Amidst the COVID-19 pandemic, many organisations and people may be feeling anxious about the next few months, we hope to help remove a small portion of this anxiety by providing easy to follow practical steps that organisations and people can take from. We want you to secure your employees while they work from home.
We are going to focus on the individual members of staff in this second blog, previously we focused on organisations which you can catch up on HERE
Transitioning to remote working can be daunting, here are a few tips to help make that transition as secure as possible.
At the heart of your home network will typically be an Internet Service Provider (ISP) -provided router, it is important to change your default Admin password. You will also want to change the default SSID (Wi-Fi name) and SSID password. If you are unsure on how to change your router settings speak to your ISP or follow these steps to find the right guidance:
- Open your favourite web browser
- Go to google and type: change router admin password *broadband provider*
- Ensure your Wi-Fi is using WPA2, this is a protocol that enables secure communication between your laptop and your Wi-Fi router.
If your laptop is not managed by your employer you will want to install updates, and you should enable auto-updates. For Windows, to manually check for the latest recommended updates:
- Select the Start button
- Select Settings > Update & Security > Windows Update
For Apple click HERE
Ensure you have security software installed such as anti-virus. This should be provided by your employer, if not, sometimes ISPs will offer free security software as part of your broadband package.
Avast is a free solution, you can find more information HERE but we do recommend that you use a paid-for version for extra protection.
Keep your work laptop separate from personal life where possible, don’t let guests or children use it, and keep it somewhere secure when not in use.
When leaving your device, remember to lock your screen, even when you are working at home.
Everyone is currently in a period of change, uncertainty and a general sense of urgency, which creates almost the perfect storm for the cyber bad guys.
The easiest way for someone to steal yours or your company’s information is by simply tricking you into making a mistake. Social engineering is a psychological attack where an attacker tricks you into doing something you should not do.
The most common form is called phishing, below are some tips on how to spot a phishing email
- Think before you click (the best protection is to slow down). Be cautious of links embedded in emails or unexpected attachments. If you do not recognise or trust something, do not click or open it.
- If it is too good to be true, it probably is. Fraudsters are posing as well-known retailers and pretending to have special deals on masks or hand sanitisers – it is probably not true, and almost certainly not safe.
- Be careful of requests for sensitive personal, financial or credential data requests from seemingly official organisations or people claiming to be from your company (they may use a ‘spoofed’ email address).
- Look out for poor spelling and grammar. Misspellings in URLs are a tell-tale sign the website is fake. If the URL says ‘corronaviruss.com’ for example it is best to avoid it.
- Check the email address not just the sender display – is the sender credible and has it come from a trusted source?
- Does the email play on fear and urgency? Legitimate sources avoid alarmist language and speak in a calm, credible voice.
It is near impossible to remember all the passwords we have nowadays, especially if you follow good practice and do not use the same passwords for multiple accounts that are easily guessable. Therefore, we recommend you use a password manager to store these for you.
A popular choice is LastPass, but check with your employer's IT or security team first.
If you are in doubt or have any issues it is best to contact your employer's IT or security team.