Seven Ways to Practice Good Cyber Hygiene in the Remote World
While cybersecurity has always been an important consideration in today’s technology-enabled world, the transition many companies made to remote and hybrid work since 2020 has only heightened the importance of practicing good cybersecurity habits, especially given recent statistics on cyber attacks.
In a report released by the Federal Bureau of Investigation (FBI) in 2020, the Internet Crime Complaint Center (IC3) saw a 69% increase in the number of complaints compared to 2019, with business email compromise (BEC) schemes being the costliest.
Although these efforts are important year round, October gives us the opportunity to revisit best practices as part of Cyber Security Awareness Month. Kforce’s Vice President of Enterprise Security and CISO, Rex Tolman, shares easy steps you can take to protect your information and technology wherever you may be.
“Risks existed before, but we’re seeing even more now that we have the freedom to work wherever we want,” says Tolman. “Coffeeshops, cafes or parks. Working on a hotspot. Even going on a vacation to a cabin in the mountains or to a nice sandy beach and working from there brings additional risks.”
In fact, many data breaches occur when a person has no ill-intent or awareness of a risk—especially in a dispersed workforce, where work technology is often around roommates, friends or family members. Imagine a well-meaning child who saw their mother’s laptop open and wanted to play a video game. This seemingly harmless act could introduce malicious software by mistake to the mother’s laptop and maybe the company’s network. “Those are the types of things we try to educate and help people become more aware of,” says Tolman.
What is cyber hygiene?
Cyber hygiene refers to a series of tasks and practices a person can take to keep their technology healthy and safe. These precautionary steps help ensure a system’s health, aim to keep sensitive data secure from theft and guarantee a stronger incident response if an attack does occur.
How to protect your technology in a hybrid world
Here are seven ways to maintain a good cyber hygiene routine in our remote world:
1. Ensure you’re connecting to the right Wi-Fi network
Public Wi-Fi networks are one of the greatest risks of remote work, according to Tolman. That’s why it’s important to be cognizant of exactly which network you’re connecting to. It is not uncommon for hackers to set up Wi-Fi access points that look identical to the one you think you’re connecting to.
To avoid a “rogue access point,” look for typos or misspellings in the name. Ask the owner of the network for the exact network name and password. If there are two similar names, ask for clarification on which is the correct one.
2. Never use the “automatic connect” feature
If you’re connecting to a public network, like one at an airport or hotel, make sure your device’s “connect automatically” feature is not selected.
As mentioned above, hackers often use rogue access points to trick people into unknowingly giving others access to information on their devices. For example, if you’ve stayed at a certain hotel before, you may have connected to their internet previously. If you have the “connect automatically” feature enabled and revisit the hotel, this puts you at risk of automatically connecting to a bad network.
When this example was tested in a real-world experiment, more than 15 people automatically connected to the fake hotel network. If this wasn’t an experiment, a hacker could have done almost anything with the devices that were connected to the fake network.
3. Always connect to your company’s Virtual Private Network (VPN)
People might not want to take the extra step, but Tolman always recommends connecting to VPN when on a public network because the VPN secures all transmissions.
If a hacker somehow captures your data in the middle of transmission, the material will be encrypted, thanks to the VPN. The encryption prevents the hacker from viewing any information, including passwords.
4. Protect your phone and other devices
Your laptop isn’t the only device you need to worry about when working outside of the office. Many people check work emails and messages from their mobile devices as they hop between errands and appointments. Tolman urges users to practice good cyber hygiene on these devices by securing tablets and smartphones and ensuring the devices’ operating systems and applications are up-to-date to protect them from the same risks.
5. Beware of shoulder surfers
Believe it or not, some hackers will look over your shoulder if you’re on your phone, laptop or tablet—this is especially true in airports and on planes.
Be cautious about what material you’re working on in a public setting where others could peak at your screen. You never want to risk revealing personal information, protected data or confidential material. Instead, Tolman recommends saving those types of projects for home or the office.
6. Lock your phone when you’re not using it
We often set our phones down when we need to use both hands for something, like paying for groceries at the store or while playing at the park with our kids.
Always lock your phone—and other devices—just in case they fall into the wrong hands accidentally. With an unlocked phone, someone could access not only your bank account information, photos and family details, but confidential information from your company.
7. Beware of phishing attempts
“The biggest risk to individuals, as well as most companies, is email security and phishing attempts,” says Tolman. “It can happen so easily, which is why it’s important for people to be aware and prepared.”
Knowing how prolific and expensive phishing attempts are, Kforce applies reliable tactics that block more than 99% of malicious emails from ever reaching employees’ inboxes. “Many companies hope to get to 90%,” says Tolman. “We are fortunate to have been able to surpass that.”
Seemingly small investments in security, such as a yellow banner across the top indicating an email is from an outside sender or routinely promoting cybersecurity training across internal employee channels, make a big difference in thwarting hackers.
Toleman’s best advice for preventing phishing attempts? Apply a healthy level of skepticism to emails. And always contact your organization’s security team before clicking on suspicious emails.