Working from home? Follow these cybersecurity best practices.

December 2, 2021 | Last updated on October 30, 2024
3 min read

The global pivot to remote work at the start of the pandemic sent organizations scrambling to set up work-from-home solutions to keep business moving along. While we’re much further along than those early days—and starting to move toward hybrid work arrangements—there are still a lot of security gaps in remote workforces.

 

The evolving nature of online fraud

The Canadian Anti-Fraud Centre estimates fewer than five per cent of victims file a fraud report and that a majority of phishing scams that solicit personal information don’t involve direct financial losses. “Financial loss isn’t the only consequence of a security breach,” says Anna McCrindell, Vice President, Commercial Insurance with Wawanesa. “Aside from being less productive, you could also lose intellectual property, be hit with compliance fines, risk damage to your company’s reputation and ultimately, lose customers.”

How cybercriminals trick you

Cybercriminals view pandemics, natural disasters and other high-profile events as an opportunity to breach vulnerabilities. And the attacks continue to evolve as the pandemic evolves.

“These attacks are becoming much more sophisticated, and often much more customized,” explains McCrindell. “Victims are enticed to click on malicious links, give up passwords or install unauthorized software. From there, cybercriminals can gain access to corporate systems, steal sensitive data, extort ransom or even add your computer to a botnet to launch malicious attacks on other computers.”

How to practice good cyber hygiene

As Canadians continue to work from home or embrace hybrid work, it’s a good time to look at security measures to protect both personal and work-related data.

Do:

  •  Familiarize yourself with potential risks related to your work and your industry, particularly if you handle sensitive information.
  • Trust health-related information only when coming from reliable medical sources, and trust professional information only from sources you can verify.
  • Use hard-to-guess passwords for email, cloud storage and corporate networks (including VPNs), and use different passwords for different accounts.
  • Change the default password on any home network devices, including routers and Wi-Fi access points, and update the firmware. Better yet, use two-factor or multi-factor authentication.
  • Use safe methods to exchange documents, spreadsheets, presentations or other files with your colleagues and business partners, and use company email to exchange information with outside business partners.
  • Keep your work computer and work-related documents and files in an area at home that is physically separate from your family life.
  • Use your work computer for work only, and limit the use of your personal devices for work-related purposes.

Don’t: 

  • Provide business information, even seemingly innocuous information, to requestors you cannot verify with certainty.
  • Use the pandemic as an excuse to bypass regular work processes, such as authorizing payments.
  • Disable security software or automatic updates on your work computer.
  • Leave work-related files with sensitive information lying around openly at home.
  • Give family members or other individuals access to your work computer.
  • Use your work computer for private business.
  • Email business documents to your personal email account.
  • Use any cloud services or install any software on your work computer that your company hasn’t authorized for business use.

“It’s also important to ensure your company has an incident response plan—from who to contact if an incident occurs, to how to isolate infected devices and restore data from the last backup,” adds McCrindell.

While there’s no guarantee you or your team won’t be the victim of a security breach, proper cyber hygiene can make you a less attractive target to cybercriminals and mitigate any potential damage.

 

Originally published on wawanesa.com/canada/blog/working-from-home-cybersecurity