For the next few weeks, you will probably find yourself working from home due to the coronavirus. Make sure you don’t forget about cybersecurity best practices that can help defend you against a cyberattack.
It’s no longer a secret that the current upsurge of the Coronavirus pandemic has disrupted normal operations in a lot of companies. An increasing number of workers are being forced to work from home or any other convenient places away from their company premises.
However, due to a sharp increase in the search volumes for the term Coronavirus, malicious developers are updating their toolkits with malicious links, sites, and Coronavirus-themed scams to capitalize on unsuspecting victims.
Therefore, as an employee working from home, you need to enforce adequate measures to counter such cybercrime threats. In this post, we take a look at five sure tips that can help you secure your home network. Let’s dig in!
1. Check the default settings in your home router
Your home router is the engine of your home network. Without it, your PC can’t communicate with others on the net. This makes them a primary target for any cybercriminal out there.
In most cases, hackers will try to hack into your home router, and if successful, hijack your Wi-Fi traffic and finally have access to your network.
To prevent such an occurrence, you need to check your router’s settings and change the defaults. This means that you will first need to gain access to your router’s control panel before you make the changes.
Here are the steps:
- Open your browser and switch on your home network
- Type something like http://192.168.1.1 in your browser
- From the router configuration center page, you will be directed to change all the settings that can affect your security. For instance, your default user-names and passwords currently in your router.
- Change your SSID (name of your home network), which stems from the fact that cybercriminals can use it to launch an attack. Case in point, taking a look at the SSIDs of Wi-Fi networks detected from my apartment shows that many of my neighbors are using Huawei routers; which can be free fodder for an attacker.
To create strong and unique passwords, you can utilize the ESET password manager. One significant advantage of using such is that you don’t need to remember a lot. A single long phrase can be used to manage all your other account passwords with a few clicks.
2. Kick-off any unwanted devices from your home network
Unrecognized devices hovering around your home network pose a significant threat to your system, as they can access your vital documents and credentials without your knowledge.
To fix this situation, you can subscribe to ESET Smart Security Premium, where you’ll enjoy the services of a home connected scanning tool, which can identify pesky neighbors who have been secretly using your Wi-Fi connection. After which you can flush them out from your network and finally change your passwords.
3. Get the latest firmware for your home router – or purchase a new one in case you have a legacy router
A recent discovery by the ESET team of how Wi-Fi chips are vulnerable to attacks brings to the fore, the importance of continually updating your home router’s system software to the latest manufacturer’s standards.
If you discover that you’re utilizing a legacy router, then it’s time you should opt for a new home router.
As a rule of thumb, grab one that has better security measures; such as those from the Gryphon brand that integrates threat intelligence.
This impressive technology provided by ESET enables the router to detect and block malware, phishing sites, as well as other threats that might invade your home network system.
For more information about the current configuration options for your home router, you can check out this blog post.
4. Communicate through a virtual private network
To discreetly pass information over public networks to evade the ever-present prying eyes, you can enlist the services of a VPN.
It provides a safe tunnel for communication by encrypting your data and sending them in small packets across the network. Decryption only happens at the end of the tunnels, which ensures that your data is safe.
5. Make use of the two-factor authentication (2FA) to secure your remote access
Factually, the Remote desktop protocol (RDP) responsible for the security of remote systems has often been prone to attacks, especially where no proper protection is in place.
Cybercriminals, for instance, can hack a system’s RDP through brute-forcing their way in or social engineering passwords out of employees.
Fortunately, with technology such as the ESET Secure Authentication or ESET’s two-factor authentication (2FA) solution, you can secure doubly remote access technologies such as the RDP and VPN, as well as employee credentials.
The double layer of protection emanates from the fact that a 2FA solution requires an employee to enter a one-time code that is delivered to them through an authentication app or SMS, in addition to the usual corporate user-name and password.
As a result, an attacker can not have access to your information or credentials even if they compromise your password.
Having a cyber secure home office is the way to go if companies are to realize their end goals without suffering significant setbacks due to the prevalent data security threats. ESET has been here for you for over 30 years. We want to assure you that we will be here to protect your online activities during these uncertain times, too. Protect yourself from threats to your online security with an extended trial of our award-winning software.
Try our extended 90-day trial for free.
We do realize that you’ve been caught up in the hurly-burly of the FIFA World Cup, but surely you have a few minutes to spare and peruse our roster of tips to stay safe online not only during the soccer spectacle. While you’re at it, recognize that no single player, no matter how stellar, is enough to put you on a path to success. In fact, being even one player short can be enough to trip you up. What should the pillars of your cybersecurity game plan be, then?
#1 A stitch in time saves nine
Last year went down in history for two serious cyber-incidents – the WannaCryptoroutbreak and the Equifax hack – that served up powerful reminders of the merits of swiftly squashing security bugs. 2017 also saw the highest number of vulnerabilities reported.
So the number one player in you security team is updates. In your home settings, making sure that automatic updates are enabled for your operating system and software is an easy step to take to keep attackers away.
#2 Prune your team
Get rid of that disgruntled bench-warmer who ends up sapping your team’s morale. Software that you hardly ever use can become a liability simply by increasing your attack surface. To further reduce the possible entry points for cybercriminals, you may also want to disable unused services and ports, and ditch programs that have a track record of vulnerabilities.
For your browser, consider blocking ads and removing all but the most necessary of browser add-ons and plugins. While you’re at it, shut down the accounts that you no longer need and use your high-privilege, or admin, account only for administrative tasks.
