15 Apr 2020
Cybersecurity Best Practices for Producers Working from Home
Read time: 4 minutes, 13 seconds
Due to the COVID-19 pandemic, millions of workers are suddenly working remotely—and hackers have seized the moment to escalate cyberattacks. Many of you may be familiar with working from home or remotely from clients’ homes so you have undoubtedly developed sound cybersecurity habits. But in the face of today’s increased risks, now’s the perfect time to review the basic cybersecurity best practices.
Case in point: on April 8, 2020, the U.S. Department of Homeland Security (DHS) and U.K.’s National Cyber Security Centre (NCSC) issued a joint alert warning individuals and businesses to be on guard against malicious cyberactivity. They cited an increase in phishing, malware and ransomware schemes, as well as direct attacks against those newly-deployed telework structures.
In addition, experts have noted that small businesses make particularly attractive targets, because their systems often host valuable information, yet frequently lack the security infrastructure of larger corporations.
Experts also suggest that, by taking these threats seriously and taking some precautions, you can greatly reduce the risk of having your data, systems and online activity compromised. The following are non-exhaustive, but will guide you on basic security steps.
- Make sure your operating systems and applications are kept up-to-date. Whenever you receive notice that software updates are available for your computer, laptop or mobile device, download them immediately. Or, configure your devices to update automatically as soon as new versions and patches become available.
- Install antivirus and anti-malware software on your devices, and keep them active and updated as well.
- Create strong passwords. Strong passwords are at least 10 characters long, and include at least one uppercase letter, lowercase letter, number, and special character. Use a unique password for every application.
- Take advantage of multifactor authentication whenever it’s available. As the name implies, multifactor authentication requires you to input additional information—such as a security code texted to your smartphone—in order to log in to a software program.
- Make sure your home Wi-Fi system is securely encrypted and password protected. (Some cybercriminals actually specialize in “drive-by” hackings.) If your router employs WPA2 security or greater, it will require every nearly mobile device to submit your password in order to connect, discouraging intruders.
- Similarly, avoid open, free Wi-Fi networks provided in public spaces. However, if you do need to use them on occasion, never exchange sensitive information (such as client data) over an open network.
- Make sure your system has a firewall, which will shield your PC or network from certain cyber-attacks. Both hardware and software firewalls are available, and some home office routers already include them. It’s not so much which type you choose but that you have one installed.
- If possible, do not mix corporate and personal activity on the same laptop or device.
- Securely dispose and store sensitive files and data.
- When hosting a videoconference, refrain from sharing the meeting URL via public channels like social media. A much better practice is to extend personalized invitations by email.
- This may sound basic, but lock all your doors and windows at all times. Small electronics like laptops and tablets top of every burglar’s wish list, right below cash.
- Similarly, never leave your laptop in your car, especially in open view. Don’t put valuables in your trunk when you’re in public—there are thieves that watch specifically for this type of activity.
- Employ a back-up system, and use it. Schedule your system to back up your files regularly.
Beware of Phishing, Vishing and Smishing Scams
Phishing (email), smishing (text message) and vishing (voice or phone) fraud is all on the upswing, too. Remember, scammers bank on normal human curiosity when crafting these. By simply clicking a link or answering a question, you may unknowingly provide access to your systems or accounts.
As a rule of thumb, be wary of any communication that sounds “off,” requests login or account information, or suggests an urgent need to respond immediately. Avoid opening or responding to such communications.
To avoid phishing scams, look for:
- Subject lines that reference important COVID-19 information.
- Emails supposedly from trusted entities like the WHO (World Health Organization (WHO)
- Official-sounding emails with typos and grammatical errors.
To avoid smishing scams, look for text messages:
- Coming from unknown parties.
- Coming from phones with “5000” numbers (this is a masking strategy).
- Sent at an unusual time of day.
To avoid vishing attempts, avoid all requests for personal information, login data, account numbers, etc. True security units will never call you to ask for that.
Rather than respond to such communications, ignore them. If you must, try to verify their legitimacy through another media source. The bottom line is: be wary of communications coming from parties you can’t easily identify.
In summary, technology is a wonderful tool, especially now, when we’re especially dependent on it to connect with clients and prospects and keep business flowing.
At the same time, agents have an obligation to protect the information of clients and prospects as well as their own data. Right now, our priority is staying safe in every way—and that includes while working online.