Whether you’re a digital nomad, a full-time or occasional remote worker, or you manage remote working teams, if you are working from home (WFH) then cybersecurity should be at the forefront of your business priorities.
Since the seismic shift towards more remote work owing to the COVID-19 pandemic, cybersecurity is now even more important for the majority of people WFH and for companies. In part that is because there’s been a rise in cybercrime in response to the massive uptake in remote work.
Companies that don’t have robust security, or training in how to prevent cybercrime, are more likely to be targeted by cybercriminals. This can result in theft or exploitation of data, sensitive information, or money. It can also wreak havoc with company systems and can even bring company business operations to a grinding halt.
Below we look at several tips to help anyone working from home to maximise cybersecurity. There’s a lot that can be done on an IT infrastructure level to prevent cyber attacks, but there’s also a lot that can be done through proper planning, processes and policies, staff training and awareness. That includes not only core staff but also extends to external service providers.
These tips are also aimed at helping businesses and IT departments who are looking for best practices to create a secure, digitally-connected workforce.
Top cybersecurity tips for remote workers
1. Keep your personal and work devices separate
It’s a good idea from a cybersecurity perspective to make sure that you have separate work and personal devices and that you are strict about not using your work device for anything personal.
That should apply to laptops, mobile phones and other kinds of devices. This can help ensure that sensitive and personal data is not compromised.
2. Secure your router
Many people are at risk of cybercrime because they don’t change the default passwords on their routers. So creating a new and unique router password is an easy step you can take to secure your home office from cybercrime. It’s also important to keep firmware updated and to make sure the administrator credentials are also up to date.
3. Secure your home office space
You should be aware that if work devices are stolen from your home office, then that could compromise your company’s security and data. That’s why it’s important to take measures to secure your home office.
This can be done by getting a safe where you store all company devices, by having an alarm system, and by making sure you don’t leave company devices in cars or unattended places. Your office should also be kept locked, especially if you share a house with others or if you have children that might physically damage a device accidentally.
4. Use a Virtual Private Network (VPN)
Using a virtual private network (VPN) service is critical for remote workers as it protects your device from many cyber risks. These include Man in the Middle (MITM) attacks and session hijacking. That’s because VPNs make it challenging for hackers to figure out your location, your internet provider, to monitor what you do online, or to intercept your activities online.
VPNs work by extending a private network across a public network by creating a secure and encrypted connection. Companies can set up VPNs for their remote staff which provides a shared internet connection that is secure.
5. Cover your webcam
Most of us use webcams regularly for remote work, as video conferencing has become such an important aspect of business communication. But hackers can often quite easily get remote access to your webcam and can then spy on you via your own webcam. Therefore it’s important to use a webcam cover when it’s not in use.
6. Encrypt your devices
Employers can help to enhance security for remote staff by turning on encryption on all company devices and requiring that all remote staff use encryption. Encryption requires passwords, pins or biometrics to ensure restricted access to data. In other words, the data is encoded so that only those who are authorised can access it.
If you’re a digital nomad or company with your own website, then you can secure the website using an SSL certificate which is a type of encryption technology, which also helps to secure data.
7. Ensure your software is updated
Any software applications that you use on your devices should be updated regularly, as they can otherwise be used as entry points by cybercriminals. Most new devices will advise you about software updates and apply any security patches automatically.
You might like to consider a Software as a Service (SaaS) application which is then managed by the software provider and kept updated by then.
8. Keep your Operating System updated
Make sure that you keep your operating system (OS) fully up-to-date. Usually these are applied automatically, but your device may need to be restarted for the updates to be fully installed. Often these OS updates include important security patches so it’s imperative that you restart your devices regularly so you don’t delay their installation.
9. Wipe devices before recycling
It’s important that you take steps to prevent anyone from accessing data on your device when you are either selling it, recycling it, or lending it to anyone. You can do that by returning to its factory settings – once you have first made a backup of any data you don’t want to permanently lose.
10. Don’t fall for scams
Hackers and cybercriminals often try to lure people into providing information or data that will enable them to take control of your device or data. Some of these scams are quite sophisticated and new ones are evolving all the time.
That’s why it’s important to be wary of scams, and knowledgeable about some of the most common types of scams so that you can avoid them.
Companies that offer digital cybersecurity training to their staff can help avoid many types of common scams.
11. Use Two Factor Authentication or Multi-Factor Authentication
By using Two Factor Authentication (2FA) or Multi-Factor Authentication (MFA), you can protect your device and your network from phishing scams and malicious malware infections.
This works by requiring two or more pieces of information, so that even if a hacker gets hold of your password, they won’t have the other bit of information (like a one time code) to complete their attack.
Best practice is to use an authenticator app for the second factor rather than SMS notifications (which are more open to being intercepted).
12. Use a centralized storage facility
From a security perspective, it’s better to create a centralized storage facility for remote workers rather than having them store data on their computers. That’s because locally stored data that is unsecured can be more easily compromised.
By setting up a firewall for the central storage facility, you can then create extra security for your stored data. It’s also important that you arrange for regular backups to be made in case of any security breach.
13. Use antivirus and internet security software
Using reputable antivirus and internet security software can help protect your device from attacks from malware like viruses and spyware.
This is achieved by the software identifying the virus and then removing it from your computer, thus preventing it from harming your device. Make sure that you regularly update your antivirus software and that you run regular or automatic checks for any sources of infection.
14. Protect your online banking
If you are responsible for doing online banking for your company, then it’s important to take measures to restrict access to login passwords and to ensure protocols on how to store these passwords.
It’s also important that you set up notifications via your bank, so you know when there’s activity on your account, or on any cards linked to your account.
15. Provide cyber security awareness training to employees
If you manage a team of digital nomads or remote workers, then it may be very worthwhile to provide cybersecurity awareness training. This can help capacitate your staff so they know what to look out for in terms of phishing scams, how to avoid email scams, what types of applications to avoid installing and other pro tips to avoid security breaches.
16. Enable automatic locking
It’s a good idea to set up a lock screen on your device that locks when you are away from your device. This is particularly important if you are in public spaces, for example if you are in a coworking hub. By setting up your device to lock automatically, you will be given the peace of mind that your device will be protected even if you forget to lock your screen.
17. Create a screen password
An easy step to protecting access to your device is to create a screen lock password. To be effective your password shouldn’t be too easy or commonly used like 12345. Rather choose something memorable but not personal, and not a password that you have used for other applications.
18. Enable find my device and remote wipe
If you lose your device, or if it gets stolen, then the only hope you may have of retrieving the important and sensitive data on your device is to install a “find my device” type of application on your device.
Many applications also allow you to remotely wipe all information on a device, which could come in handy if you know your device has been stolen and you want to make sure no one can access the information on it.
Final thoughts on cybersecurity for digital nomads and remote employees
If you work from home and haven’t already investigated how to secure and protect your devices against cybercrimes, then now is definitely the time to do so. Cyberattacks can cause far reaching disruptions and destruction of company data, can breach privacy and can result in significant economic loss or financial theft.
Luckily, there are many simple solutions that can be employed to guard against cybercrimes as outlined above.