Simple Security Tips for Those Working From Home

Yuriy Yuzifovich, Alibaba Cloud Head of Security Innovation Labs, elucidates some steps SMEs can take to ensure that their business-critical information are kept secure even while implementing the WFH setup.

The UAE is slowly opening up its economy by easing quarantine protocols across the country. Recently, His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President, Prime Minister and Ruler of Dubai, gave instructions to develop a national strategy for the post-COVID-19 era. His Highness called on the ministers, undersecretaries, members of the executive councils and experts to collaborate to produce the strategy and establish short-term and long-term policies to reactivate the economic activities in the country.

A good number of sectors have restarted operations, however, the government still encourages employers to continue implementing health and safety measures such as social distancing, lessening the need for travel, and the implementation of a work-from-home (WFH) set-up.

WFH will likely have a long-term impact on the way people work and collaborate even after the pandemic because of its many benefits. It has enabled businesses to maintain lower running costs, with some moving to smaller spaces to accommodate the few office-bound people. WFH also provides greater flexibility for workers.

Of course, WFH does have some drawbacks such as technical challenges, particularly in the area of online security. This is a critical concern for businesses now pursuing a WFH model. While large enterprises have in-house security experts and policies to help ensure security remains top-notch, SMEs and their employees may need some help. With more businesses adopting the cloud, users have to be extra vigilant in protecting data and know what to do when faced with suspicious activity meant to steal their information.

Here are some steps SMEs can take to ensure that their business-critical information are kept secure even while implementing the WFH setup:

1. Run updates frequently
All home electronic devices should be maintained in an updated firmware state and all security patches need to be applied quickly. Many IoT devices such as home cameras, routers and smart appliances present easy targets for hackers. Many inexpensive devices purchased several years ago no longer receive firmware updates from manufacturers that have switched their resources to support newer releases. Such IoT devices should be discarded through a proper and responsible recycling method. Routers, in particular, present a serious potential threat as hackers can control the traffic going through the routers and implement various strategies to attack home users. DNS hijacking, for example, redirects users attempting to go to banking websites to phishing destinations that look exactly like the attacked bank’s log in page. Updated firmware, therefore, can significantly limit the success of such cybersecurity threats.

2. Be skeptical with every URL you click
Phishing in general has increased since everyone started staying at home. Users need to be extra careful when clicking on links in emails and social media messages. Without the option to approach the sender of the link in person to verify its authenticity, users may fall victim to fraudsters pretending that the email is coming from another employee. The fraudster may then ask for a wire transfer or ask users to open an attached invoice where the attachment is a malware. This type of phishing is called “whaling phishing.”

The most important requests should always be verified by an independent communication channel such as a phone call. While technical protections are important, social engineering attacks are as popular as ever, with humans still being the weakest link. Hackers often trick users into downloading software with embedded malware. Crafty attacks can ask employees to download malware camouflaged or embedded as a teleconferencing software or a game. Users then should never execute updates and downloads from links sent through emails or pop-ups, but instead download any updates or new installs from official locations or online app stores.

3.Protect your video conferences
With most team meetings now happening through video conferences, it is important to have passwords to limit the conference to only the intended audience. This will protect businesses against fraudsters eavesdropping on corporate meetings. A passcode can be used for connecting from both a computer and a phone. It’s a minor inconvenience but a worthwhile one for ensuring the privacy of the team’s meeting.

When WFH becomes the new normal for many companies – including SMEs – it is important that users always stay cautious in the digital realm by doing the simple things: set up and update passwords on a regular basis, update firmware and always go to an official site for new installs. It is our responsibility to stay alert as we, large enterprises and SMEs, collectively adapt to the new normal in the post-pandemic world.