Amid the Covid-19 (Coronavirus) pandemic, there has been a disruption in normal business operations across all industries. As a result, employees are working from home to avoid spreading or catching the virus.
Some employees are working from home for the first time and other businesses are opting for this kind of arrangement to enable business continuity while meeting their employees’ safety as well. However, it is a prime time for cyber-attackers to target businesses as more employees work from home. The attacks can be in the form of malicious software (malware) targeting their personal computers (PC) or phishing emails to intercept sensitive communication such as authorization of payments.
At @iLabAfrica- Strathmore University Cybersecurity Operations Center (SOC), we are continuously helping our clients minimize all forms of cyberattacks during this Covid-19 pandemic. We are committed to protecting their digital assets and network from cyberattacks. We draw insights from our daily operations to help you protect your network and PC while working from home during this Covid-19 pandemic. Below are ten safety tips you can employ while working from home.
1. Change Your Default Wi-Fi Passwords
Both portable and home Wi-Fi routers come with a default Wi-Fi passwords. Most of the default passwords are easily predictable and can put you at risk when you have other unwanted users (Attackers) using your network. When attackers have access to your private network, they can steal your personal information or misdirect your traffic through an attack known as Man-in-the-middle (MitM) in networks.
Choosing a good password involves something that is easier to remember and hard for an attacker to guess. For instance, DX^&AJ(A_+2020 is an example of a bad password because it seems hard to guess but not easy to remember. A good password is something like, YouShouldRemberThisPassword_2020, easy to remember and hard to guess.
2. Do Regular Backups
Ensure to make a copy of any critical projects you are working on. In any case, of hardware failure, device loss or a ransomware attack, you can be confident that all your critical data is safe. Failure to do this can lead to the disruption of your daily operations.
If you are using a backup service like Google Drive, OneDrive or Dropbox, make sure you have file synchronizing off. Save your data manually using these services every noon and evening. This is to protect your backup from corruption in case your PC gets a malware infection.
3. Update your Software and Operating System
Using old outdated software or an unpatched Operating System (OS) opens the door for attackers into your PC. Attackers exploit these kinds of weaknesses in your PC to gain access to your PC. Ensure you have installed all critical updates available for your PC and all the software that you are using.
Do not install pirated software or OS on your PC. If you cannot afford the Software or OS you wish to install, consider checking for an Open-Source alternative (you can make use of Alternativeto) as Pirated software and OS are usually bundled with malware.
4. Use a Password Manager
Now you know how a good password looks like. However, maintaining all the passwords you create for each website you visit can be a daunting task. This is why you will be tempted to reuse a good password, which is a bad idea.
To avoid password reuse, you can utilize a password manager, which will generate and maintain all the passwords you require. You will only need to remember a single master password to access the password wallet or vault. Most of the current password managers can also integrate with your browser to make website authentication easy. You can have a look at 1Password, LastPass, Dashlane, and Keeper.
5. Enforce 2FA on your Accounts
2FA stands for Two Factor Authentication. This is a security measure that ensures authentication to your personal accounts like email and online banking are not only relying on passwords but also another layer of authentication that tries to prove the owner is accessing the account.
Most commonly used online services have an option to add your phone number or email address for a One Time Password (OTP). You receive the OTP as a text message or an email each time you successfully login to your account. You will have to enter the OTP just after the password to access features in your personal account.
6. Watch out for Phishing Attacks
A phishing attack involves an attacker who tries to trick a victim into doing things that will help in achieving a cyberattack. Working from home involves the use of collaborative technologies and heavy reliance on communication tools like email and phone. Cyber attackers are aware of the current shift in business operations. They are taking advantage of unsuspecting users.
The attack is usually in the form of emails, SMS or phone calls that seem to be from a reputable source. To be safe, do not click links in what seems to be a malicious email or providing information to random people (or someone you have just known via email). Your employer should define the Standard Operating Procedures (SOPs) during this period of the Covid-91 pandemic.
You should have a way to verify your workmates and most importantly, remember to restrict critical operations like payments and authorization of funds to only a few persons in the company. This is not the time for your customers to change their bank accounts.
7. Avoid Using Public Network for Critical Operations
When working from home you might find yourself exposed to free Wi-Fi networks, hotels, and other similar public networks. You can never be sure who else is using the same network; you might have a malicious user connected or even as the provider of the network. This can lead to a Man-in-the-Middle (MitM) attack.
To be safe, restrict all critical operations like business transactions and email access to your own private network that you can control. For instance, create a mobile phone hotspot while in the public for your critical operations. Ensure you do not use a default password on your hotspot.
