As our current climate continues to change day by day, I thought it would be beneficial to share some best practices for security awareness. While this is certainly not all encompassing, many of these practices can be applied not only to your organizations, but also in your personal life as well.
Working from Home
Due to the COVID-19 pandemic, many of us are now working from home. Unfortunately, cyber criminals will continue to target individuals and organizations with phishing campaigns in the hopes of exploiting vulnerable systems and services. While working from home, everyone must remain vigilant and keep an eye out for suspicious activity. Here are some of the most effective ways to protect yourself while working at home:
- Secure your wireless network router at home, and make sure to change the default admin password. Also enable WPA2 encryption and use a strong WiFi password for the wireless network that you created.
- Be aware of all the devices you have connected to your network, including baby monitors, gaming consoles, Alexa, Google Home, TVs, appliances or even your car. Ensure that each device is protected by a strong password and that the operating system is kept up to date. You should enable automatic updating whenever possible, so that you don’t forget. This includes your cell phone and computer as well.
- Make sure every account has a separate, unique password. If you can’t remember all your passwords, consider using a password manager to securely store all of them for you. Some of our (free) favorites include LastPass, Dashlane and Keeper.
- Keep your account secure by using multi-factor authentication or two-factor authentication. Whenever this feature is offered, you should absolutely use it. When you login, both your password and a code sent to your mobile device are needed. For example, you might use it for banking, Gmail, Dropbox and various social media sites.
- Make sure antivirus software is installed on your personal computer. Chances are your work computer already has this software from the corporate level. Some free options for personal computers (Windows, Mac and even smartphones) include Sophos Home, Bitdefender and Avast.
- Use your common sense! If an email, phone call or online message seems odd, suspicious or too good to be true, then it probably is.
Using Social Media
While most people use social media for personal reasons rather than for business, almost everyone has a LinkedIn account which is considered social media but designed for work purposes. Regardless of the social media platform you use, here are some friendly reminders to ensure stronger security awareness:
- Use social media wisely. Once it’s out there, it will never permanently come down, even if you think that it has!
- Apply the strongest privacy settings possible to ensure your privacy and protection.
- Enable multi-factor authentication. If someone is trying to hack your account, you will know immediately and can remedy the situation quickly.
- Don’t share personal information on business accounts. And don’t share business information on personal accounts.
If you are working from home, and believe you have been hacked, how can you tell? This can be more challenging if you’re accustomed to being in the office and reporting an issue to your IT/Security team in person. Here are some signs that you’ve been hacked:
- Your antivirus program triggers an alert. That’s why you should always install an antivirus program.
- Your password no longer works, but you know it is correct.
- You get a pop-up message stating that your computer is infected, and you must pay a ransom or call a phone number to fix the problem.
- You believe that you have accidentally installed suspicious or unauthorized software.
- Your friends and coworkers are receiving odd messages from you, that you never sent.
- Your browser takes you to a random website that you can’t close.
Maybe more important, what can you do if you believe that you have been hacked? If your equipment in question is from your organization, always consult the appropriate department or person. At MRO, our employees are directed to contact the IT department. Don’t try to fix the problem. Stop what you are doing and report the problem right away. If it’s your personal equipment that has possibly been hacked, contact a local business for assistance. However, if an account such as LinkedIn has been hacked, then contact LinkedIn support for assistance. Getting help from a knowledgeable professional is always the best course of action when you are hacked.
Whether you are working from home or using a personal device for leisure, being proactive and vigilant can help both your organization and you practice better security awareness and protect your important online accounts.