Cybersecurity in times of COVID19: tips for secure teleworking

During the covid-19 quarantine, this figure rose to 34% of workers. Most companies did not have protocols in place, nor adequate technology to enable their workers to perform their tasks at home effectively and safely, and cybercriminals were able to take advantage of such improvisation. Routers unupdated, insecure wifi networks, unprotected computers, etc. Security breaches outside the office are as endless as the dangers to which we are exposed. Suffering a cyber-attack is something frequent and very serious. On average, a cyber-attack on a Spanish SME has an economic cost of €35,000. Loss of customers, loss of reputation, and substantial damage to equipment and systems are some of the other consequences. Many companies, around 60%, are unable to recover and after 6 months are forced to close.

What can we do to prevent it, what are the basic guidelines for safe teleworking?

A cyberattack can happen to anyone when we least expect it. But in a company, employees are the key piece of the cybersecurity puzzle. After all, we are the ones who store, process and transmit important information. And to know how to avoid risky actions that jeopardize security, training is essential. Each company is different and has different security requirements.. But whenever we are working outside the home, there are some basic recommendations that we must follow to minimize the risks to which we are exposed.

The configuration of our networks and connections at home

This is one of the most important steps. Some basic recommendations in this regard are:

  • Frequently update the firmware from router
  • Using a secure password for our wifi
  • Never ever work on open networks in cafeterias, hotels or airports.
  • Make sure that your home network is configured as "public".

Encryption of communications

Whenever we need to connect remotely to our computer or to specific company software, we must ensure that the communication established is secure. This is usually done through a VPN or virtual private network. Your IT department should train you on how to do this correctly. The same applies to video calls or any other type of communication between employees or with customers. Free video calling programs have been shown to have very serious security holes.It is better if you avoid using them as much as possible. There are numerous applications on the market that for very reasonable prices allow you to make quality online meetings and video calls in total security.

Exclusive use of authorized tools

This point is very simple. Do not use for work any tool that the company has not previously authorized us. We must also avoid "free" versions of these tools. They can be very expensive.

Safety in working devices

A whole book could be written on this point alone, but that is not the purpose of this post, far from it. Suffice it to mention that our work equipment must be protected by a secure password. If several people in the household use the same computer (which is not at all advisable if we are using it for work) each one should have their own user and password. Our equipment must always be up to date. With these updates, operating systems include "patches" to fix emerging security holes. Tips for surfing the Internet safely:

  • Avoid websites and web pages that are not https
  • We should not click on "strange" links that take us to unknown domains.
  • Never download software, movies and music from sites that are not strictly legal and reliable.
  • Never share with acquaintances or strangers our personal data, credentials or passwords.

In case we use personal mobile devices for work, it is necessary that the company drafts a corporate security policy to regulate its use. An action protocol should also be established in the event of loss or theft.

File download and backup protocols

We must avoid downloading important files on the hard disk of our computers. If possible, always do it in a cloud storage. If we have no other choice for whatever reason, we must make a weekly backup of this information. In case of kidnapping of our computer or ramsomwareIf you do not have a backup copy, our backups will be the only way to recover this information.

Secure passwords

Passwords longer than 8 characters. Avoid words that can be found in a dictionary or are easily recognizable. Use capital letters, lowercase letters, numbers and some symbols. These are the basic guidelines for creating a secure password. But still, it is not enough. Our most important passwords should be changed at least every 3 months.. And they should never be shared with other co-workers. If there is no other choice, they should be changed as soon as possible.

We must be realistic, nowadays we handle hundreds of websites, apps and computers that ask us for passwords. Bearing in mind that it is not advisable to repeat them, it is practically unfeasible to remember them all. In these cases, it is essential to have the help of a password managerwhere we will store all our passwords in a single app shielded by a master password that will be the only one we will have to remember. Remember also that it is not advisable to save important passwords in the browserespecially if it is a computer that can be accessed by more than one person.

Safe use of e-mail

A good number of viruses and other types of threats come through email. Emails that seem to be from our bank, from the post office, from our insurance company... we read it quickly, we don't think it through, we click... and it's already messed up. This type of attack is called phishing and is one of the most important headaches for banks and large companies. Fraudsters use e-mail messages to trick the user into giving them personal information. They may try to steal passwords, account numbers or Social Security numbers. If they get that information, they may be able to access your email, bank or other accounts.

How can we know if it is a legitimate email or a scam? Normally spam filters usually send this type of email to the junk folder, but hackers are becoming more sophisticated and try to bypass this barrier. The most important thing is to look, but not to click... if it is a scam, the title of the message may contain some "weird" character or may not be well written. We can mouse over the message without clicking and see if the link looks weird. We can also preview the content of the message: is it addressed to us personally or does it contain a "generic" greeting? If in doubt, always be suspicious and remember that the legitimate banks and most other companies never ask for personal credentials via email.. Do not send them. Additional tips related to the use of e-mail:

  • Never respond to spam (you would be validating the mailing address)
  • In the case of important communications with confidential information, you should seriously consider encrypt its contents
  • Never expose your own or other people's email addresses on the web or RRSS.

These are just some basic guidelines but let's not forget that the protocol to be followed in each case must be established by the company. Likewise, it should be in charge of providing such training to its employees and ensuring compliance. Have you experienced teleworking during the pandemic? Have you ever suffered a cyber-attack? Let us know your experience, we read you! ]]>

Share

Want to know more?
Subscribe to our Newsletter!

google partner 2024 geo.png
partner meta.png
connectif gray.png
criteol.png
logo ice jcyl.png
logo europa impulsa.png
cyl.png

© 2024 Geotelecom - All Rights Reserved

en_USEN