The same applies when you need to print confidential documents like pay-slips, business agreements, tender documents, etc. Please do not carry out such activities in a Cyber Cafe. Buy a cheap printer for home use or talk to your organization to facilitate one during this period of the pandemic.
8. Don’t Leave Sensitive Data on USB Disks
While in the office, you have file-sharing services that are available at a click of a button. You can move a file from your office network to your PC in an organized way. This is not the same when you are working from home. You will need to print a file that is on your laptop by physically copying it on a removable drive then plugging it in on your home PC.
Moving sensitive files from one PC to another using a removable drive like a USB puts you in a vulnerable position whenever you lose the USB. Minimize this activity to one special USB that you can wipe now and then after using it or make use of trusted services like Dropbox, Google Drive, and OneDrive.
If there is a dire need to have offline copies of the sensitive files on your USB, make sure you encrypt the files whenever you store them on your disk. I recommend using a tool like VeraCrypt or EncryptStick.
9. Don’t Leave your Digital Device Unattended while in Public
Whenever you are working while in a public place or facility, make sure to secure your digital devices like phones, tablets, and laptops. If any of these devices get lost, it puts you and your organization at risk. Minimizing the impact in such cases involves you having passwords enabled in all your devices and enabling remote wipe options on the devices.
Digital products from Apple and Samsung have features that enable the device to wipe off any data on the disk after a number of failed login attempts. In addition, they provide remote device control, which can help you find your lost device. I recommend Cerberus Phone Security (Antitheft) service for such operations.
Always enable full disk encryption on your laptops and phones. This helps minimize data exposure in an event of device theft. More so, this will limit an attacker accessing your organization if the VPN is in use or reading sensitive emails.
10. Keep your work separate from your personal activities
Working from home means more freedom on your hands. It requires being ethical, highly committed to your work and creating a manageable work routine with breaks in between. You will be using your work PC or your home PC if your organization does not provide one. Avoid mixing your personal activities with official activities.
Treat your online workspace as the way you would work in your office. Do not have inappropriate music playing in the background, accessing inappropriate content, and multiple email Gmail account tabs, etc. These kinds of activities can open doors for attackers to infiltrate your organization or simply cause you embarrassment when you use the wrong email for sensitive business communication.
These are the basic measures to protect you and your company while working from home. We hope you will stay safe and adhere to these tips to increase the security of your operations. @iLabAfrica-Strathmore University, takes pride in protecting businesses from cyberattacks and providing resources that help businesses reduce risks as we grow together.
Writer: Mr. John (Troon) Ombagi
OSCE | CND | CHFI | CEI
Security Operations Center (SOC) Technical Lead
@iLabAfrica, Strathmore University
About @iLabAfrica Centre
@iLabAfrica is a Centre of Excellence in ICT Innovation and Development at Strathmore University. The centre spearheads Research and Innovation in Information Communication Technology for the Development (ICT4D) of ecosystems towards the attainment of the United Nations Sustainable Development Goals (SDGs) and to contribute toward Kenya’s Vision 2030. The research centre is involved in interdisciplinary research, students’ engagement and has partnered with over 800 institutions (Universities, NGOs, foundations and government) worldwide and other funding agencies. For more information, please visit www.ilabafrica.ac.ke
About ACPM IT Consulting Ltd
ACPM IT Consulting Ltd. is an international consulting company focusing on IT security• Founded in 2015 by accomplished information security experts in Budapest, Hungary• ACPM is based in Budapest with representative offices and partners in Kenya, South Africa, Austria, United Arab Emirates, China, Rwanda and Malaysia.• The ACPM team of cybersecurity- and information technology experts provide highly sophisticated IT security and IT auditing services to global corporations, financial entities and government organizations.
BCK Kenya Limited is a leading provider of ICT services in East Africa based in Nairobi.It’s an end-to-end digital solutions partner, providing the most advanced customer centered Information and Communications Technology to organizations of all sizes and needs. BCK provides Digital Engineered and Integration Services, Automation of Core operations, Engineered Interactive solutions (UI/UXI), Applied Intelligence and Analytics (BI), Mobile Application Development, connecting the workforce to networks anytime to improve productivity Integrate, educate and implement Security solutions with operations from devices and equipment to software and services, Big Data Consulting for Data Architecture, Integration, and Exploration. Their clients range from Public Sector, County Governments, Non-Governmental Organisations (NGOs) and those in the Financial Sector.