Working securely, as with anything in information security, starts with you. There are always bad actors who will take advantage of a situation, especially when individuals are rushed and stressed. The risk of companies falling victim to phishing scams aimed at employees is astronomical, and while technology solutions are critical, they are not enough. But there is hope, and it lies at your fingertips. A few simple steps and your ongoing vigilance can thwart many wide-reaching cyber attacks.

How can I identify a phishing attack?

If an email or notification seems suspicious or unusual, there is a good chance something is wrong. Ask yourself these questions:

• Are you expecting an attachment, such as an invoice, from that person?
• Do you have something being shipped to you?
• Is this email consistent with others that typically come to your work email account?
• Is the message creating a sense urgency?

Remember, you are the best defense against attacks.

How do I secure my home network?

Especially when working from home, make sure to secure your home network. While no network or computer is completely secure from a technical standpoint, most major issues can be reasonably solved with basic security measures. There are a few simple steps anyone can take to increase network security at home:

• Change any default administrator passwords on home devices.
• Configure and require a wifi password. This will encrypt the wireless connection and help prevent strangers from using your wireless or viewing your internet activity.
• Choose strong passwords.

Strong passwords, or even passphrases, are critical to protecting your accounts. A longer password is a more secure password. You should also create unique passwords for everything. That way, if your password from a site is leaked to bad actors, it cannot be used on another site. Feel like it’s impossible to remember so many passwords? A password manager can be a great help for this. They can create and store long, unique passwords for each account and website you use.

You should also use multi-factor (2-step) authentication any time it is available. This might be in the form of a text message or app on your phone, or something else. Enabling multi-factor authentication can be one of the most important things you can do to secure your accounts. It creates an extra barrier to deter bad actors from accessing your information and accounts.

Lastly, keep your devices up to date. Attackers are always looking for new vulnerabilities and in turn, device manufacturers and software companies are regularly issuing patches to fix vulnerabilities. All connected devices, such as mobile phones, laptops, wifi routers, and even televisions, must be updated as patches are released. The easiest way to do this is enable automatic updating if its available for your device.

The most important layer of defense

We should always work to mitigate threats with technical controls when possible but, ultimately, the best technical security solutions are rendered useless if we forget to apply healthy skepticism, even in the midst of an emergency situation. Keep security top-of-mind and notify your organization if you see or discover something unusual. You are the most crucial layer of defense against cyber attacks.

If your organization needs assistance crafting IT policies for remote work, conducting employee training that encompasses a new remote working environment, or assistance with the supporting infrastructure, please contact us.