Amid the Coronavirus scare, employees everywhere are packing their laptops and working remotely. Different organizations have different remote-working policies. While some mandate strict security protocols, others are more permissive, and even careless in some regards.
Employees must nonetheless be cautious when connecting to the company infrastructure from home, protecting not only their employers, but also themselves from cyber malice. Today, we outline five golden rules every employee should abide by when working from the confines of their home.
Prep your PC
In most cases, remote workers can’t renew their access data from outside the company’s infrastructure. Before taking your company-issued laptop home, change your password. If your operating system has been nagging you to renew your login credentials, be sure to do so while you’re still at the office and avoid being locked out of the infrastructure while working remotely. Also, check if your organization’s VPN is installed and properly configured.
Before starting work, connect to your company’s VPN. Don’t use anything other than your company-sanctioned VPN client and avoid using any other means of connecting to your infrastructure. Remember that any other Remote Desktop Client is likely to be in violation of policies you have in place at work. Also, it is usually a good idea not to enable Remote Desktop Protocol and expose it over the Internet on any company computer.
Don’t mix business with pleasure
Don’t use personal gadgets for work, and don’t use your work laptop for personal affairs (like social networking or online shopping). Using personal services on your work devices can generate conflicts with your work environment, apps and services. A single unintended copy-paste of work material can violate data protection laws, like the GDPR. The same goes if you accidentally send a work file containing confidential information to someone in your Facebook chat window.
Your IT department has equipped your work laptop with safeguards and trip wires that sound alarms in case of human error. So you should use your company-issued equipment strictly for work. Keep your personal affairs on your personal gizmos.
Also, remember to keep your work devices away from family members, especially the youngsters. Children are easily tricked into downloading malicious content on a device, which can compromise the device and, by extension, the company network.
Even your work laptop can end up on an uncharted website or receive a malicious email meant to trick you into divulging passwords or to install malware. Remote workers must be vigilant. For instance, we already havereported cases of scams capitalizing on the Coronavirus outbreak in an attempt to trick users into downloading malware on their computer.
Report any suspicious activity to your IT department. This way, you’re not only protecting yourself, but also any less-wary colleagues who may be targeted by the same scam.
Be particularly skeptical of emails purporting to come from your IT department. Cybercriminals often take advantage of remote-work policies to trick employees into following IT-issued instructions, such as to change their password – when, in fact, they are being tricked into giving their password to the attacker. If you have any reason to believe the message doesn’t come from a legitimate source, contact your IT guys on a different channel, like instant messaging. Or just give them a call.
Respect standard remote-work procedures
Don’t stray from your IT department’s security policies while working remotely. Use the trusty VPN to patch into your company’s infrastructure and don’t tinker with the endpoint security tools installed on your work computer. If you’re unsure what a certain setting does, consult your IT guys first. For example, never disable multi-factor authentication (MFA), also known as two-factor authentication (2FA) for work apps and services. MFA/2FA is a strong blockade against potential hacks.