#BeCyberSmart while working from home
October is National Cyber Security Awareness Month and this year, being cyber safe has never been more important. This year’s theme, “Do Your Part. #BeCyberSmart”, is empowering individuals and organizations to own their role in protecting their corner of cyberspace. If everyone implements stronger security practices, raises awareness, educates vulnerable audiences, or trains employees about security best practices, then our interconnected world would be safer and more resilient for everyone.
The COVID-19 pandemic has made 2020 a landmark year in so many ways. Among other challenges, organizations and individuals were forced to adapt to new ways to socialize, learn and work remotely, which required a new level of digital connectivity. With a record number of people working from home, a remoteworking revolution was introduced and accelerated by the COVID-19 pandemic faster than anyone anticipated. Remote working has brought numerous benefits and opportunities across the globe, but it has not been without challenges, as it inadvertently heightened cybersecurity risks. With comparatively less organisational security control, workers are now using home Wi-Fi networks and vulnerable work devices. Working from home has left enterprise security more vulnerable than ever.
Recent trends and global cybersecurity statistics indicate that there has been an upsurge in cyber-attacks, with hacker attacks occurring every 39 seconds on average. That is 2,244 times a day. This goes to show how serious cyber threats are and how protection against these threats in a remote working environment is imperative. We all have to know how we can secure our information and protect the cyberspace we operate in. Cyber security is everyone’s responsibility. To be cyber safe, we can all start with being cyber smart.
If You Connect It — Protect It
The moment you connect your device to the internet, you have to ensure that it is protected. The internet possesses hidden risks, so we have to do our part in ensuring that our devices are hardened and protected against online threats. First and foremost, only use your company-issued devices for all your work so that you can leverage the security controls built into the devices by your information technology (IT) and security teams.
Ensure that all your devices are running an up to date antivirus. This is a simple way to protect your connected devices as antivirus programs block online threats and automatically scan your device, alerting you of any potential threats or weaknesses. As an additional layer of protection, always have a backup of your critical business information.
Keeping your devices and applications up to date is also equally important. Most devices have the option for automatic software updates, which should be enabled if available. If automatic updates are not offered, then you have to check for software updates on a regular basis. The reason for this is that security patches designed to resolve discovered vulnerabilities are typically released through software updates. Meaning that if you ignore a security software update, you will be leaving your device vulnerable to cyber-attacks.
Use a Virtual Private Network (VPN)
While working from home, use a VPN to connect to your corporate network. A VPN creates a secure private network from your public internet connection which enables you to establish encrypted connections that can keep your data secure. This layer of network security is a reliable and safe enabler of remote working.
Secure your Wi-Fi Network
In your home Wi-Fi network setup, your Wi-Fi router represents the primary entry point for hackers to gain access to your network, and since it is literally the front door, it has to be secured. Most routers come preconfigured with a password. Ensure that you change the Wi-Fi router’s default password, because overlooking this simple step can be similar to just closing the front door without locking it. Ensure that your Wi-Fi router only uses the most secure password verification mechanism available, because weak versions can allow a nearby hacker to crack the Wi-Fi password within seconds. You can also configure your Wi-Fi router to only allow your devices to connect to the Wi-Fi, so that even if an unauthorised user knows your Wi-Fi password, they still won’t be able to connect to your Wi-Fi.
Use Strong Passwords
To avoid having your account hijacked by malicious actors, it is essential to set strong passwords on all your devices and accounts. When selecting a password, avoid using publicly-known personal information such as your name or birthday. Hackers can easily find this information online, making it easy to guess your password. A general rule of thumb is to make sure that your passwords are at least fifteen characters long including a mix of numbers, letters, and symbols. An easy way to accomplish this is to use passphrases that only make sense to you. In addition:
• Do not use variations of the same password.
• Do not use the same password on different accounts.
Use a Password Manager
We all know how difficult it can be to remember each and every password we set. With many different accounts across different platforms, most of us have dozens of passwords. Fortunately, there is a simple and secure solution to these password management challenges and it lies in the use of password managers. A password manager can securely store all your different account passwords and all you have to do is remember only one master password, that you can use to retrieve all the passwords you added to the manager. Password managers also include password generation features, which you can utilize to generate unique, secure passwords.
Use Multi-Factor Authentication (MFA)
Cybersecurity requires a layered approach to ensuring security, and one such additional layer you can add to protect your accounts is MFA. On top of entering an account password, MFA adds one or more additional security checks to verify your identity when logging in to your account. This should be enabled to keep your account from being compromised, even if your password falls into the wrong hands. Common forms of MFA that you can use include:
• SMS (text message) - A one-time-password code is sent to your phone via SMS, as an additional login verification step to protect your account. Third-party authenticator app - An authenticator
•
•
•
•
• application such as Google Authenticator, generates a one-time code, which you are required to enter to login.
Beware of Phishing or Suspicious Emails
Humans are the weakest link in the cybersecurity chain, and as such, most data breaches can be traced back to human mistakes and phishing attacks. Of late, there has been a surge in malicious online phishing attempts as cybercriminals leverage the heighted fear of the public during the coronavirus pandemic. Cybercriminals are delivering coronavirus-themed phishing messages via emails and text messages. These well-crafted messages are designed to trick users, and often create a sense of urgency and fear to get a victim to perform an action such clicking on a malicious link or revealing sensitive information.
Whenever you receive a suspicious message, slow down and double-check the sender field. If a request seems unreasonable or out of character, do not respond. Instead, contact the sender directly to verify it was them who sent the request or email. But always be wary of unusual sources and inspect suspicious links carefully. To avoid being re-directed to malicious sites by unknown links, just open a new browser tab and manually enter the link to the legitimate website.
Secure your virtual meetings
The use of virtual video conferencing applications such as Zoom has become the new norm for conducting meetings while working remotely. Here are some recommendations to help you conduct your virtual meetings safely and secure:
• Password protect your meetings
• Avoid posting your meeting invite and password on public platforms such as social media
Distribute the meeting link and password directly to the intended participants
Do not allow meeting attendees to join before the host
Use waiting rooms to screen participants before they enter the meeting
Turn off participant screen sharing to prevent unauthorized screen sharing
Protect your virtual office
If you’re using a shared workspace, be conscious of clearing off all business information, especially if you have to step away. Also, avoid unnecessarily printing out business information at home or in public spaces. In addition, if you are in a meeting were sensitive or nonpublic business information is shared, be sure to put on headphones. If you have the option, work in a separate, dedicated office space whenever possible.
#BeCyberSmart and play your part in ensuring safer a digital world.
To find out more contact John Chakauya, Senior Consultant on: Email: john.chakauya@zw.ey.com or eymarketing@zw.ey.com Address: Angwa City Building, Corner Julius Nyerere
Way/ Kwame Nkrumah Avenue. P O Box 62, Harare,
Zimbabwe. Tel: +263 4 750905/ 750979
This article was compiled by EY as a source of general information and notification and should not be construed as a formal professional/legal opinion. Although reasonable skill and care is taken when providing information, EY offer no warranties or representations as to the information’s accuracy. The information provided is not intended to replace the need for an expert/ legal opinion on interpretation, application and consequences of the relevant legal, technical or regulatory provisions. EY does not accept responsibility for any loss or damage you or any third party may suffer because of utilising the information provided.