increased over 600% in late March. It's OK to have a healthy sense of paranoia when dealing with unsolicited charity emails, remote meeting invites or urgent messages related to COVID-19 or similar themes.
6. Keeping Default Passwords on Devices (e.g. IoT) - With the increased use of devices at home, make sure to change the default passwords so cyber criminals can't hijack your camera feeds, mess with your smart security system or steal your data. Most devices come with default credentials like 'admin' 'password,' making it easy for strangers to guess.
7. Forgetting to Turn Camera Off during or after Remote Meetings - Not only is this a privacy risk, but you can also show work material on camera without knowing it. Consider using a webcam cover (or even a piece of duct tape!) to cover the camera when not actively using it.