Working from Home Cyber Security Tips for Staff and Employers in Pakistan

The work-from-home culture or remote work is already adopted by almost one in five workers from around the world, and these numbers are expected to only increase further both internationally or locally here in Pakistan. As the social distancing continues and recent austerity measures in Pakistan, many Pakistani public and private sector organizations and enterprises are facing the potential of telecommuting and work from home scenarios. What if in-office employees need to work from home? What’s the most seamless way to make that transition? And how will we ensure that any data and private information isn’t compromised when accessed remotely?

Contrary to popular belief, studies have found that employees working from home are more productive than ones at work, prompting employers to consider this option for their businesses as well.

Aligning your employees with the organization’s security policies can be tricky when they work from remote locations. Employees can often tend to overlook security constraints when left on their own, causing potential concerns for their employers. Given the circumstances, we wanted to share some cyber security tips to help your organization and your staff stay secure while working from home. Not just to protect those employees working from home, but also to helps the security, IT departments, and small businesses who suddenly need to secure their distributed workforce.

Cyber Secure Your Home Office

Physical security shouldn’t go out the window when you’re working from home. Just as you lock the up the office when you leave for the day, do the same when working from home. Laptops can be stolen from your backyard, living room or home office. Take care of your laptop inside when you go out, and lock the door to your home office. Keep your home workspace as secure as you keep your normal office. 

Secure Your Home Router

Cybercriminals look to exploit default passwords on home routers because of not many people bother to change it, leaving their home network vulnerable. Changing your router’s password from the default to something unique is a simple step you can take to protect your home network from malicious actors who want access to your devices.

This is a good first step, but there are additional actions you can take. For example, you should ensure firmware updates are installed as soon as possible so known vulnerabilities aren’t exploitable.

Separate Work and Personal Devices

It might be easier said than done, but it’s important to carve out boundaries between your work life and home life, especially while working from home. While it may seem cumbersome to constantly switch between devices to simple pay a bill or online shop, do your best to keep your work computer and home computer separate. You never know if one has been compromised. 

If you can do the same for your mobile devices, even better.  This can help reduce the amount of sensitive data exposed if your personal device or work device has been compromised.

Encrypt Your Devices

If your employer hasn’t already turned on encryption for you, you should turn it on as it plays an important part in reducing the security risk of lost or stolen devices, as it prevents strangers from accessing the contents of your device without the password, PIN, or biometrics. For reference, encryption is the process of encoding information so only authorized parties can access it. While it doesn’t prevent interference and man-in-the-middle attacks, it does deny intelligible content to the interceptor.

Keep Your Operating System Up-To-Date

Even if you are using a supported operating system, there can be significant delays between the disclosure of a vulnerability and its mitigation. Even if the window is open for only a few days, wormable zero-day exploits represent significant risk. Just look at how WannaCry’s EternalBlue exploit resulted in hundreds of thousands of infections.

To minimize this risk, ensure all devices apply security patches as soon as possible, ideally via automatic updates.Most modern devices will automatically apply updates by default but you may need to allow your computer to restart to complete the patching process.

Keep Your Software Up-To-Date

Operating systems aren’t the only thing that can be exploited. Any software can, web browsers are a common target. For the same reasons outlined above, it’s important to keep any installed applications up-to-date.

Most modern software will check for, and apply security patches automatically. For everything else, check for the latest versions periodically. That said, where possible consider using a secure licensed applications over installable software as it cannot become out of date and the management of security is in the hands of the provider rather than you.

Invest in Cybersecurity Awareness Training

Unfortunately, teaching cybersecurity isn’t something that can just be taught once and forgotten. Cybercriminals are constantly looking for new ways to circumvent security controls and psychology to gain access to sensitive information.

Teach your staff how to:

• Recognize phishing, spear phishing, and whaling attacks
• Avoid malicious email attachments and other email-based scams
• Identify domain hijacking and typosquatting attacks
• Use operations security on their social media accounts and public profiles to prevent data breaches, cyber attacks, and corporate espionage
• Only install software if they need to and to prefer secure, well-established SaaS applications that are always up-to-date
• Avoid installing browser plugins that come from unknown or unidentified developers.

Wipe Any Devices Before You Share, Sell or Dispose Of

When lending, giving, selling, just throwing out an old device, make sure to return it to factory settings. This will prevent your data from being accessed after you no longer have control over your device, temporarily or permanently.

Before doing this, remember to backup or transfer any important information on the device.

Essential Tools / Softwares

Some of the other common tools and softwares that can strengthen your organizations cyber security posture are listed below.

• VPN
• MFA
• Password manager
• SSO
• Backup

Virtual Private Network
You have little to no control over what networks your employees use when they work from home. There are chances that they could perform sensitive tasks from cyber cafes, airport lounges, coffee shops, and other public WiFi networks. A VPN would be very handy in such situations, granting safe access to your data while also allowing employees to securely connect with the office network.

Multi-factor authentication
Multi-factor authentication (MFA) adds additional protection to sensitive accounts by validating the identity of an individual. Make MFA mandatory for your employees if they’re accessing critical accounts when working from outside the office premises.

Two-factor authentication can dramatically reduce the risk of successful phishing emails and malware infections because even if the attacker is able to get your password, they are unable to login because they do not have the second piece of evidence. To successfully login, they would need access to whatever is generating your one-time code, which should be an authenticator app or security key.

Password manager
A study from last year states that businesses access more than 100 applications for their daily tasks. When employees work from remote locations, this number increases considerably. While these applications come in handy, maintaining and remembering strong passwords for each of these accounts can be cumbersome. Passwords are the first line of defense for any account and they should be secured at all costs. A proper password management solution allows users to securely store, share, and manage passwords from anywhere.

Single sign-on (SSO) solutions
Many companies and experts prefer a password-less experience for their users. This is certainly achievable with an SSO solution that allows users to securely authenticate with multiple applications while just logging in once to an identity provider. This eliminates the need for creating individual user accounts, thereby increasing user productivity multifold while allowing IT admins to monitor all user access from one place. Lately, password managers also frequently bundle single sign-on services with their offering.

Secure backup mechanism
While the top priority is implementing solid security policies to prevent cyber incidents, it’s always essential to also have a reliable backup mechanism. Encrypting end-user devices and setting a periodic backup of daily tasks performed can safeguard your business when users lose their work device. This will help you restore all critical data, continue business operations without interruption and quell the worries of your data getting compromised. Secure back ups also help your organisation incase ransomware attack, which are also on rise.

Working remotely is definitely beneficial and safe when your workforce has access to advanced security tools that reduce the likeliness of a potential threat for your business.

An enterprise can enjoy multiple benefits of a strong and secure telecommuting and remote work policy, such as increased user productivity, employee creativity, minimal attrition rate, and financial expenditure, among some.

While this is not complete list of all the cyber security concerns to keep in mind in situations like these, and they can vary depending on your nature of business and Data that your organisation handels.

How ever these basic security tips stated above should help you start remote work at your organisation. You can read our Remote work Guide for Pakistan and for a more details and consultation you can always contact us.