The 4 Most Important Security Tips for Remote Workers

April 24, 2020 | IT Security | remote work

Just like football, cybersecurity is a team sport. An IT department can’t protect your company’s network alone. Every employee is on the line of scrimmage – and must prevent cyberattacks from trying to break through. Get in the game with these essential cybersecurity tips.

1. Question Every Email

Did you know that 91% of cyberattacks start with a phishing email? Phishing emails use many different tactics, but their end goal is the same – to trick you into revealing your password, username, or other sensitive information.

  • Beware of links and attachments. If they seem suspicious, don’t click on them.
  • Always mouse over the email sender’s name to see the sender’s true origin.
  • If you receive email requests to log in to your account with Microsoft or Amazon (for example), always login from the company’s actual website. Do not click on any login link provided in an email.
  • Emails that seem odd, suspicious, or too good to be true are most likely a scam. These questions can tell you if the email is legit or not:
     
    • Were you expecting this email?
    • Is this a normal process?
    • Can I confirm this by talking to or texting with the actual person?
    • Is the email creating a sense of urgency?
    • Does the signature, tone of voice, or wording not sound like the sender?
    • Are you being pressured to bypass or ignore normal security procedures?

If you answered yes to these questions, you could be looking at a phishing email. Whenever you find a sketchy email in your inbox, don’t respond and alert your IT person.

9935eb91d8919b88f590679a0a136ec8

 

2. Level Up Your Password Game

We all know we’re supposed to use strong passwords, yet so many of us still don’t. But if there was ever a time to get serious about your passwords, this is it.

More than 60% of passwords are weak, default, or stolen. Weak or stolen passwords cause 81% of data breaches. So strong passwords are more essential than ever.

Let’s break down how to create uncrackable passwords – and how to organize all the unique passwords you need for your various accounts.

First, some dos and don’ts:

  • No short or easy-to-guess passwords. Avoid using kids’ or pets’ names or addresses.
  • Longer passwords are better. Try for more than 11 characters.
  • Change your passwords twice a year.
  • Change your password immediately if it’s on this list: The Top 50 Worst Passwords of 2019.
  • Enable 2-factor authentication for all the accounts you can.
  • Don’t ever repeat your important passwords among different accounts.
  • Sign up for a service like LastPass and use their password generator.
  • Do not save passwords in an email folder, Excel file, or Word Doc.

Here are 3 methods for creating tough-to-guess passwords – the passphrase strategy, the sentence strategy, and the PAO method.

The Passphrase Method

A passphrase strings together multiple words into one long password. Think “mountainstaplebatteryhorse.” Visualize a scene in your mind that includes atleast 4 unrelated words – perhaps “snowteargazebocover.” Anytime you need to remember your passphrase, picture the image in your mind. This type of password is much easier to remember than a complex collection of upper and lower cases letters, symbols, and numbers.

The Sentence Strategy

Think of a personal or memorable sentence. Then take the words from that sentence and abbreviate and combine them in unique ways.

Some examples:

  • WOO!TPwontSB = Woohoo! The Packers won the Super Bowl!
  • PPupmoarT@O@tgs = Please pick up more Toasty O's at the grocery store.
  • 1tubuupshhh…imj = I tuck button-up shirts into my jeans.
  • W?ow?imp::ohth3r = Where oh where is my pear? Oh, there.

cg593380b063be3

The PAO Method

This is the Person-Action-Object (PAO) method. Start by picturing an interesting place (Mount Rushmore). Next, think of a familiar or famous person (Beyonce). Then imagine a random action and random object (Beyonce driving a Jello mold at Mount Rushmore). The weirder the better. Our brains are better at remembering outlandish, unusual scenarios.

Take the first 3 letters from “driving” and “Jello” to create “driJel.” Repeat these same steps for three more stories. Finally combine your made-up words together, and you'll have an 18-character password that'll be familiar to you but seem completely random to other people.

 

3. Get Wise to WiFi

We’re all using our home WiFi a lot more now that we’re working remote. Hackers know this and are on the prowl for WiFi routers that aren’t well protected. Here’s how to secure your home WiFi:

Screen Shot 2020-04-24 at 11.50.30 AM
  • Update your WiFi password to something complex and hard to guess (see above). Make sure it doesn’t include your address or any personal names.
  • Change the default admin password on your router.
  • Ensure only a few trusted individuals can access your WiFi.
  • Enable WPA2 or WPA3 encryption. Encrypting your network scrambles the information being sent through your network, making it unreadable to anyone trying to spy on it. Your internet provider should have instructions for how to do this.

One last note. Turn off Alexa, Google home, and other smart home assistants while you’re working. Why? Because they’re on the same network you’re using for work and can be hacked and used to spy on you.

 

4. Apply Updates & Patches

We get it – pausing your day to apply an update is kind of a pain. But updates are important and need to be applied as soon as possible when they become available. These patches and updates fix bugs and security holes that the bad guys can use to get into your applications and network.

Always keep your WiFi router, phones, Internet of Things devices, computer operating system, and applications updated. Check for new updates often and don’t put off installing them.

 

A Few Final Thoughts

Challenging times like these often bring an uptick in cybersecurity threats. Just because you’re working from the comfort of your home doesn’t mean you should relax when it comes to protecting yourself and your company.

Don’t be afraid to reach out to your company’s IT professional if you need help or have questions about being cybersecure. Stay vigilant and stay safe.