Staying safe online in the age of remote working (even after COVID...)

With the significant increase in remote working, more people need to be aware of the many risks and also the various ways of being safe on the internet

Turns out that the biggest risks for data hacks come from user negligence, error or bad practice. I’d like to share some of the basic, yet effective, ways to protect yourself or your business.

Passwords and Password Managers

We can start with the obvious measure, making sure you, your family members and your colleagues are using secure passwords. While it’s obviously a headache to remember complex passwords, it is a much bigger headache if your data gets stolen. Your data would not be stolen by an actual person but most probably by a ‘bot’. Robots are programmed by hackers to scour the internet in search for easy access to user accounts; they automatically try a wide range of email addresses and proceed to brute force their way in - that is trying out a huge amount of passwords until they finally get in. Whatever your password, someone with enough time will eventually guess it - it’s just a matter of trying long enough. Each time  you make your password slightly more complex, you add a number of months or years to the time it takes to guess your password.

Password managers can come to the rescue - modern web browsers now include ways to automatically generate good passwords and have them remembered automatically for you. If you do use such an approach, access to your laptop must be secured with a strong password. Also, make it a habit to always jump back to your laptop’s login screen  (Windows Key + L on Windows) before ever leaving it unattended - even if you’re working from home.

Files and Links

If you were not expecting someone to send you a file, why would they be sending you a file? Make sure you quiz them about it before you proceed with opening - even if they are a friend or colleague. Files can be dangerous - PDFs have been proven to have a number of vulnerabilities. Fortunately, if you keep your software up to date, these vulnerabilities have now been resolved. Some files are much more dangerous than PDFs, so always avoid unsolicited files.

When it comes to links, it is improbable that by simply ‘watching a video’, someone will gain  access to your phone or data. Yet, clicking on an unfamiliar link does have its risks.  Up to date web browsers have the means to protect you from a number of hacking techniques, but the browser cannot protect you from yourself. Upon visiting an unfamiliar link, it may be common for the malicious website to ask you to login with your google, microsoft, dropbox or even amazon account. Careful where you put your login details - fake login screens is a very common way to ‘spoof’ users’ passwords. Check the domain of the website you are accessing, confirm the security lock and listen to your instinct if you see something suspicious or unusual on screen.

Above: Click or tap the padlock for more information.

Remember that if you fall for a spoofing exercise, you are putting your friends, colleagues and possibly an entire business at risk. If you do make such a mistake - act fast. Change your account password and if your organisation has an IT administrator, report the incident as soon as possible.

Emails

By now you may be familiar with email scams - these will try to impersonate your boss or your colleagues. Everything may seem legitimate, they might even have the correct ‘writing style’ of your friend. Be careful. Emails are a very insecure means of communication.

Do not send passwords, do not action financial transactions and do not release sensitive information just on the basis of an email communication. Include another means of communication in the process as an extra layer of verification; for example - give your colleague a quick call just to confirm that you are indeed talking to the right person. Instead of attaching files to an email thread, share files over another platform (Example: Office 365 or Google Drive). Be creative in your verification processes.

Multi-Factor Authentication (MFA)

My favourite way to secure my accounts is to make use of multi-factor authentication (referred to as MFA or 2FA). While this type of login can be done by receiving a code over SMS, it is better to use an Authenticator app. The idea is that besides knowing your email address and password, which we know one might guess using brute force, you are also able to provide a unique code which is only available if you have access to your phone right now.

You may be familiar with the two factor authentication devices provided by your bank. The good news is that there are mobile apps available to facilitate this process. Examples of this are Google’s Authenticator, the Microsoft Authenticator or Authy.

I make an effort to secure every account I have with two factor authentication. If you are a business owner, I suggest that you insist on having multi-factor authentication for every team member on every system. The risk and damage that can come from one compromised account is too high. As a user, take the initiative to protect your own accounts.

When building technology products, such as our HR and Payroll software Talexio, it was very important for us to provide an easy way to enable multi-factor authentication for our users.

Above: Multi-factor recommendation in our HRMS and Payroll software

Above: Setting up Multi-Factor authentication

With online security, we have to start from a position of distrust. Fortunately, with just a few steps and precautions, you can get back to focusing on your productivity and effectiveness.

With the significant increase in remote working, more people need to be aware of the many risks and also the various ways of being safe on the internet. The trick is to dedicate some time to inform yourself on best practices and then proceed to following them with a necessary dose of self discipline.