Staying Cyber Safe at Home - Practical Tips for Users

Amidst the COVID-19 pandemic, many organisations and people may be feeling anxious about the next few months, we hope to help remove a small portion of this anxiety by providing easy to follow practical steps that organisations and people can take from.  We want you to secure your employees while they work from home.

We are going to focus on the individual members of staff in this second blog, previously we focused on organisations which you can catch up on HERE

Transitioning to remote working can be daunting, here are a few tips to help make that transition as secure as possible.

Home Network

At the heart of your home network will typically be an Internet Service Provider (ISP) -provided router, it is important to change your default Admin password.  You will also want to change the default SSID (Wi-Fi name) and SSID password.  If you are unsure on how to change your router settings speak to your ISP or follow these steps to find the right guidance:

• Open your favourite web browser
• Go to google and type: change router admin password *broadband provider*
• Ensure your Wi-Fi is using WPA2, this is a protocol that enables secure communication between your laptop and your Wi-Fi router. 

Home Devices

If your laptop is not managed by your employer you will want to install updates, and you should enable auto-updates.   For Windows, to manually check for the latest recommended updates:

• Select the Start  button
• Select Settings > Update & Security  > Windows Update

For Apple click HERE

Ensure you have security software installed such as anti-virus.  This should be provided by your employer, if not, sometimes ISPs will offer free security software as part of your broadband package.

Avast is a free solution, you can find more information HERE but we do recommend that you use a paid-for version for extra protection.

Keep your work laptop separate from personal life where possible, don’t let guests or children use it, and keep it somewhere secure when not in use.

When leaving your device, remember to lock your screen, even when you are working at home.

Social Engineering

Everyone is currently in a period of change, uncertainty and a general sense of urgency, which creates almost the perfect storm for the cyber bad guys.

The easiest way for someone to steal yours or your company’s information is by simply tricking you into making a mistake.  Social engineering is a psychological attack where an attacker tricks you into doing something you should not do.

The most common form is called phishing, below are some tips on how to spot a phishing email

• Think before you click (the best protection is to slow down).  Be cautious of links embedded in emails or unexpected attachments.  If you do not recognise or trust something, do not click or open it.

• If it is too good to be true, it probably is.  Fraudsters are posing as well-known retailers and pretending to have special deals on masks or hand sanitisers – it is probably not true, and almost certainly not safe.

• Be careful of requests for sensitive personal, financial or credential data requests from seemingly official organisations or people claiming to be from your company (they may use a ‘spoofed’ email address).

• Look out for poor spelling and grammar.  Misspellings in URLs are a tell-tale sign the website is fake.  If the URL says ‘corronaviruss.com’ for example it is best to avoid it.

• Check the email address not just the sender display – is the sender credible and has it come from a trusted source?

• Does the email play on fear and urgency?  Legitimate sources avoid alarmist language and speak in a calm, credible voice.

Password Manager

It is near impossible to remember all the passwords we have nowadays, especially if you follow good practice and do not use the same passwords for multiple accounts that are easily guessable.  Therefore, we recommend you use a password manager to store these for you.  

A popular choice is LastPass, but check with your employer's IT or security team first.

Ask Questions

If you are in doubt or have any issues it is best to contact your employer's IT or security team.