Securing Infrastructure for Work from Home
By: NAKIVO Team
The COVID-19 outbreak was a watershed moment, changing how organizations and employees work. People worldwide shifted to remote work at a large scale, and this trend is only seeing some reversal as the pandemic subsides. For example, the number of full-time remote workers in the USA increased from just over 5% in 2018 to over 40% in 2020. In 2022, this number fell to 26% of all employees in the US. And although the number of remote workers in the USA has come down since the peak in 2020 (when COVID-19 limitations were the strictest), working is still very common.
Along with the benefits that remote work provides, some issues have been recorded. What can an employee do to maintain a secure IT infrastructure and keep the organization’s data protected when working remotely? In this blog post, we look at what employees can and should do for better security. We also provide practical remote work security tips to enhance IT infrastructure protection against multiple threats such as ransomware, phishing and planned hacking attacks.
7 Safety Tips for Working from Home
With remote work, system administrators have fewer levers to control IT infrastructure security, and more depends on the actions of employees. Fortunately, following some simple rules can significantly enhance an organization’s infrastructure security:
1. Keep software updated.
Unpatched app vulnerabilities cause around 30% of all security breaches. That’s why remote employees should be especially attentive to updating software on time. This rule is relevant for all software used on work devices, starting from the OS on a laptop to the Contacts app on a smartphone used for work. The more backdoors in applications are closed with timely patches, the fewer opportunities a hacker can get to infiltrate the organization’s IT environment.
2. Take care of video conferencing security.
Corporate video calls, online meetings, and webinars, among others, can contain data that shouldn’t be publicly shared. Therefore, taking care of video conferencing privacy and security is an unobvious yet critical element of remote work security that employees can do.
A secure remote worker means remaining attentive to minor details when interacting with a device that has access to the organization’s infrastructure. Consider the following recommendations to reduce the chance of third parties gaining unauthorized access to your data while participating in a video meeting:
- Use paid accounts. Paid licenses give access to more powerful security functions in collaboration video conferencing apps.
- Organize calls with a unique password and ID. This can significantly boost infrastructure security with minimum effort and time invested.
- To prevent sudden connections, have a waiting room for a call.
- After a meeting begins, lock calls to avoid new and unwanted connections
- Give screen-sharing rights to hosts only.
3. Stay alert when using public Wi-Fi.
The most reliable choice is to never connect corporate devices to public networks in places like cafes, railway stations, airports, and hotels. When there is no option but to use free Wi-Fi, employees can limit their connection timing, trying to perform the required job tasks as quickly as possible. It’s also recommended that employees avoid sending or receiving sensitive data when connected to public Wi-Fi spots, be that personal or corporate data.
4. Beware of phishing emails.
Although phishing is an old and known hacking technique, 90% of security breaches in organizations happen after successful phishing attacks. One wrong link clicked, for example, can allow ransomware into an organization’s IT infrastructure and paralyze operations. Given that email communication is inevitable, employees should be aware of these cyber threats when checking their emails.
Here are a few recommendations to consider:
- Stay attentive when opening any email that you receive on your work account, and avoid hitting suspicious links or attachments.
- Regardless of whether the sender is an outsider or a colleague that you know in person, never forget that corporate accounts can be compromised.
- Check the actual URL of the link you are about to open every time.
- Do not run files in attachments unless you are 100% sure about the contents.
5. Use strong passwords.
If an IT administrator delegates the choice of passwords for job accounts to employees, the reliability and strength of passwords are entirely up to the employees. They would need to come up with a unique password for each app or account they use for job purposes, keeping in mind a few simple recommendations:
- Passwords like “asdfg12345” don’t work – not for private or corporate accounts.
- Avoid using the same passwords for private and corporate accounts.
- A password should contain at least eight symbols and include unique capital and lowercase letters, numbers, and special characters.
- The best password is the one where a set of symbols is senseless, not following any logic.
6. Use separate devices for work.
Using home devices (for example, desktop PCs) for work is comfortable but unsafe. Employees separating their private activities from job tasks can improve data protection and infrastructure security. First, system administrators can’t verify what an employee browses on the web or downloads to a personal device. Second, employees can apply stricter access limitations to applications and data on their work devices without any inconvenience. For example, preventing USB connections means serious security enhancements, but you would not want that for your home PC.
7. Control work materials and devices at all times.
A bag with a work laptop, a physical folder with job documents, a smartphone that has access to the organization’s data and any other item that might be valuable for hackers or thieves should stay in your control at every moment. Employees can set a reliable password for their OS and then configure auto-blocking after, for example, 1 minute of inactivity. For additional security, they can set a BIOS password that protects the device on launch. Also, consider using a Kensington lock – although this physical security item can’t prevent a planned theft of the device, it can at least prevent incidental theft attempts.
Remote Work Security: 7 Short Tips for System Admins
Employee-dependent infrastructure security needs similar measures on the organization side. Here are seven short tips for system administrators to enhance cybersecurity in the workplace while accounting for the specifics of remote work:
- Migrate work instruments to the cloud: Cloud services are perfectly appropriate for remote work purposes. A worker has access to work materials and data, but the storage is centralized and controlled by the organization. Additionally, data access rights can be managed flexibly and quickly.
- Use VPN: A virtual private network can serve as a firewall protecting remote employees’ devices from unauthorized access over the internet.
- Set multi-factor authentication: Set an additional protection layer for remote logins and have more time to react when a password breach attempt occurs.
- Separate internal networks: An organization’s internal environment should consist of separate networks for different departments and purposes. Thus, hackers need to break through more barriers before reaching valuable data, and you again have more time to react after detecting an intruder.
- Configure role-based access control: Divide employees by roles based on their responsibilities and assign corresponding access rights to data and infrastructure elements. Going that way means that a hacker won’t be able to hit an entire organization after breaking into one employee’s remote device.
- Educate employees: Ensure employees know how to keep IT infrastructure secure when link type working remotely. Investing time and effort in training can then pay off with fewer user errors that may lead to breaches.
- Implement a reliable backup system: Sooner or later, hackers can overcome any protection measure you apply. When all else fails, viable backups of workloads and data at hand can help your organization recover from any incident.
With the number of cyber threats growing non-stop, employees working from a place other than an office should be conscious about the security of their devices and data. There are also several measures that system administrators can implement to secure the organization’s IT infrastructure. However, the most reliable way to keep an organization operable after different types of incidents, including after ransomware breaches, remains backup.
NAKIVO Backup & Replication is the all-in-one backup, recovery and replication solution. The solution’s set of data security features includes anti-ransomware protection of backups, role-based access control (RBAC), and two-factor authentication (2FA).