#3 Practice strong password hygiene
One of the easiest ways to protect your online identities consists in using a long, strong and unique password or better still, passphrase, for each of your online accounts. It may well come in handy if your login credentials leak, for example due to a breach at your service provider – which, in fact, is far too common a scenario. Further, just as you’d never share your teams tactics with your opponents, you should never share your password with anybody.
If you’re like most people and find the need to remember many username/password combinations overwhelming, consider using a password manager, which is intended to store your passwords in a “vault”.
#4 Look before you leap
Even if you have the most complex of passwords or passphrases, be aware of where you input them.
Online, everything is just a click away, and scammers are keenly aware of that. In their pursuit of your personal information, they use social engineering methods to sucker you into clicking a link or opening a malware-laden attachment.
5 questions to ask yourself before clicking on a link are:
- Do you trust the sender of the link?
- Do you trust the platform?
- Do you trust the destination?
- Does the link coincide with a major world event like the FIFA worldcup? (Cyber criminals tend to be opportunistic this way)
- Is it a shortened link?
#5 Add a factor
When aiming for secure accounts, you need to up your ante by using two-factor authentication, particularly for accounts that contain Personally Identifiable Information (PII) or other important data. The extra factor will require you to take an extra step to prove your identity when you attempt to log in or conduct a transaction. That way, even if your credentials leak or your password proves inadequate, there is another barrier between your account and the attacker.
#6 Use secure connections
When you connect to the internet, an attacker can sometimes place himself between your device and the connection point. To reduce the risk that such a man-in-the-middle attack will intercept your sensitive data while they are in motion, use only web connections secured by HTTPS (particularly for your most valued accounts) and use trusted networks such as your home connection or mobile data when performing the most sensitive of online operations, such as mobile banking. Needless to say, secure Wi-Fi connections should be underpinned by at least WPA2 encryption (or, ideally, WPA3as soon as it becomes available) – even at home – together with a strong and non-default administrator password and up-to-date firmware on your router.
Be very wary of public Wi-Fi hotspots. If you need to use such a connection, avoid sending personal data or use a reputable virtual private network (VPN) service, which keeps your data private via the use of an encrypted “tunnel”. Once you’re done, log out of your account and turn off Wi-Fi.
#7 Hide behind a firewall
A firewall is one of your key defensive players. Indeed, it is often thought of as the very first line of defense. It can typically be a piece of software in your computer, perhaps as part of anti-malware software, or it can be built into your router – or you can actually use both a network- and a host-based firewall. Regardless of its implementation, a firewall acts as a brawny bouncer that, based on predetermined rules, allows or denies traffic from the internet into an internal network or computer system.
#8 Back up
A backup is the kind of player who doesn’t get much time on the pitch, but when he does get the nod, he can “steal the show”. True, we might have spoken ill of bench warmers earlier, but a reliable backup is definitely not the kind of player to spoil your team’s chemistry.
Your system cannot usually be too – or completely – safe from harm. Beyond a cyber-incident, your data could be compromised by something as unpredictable as a storage medium failure. A backup is an example of a measure that is corrective in nature, but that is fully dependent on how hard you “practiced”. Or, as Benjamin Franklin put it, “by failing to prepare, you are preparing to fail”. It will cost you some time and possibly money to create (time and time again) your backups, but when it comes to averting (data) loss, this player may very well save the day for you.
#9 Select security software
Even if you use your common sense and take all kinds of “behavior-centered” precautions, you need another essential addition to your roster. At a time when you’re pitted against attackers who are ever more skilled, organized and persistent, dedicated security software is one of the easiest and most effective ways to protect your digital assets.
A reliable anti-malware solution uses many and various detection techniques and deploys multiple layers of defense that kick in at different stages of the attack process. That way, you’re provided with multiple opportunities to stymie a threat, including the latest threats, as attackers constantly come up with new malicious tools. This underscores the importance of always downloading the latest updates to your anti-malware software, which ideally are released several times a day. Top-quality security software automates this process, so you needn’t worry about installing the updates.
#10 Mobiles are computers, too!
Much of this article’s guidance also applies to smartphones and tablets. Due to their mobility, however, these devices are more prone to being misplaced or stolen. It is also of little help that users tend to view security software as belonging in the realm of laptops and desktops. But mobile devices have evolved to become powerful handheld computers and attackers have been shifting their focus to them.
There’s a number of measures you can take to reduce risks associated with mobile devices. They include relying on a secure authentication method to unlock your device’s screen, backing up the device, downloading system and app updates as soon as they’re available (preferably automatically, if possible), installing only reputable apps and only from legitimate stores, and making sure to use device encryption if it’s not turned on by default.
A dedicated mobile security solution will also go a long way towards enhancing your protection from mobile threats. This includes a scenario whereby your device goes missing, so you are then able to use the suite’s anti-theft and remote-wipe functionalities.
#11 Be aware
The final team member is, in fact, you – the keeper. Stay vigilant and cyber-aware and educate yourself on safe online habits. Don’t ever say, “it won’t/can’t happen to me”, because everyone is a potential target and victim. Recognize that one click is enough to inflict major damage on yourself and others, and that breaking good security practices for the sake of convenience may come back to bite you worse than Luis Suárez did in 2014. After all, how secure we are is largely dependent on how we use the technology.
So there you have it. You may want to enjoy the soccer now.