Cybersecurity and smart working: 5 good practices

31 May 2021 | Online Security

When the World Health Organisation declared the start of the pandemic, the idea of working from home, smart working, was just a mirage for many workers.

More than a year after the start of the pandemic, the situation has changed a lot on the topic of smart working.

According to data from International Workplace Group, the percentage of people working remotely at least 2.5 days a week is 50% worldwide.

Smart working is now a real priority to be faced and lived.

But there is a big difference between pursuing a priority strategically and approaching it only reactively.

And it is precisely this difference that, when it comes to cyber security, can impact the survival of a company and the peace of mind of its employees.

This exodus from the office has put great pressure on internal IT teams and technology solution providers. On top of this, the cyber security risks that employees face, perhaps unwittingly, have increased significantly and must be able to deal with.

If you are a smart working employee, how can you protect yourself from cyber security risks?

Here are 5 best practices for cyber security in smart working.

Index

1. Protect your data
2. Beware of phishing in smart working<2. Beware of phishing in smart working
3. Use only corporate devices
4. Pay attention to the way you communicate certain information  
5. Do not underestimate the risk and prioritise training! 

1. Protect your data

We are all very careful in our private lives not to share sensitive data.

It is very important to be equally careful with corporate data.

Let’s take an example.

If you post a photo of your office on Instagram and it includes a whiteboard or computer screen, you run the risk of revealing the information on that whiteboard or computer screen to people who could use it to your detriment and that of the company.

Would you ever take a picture of your credit card and share it on social media?

Remember that the value of corporate data and the risk associated with its disclosure is never that obvious, so be cautious.

Precisely because of this, the Enisa, EuropeanUnion Agency for Cybersecurity, advises, in a memorandum regarding cybersecurity in smart working, to avoid exchanging sensitive corporate data through the use of email and/or insecure internet connections

2. Beware of phishing in smart working

Always beware of phishing when you are on smart work.

The aim of such attacks is to get you to click on links and use you as an entry point for a large-scale hacking attack.

This type of link is not only hidden in emails that end up in your spam folder, those emails are the work of lazy hackers.

Such a link could be hidden in an email in your main inbox, it could be hidden in a text message, hackers could get you to take their bait even with a simple phone call.

There are many variations of phishing invented by hackers, and defending yourself against them all requires more than just your software’s spam folder.

Furthermore, it is important to consider that not all companies have adequate protections against phishing, so check:

  • the sender, read the text of the message carefully, use reputable sites to which they lead you.
  • Never open attachments or links that look suspicious.
  • Better not to download dubious software: some steal information from your device, others can be a vehicle for dangerous ransomware, software that seizes your data for which a ransom may later be demanded.

3. Use only corporate devices

You can only consider using personal devices to carry out work activities if these devices have been assessed and secured by the IT team.

Don’t use public Wi-Fi networks when smart working

If you work in locations other than your home, don’t use public Wi-Fi, but always use those that require password access.

When you connect to a Wi-Fi connection listed as ‘Free Public WiFi‘ in places like a park or an airport, hackers can easily gain unauthorised access to your information.

The fact is that these networks look legitimate, but don’t actually use state-of-the-art encryption technology.

To make your Internet connection more secure, you can always rely on a VPN.

Furthermore, use routers provided by official network providers (these are the ones that are regularly updated by the providers themselves), otherwise check that the DNS of the router is correct. There are various online tools to help you make a check, for instance you can try this.

Remember: a hacker can change the DNS of your network without your permission, a modem without automatic updates may have reduced connectivity and have vulnerabilities that allow hackers to breach the entire network.

4. Pay attention to the way you communicate certain information

When working in smart working, you need to share information quickly with your colleagues but it is important that you pay attention to the channel you decide to use to share this information.

According to a memorandum produced by Enisa, EuropeanUnion Agency for Cybersecurity, you should only share work files via the company intranet.

This is the only way to be sure that the same files are synchronised on different devices and remain in the company’s control.

Ensure basic security: VPN, antivirus and passwords.

Try to be in control of the most basic aspects of IT security at all times, particularly when you are smart working.

So make sure you have installed and updated your antivirus, your computer’s operating system, change your passwords regularly and set a low screen lock (we recommend under 5 minutes) on your device when you are not using it.

These seem obvious, but they are basic defence techniques.

5. Do not underestimate the risk and prioritise training!

Recent research by the BBCshows that smart working, over the past year, has led to an increase in hacking attacks and made the work of IT departments much more difficult for many large and small companies around the world.

Thinking that all the weight of cybersecurity rests on the shoulders of the IT department is a mistake that could prove devastating to your and your company’s data.

That’s why it’s vital that you don’t underestimate the risk yourself and that you keep up to date with cybersecurity training and share this with your employer.

Training on cybersecurity in smart working plays a key role in preventing incidents because it helps you to take responsibility for the use of IT tools, risks and prevention measures.

Conclusions

Smart working needs to be done safely and peacefully, especially in this period of very intensive agile work adoption due to force majeure.

Overexposure to technology is an enabler for achieving higher levels of productivity, but it has forced companies to become savvy and competent in balancing the benefits and risks that this overexposure brings, especially in the area of cybersecurity.

Cybersecurity is the responsibility of all elements of an organisation: from the employee to the manager, from the IT infrastructure to the passwords for accessing company data.

This security necessarily passes through the right investments in technology and staff training, to bring awareness and positivity to employees, whether they work in smart working or onsite.

If you are an employer or employee, take on board the information we have shared in this article and make it a best practice in your daily work.

If you think this article could be useful to your colleagues and acquaintances, don’t hesitate to share it, it will take less than a minute and make the web a little safer.

CybeRefund Srl – Benefit Society, Piazza Luigi Vittorio Bertarelli, 1 – 20122 Milano (MI)
P.I. and Fiscal Code 11076520961