Don’t let COVID-19 make you a home working security risk — PART TWO
Congratulations. You’re now the chief security officer of your company’s newest branch office: Your home. Here’s how to manage your new job…
Welcome to life working at home, where the only person standing between you and all kinds of malware, ransomware and other security threats is, well, you!
No one’s asking you to become a cyber-security guru, but it doesn’t hurt to learn a little bit about how to keep your computer safe and to be aware of potential threats.
You see, there really are people out there who want to grab your password, steal your data and your company’s data, and infect your computer with ransomware while they’re at it. It’s nothing personal but, just like the coronavirus, these things really are out to get you and you need to act accordingly.
So, here, are four tips on how to keep your computer safe.
The single biggest security problem you’re most likely to run into is phishing. There are two kinds of phishing. In the older type, scammers use email or text messages to trick you into giving them your personal information, especially passwords and account numbers. With the other type, you’re encouraged to download or open a file or click on a link, which will infect your computer with malware.
In either case, they often look like they’re from someone or a company you trust. They often tell you a story to trick you into making a fatal mistake. This can include the following: Saying they’ve noticed some suspicious activity or problem, there’s a problem with your account, you’re eligible for a refund or you need to pay a (fake) invoice.
There’s already been a significant number of coronavirus related phishing messages and you can be sure there will be many more proclaiming a cure, an urgent message from Public Health England, and the like.
Phishing messages may also disguise themselves with personal information. They’ll include your home address, your pets’ names and so on. Don’t buy it. It’s easy to find your personal information on the internet. Just consider for a moment how much to tell people about yourself on Facebook and the other social networks.
You can spot phishing messages with several tell-tale signs. If you look closely at the address, instead of being from a real address, say firstname.lastname@example.org, it will be from email@example.com. They also often open with a generic solution such as “Hi” instead of your real name.
Finally, another phishing variant is the Microsoft support call scam. In this one, you’ll get a call from someone claiming to be from Microsoft or a partner and that an automatic scan of your PC has shown a problem and they’re here to help all for one low price. No, no they’re not. Microsoft will never call you out of the blue. At the very least, you’ll lose a few bucks and the worst you may find your computer and all your company’s files locked up with ransomware.
If you have any suspicion at all that you have received a phishing message, just delete it. Never reply to it or click on any link or attachment within it. If you’re concerned that a message could be genuine, simply contact the relevant party via another means to investigate.
V to the P to the N
These days a lot of our front-line business programs, such as Office 365, Google Docs, and QuickBooks Online use a software-as-a-service (SaaS) cloud model. For these, you don’t need a VPN. But, a lot of our in-house applications are still located in our data centres and server rooms and that means, you’ll need a VPN to safely get to them.
If your company hasn’t set up a VPN for you, tell them to set one up, otherwise anything you send between your home and your office is vulnerable to being spied on.
Picking a VPN isn’t your job — you may be acting as a chief security officer, but you aren’t paid like one, nor do you have the technical expertise.
If you’re running a small business, you need to pick a small-office/home-office (SOHO) VPN, some of the best, easy-to-deploy choices are ExpressVPN and NordVPN. Even so, you’d be well advised to get the advice of an IT professional, maybe search for a good MSP that offers ad-hoc IT support.
Baby’s got Back-ups
You may not think of backups as part of security, but they most definitely are. They’re the “Break glass in case of emergency” option to save you when everything else has gone wrong.
Again, this is something your IT people should be handling for you. But, in the rush to get you out the door and working from home, it may have been neglected.
The quickest, easiest way to back up your business PC from home is to use a cloud backup service. Once your company’s IT team catch up, they’ll also find it easier to get at your backups if they’re on the cloud rather than if you’re using an old-style physical media backup system, such as an external hard-drive, flash-drive or DVD.
If you’re using Office 365 then you should also consider a service that will back-up your Exchange (email, calendars and contacts), OneDrive storage and SharePoint documents too. Many good MSP’s will offer these services for a low monthly price.
Keeping your work safe from home isn’t easy, but it’s not rocket science either. Just follow these tips and you should be OK.
Want more advice? If you would like advice on IT for your small business or start-up, get in touch.