Good Digital Hygiene: Easy-to-Adopt Protection Strategies for Telecommuting
By Jeffrey Bernstein, Director, Cybersecurity & Data Privacy
The word “hygiene” is defined as “conditions or practices conducive to maintaining health and preventing disease, especially through cleanliness.” Health experts agree that hygiene is our best protection against infection from the coronavirus. Wash your hands with soap and warm water, cover your nose and mouth when you sneeze or cough. Avoid touching your mouth and eyes. These are the simplest and most effective ways of keeping this deadly virus at bay.
The concept of improving general hygiene to minimize risk to health should also be applied by all of us when working from home online.
By practicing good “digital hygiene,” telecommuters can limit their exposures to Internet-borne threats. Here are several suggestions to improve your digital hygiene that are easy to adopt and worthy of consideration when working or connecting to the Internet from home:
- Be skeptical of any communication relating to COVID-19. The Federal Trade Commission (FTC), the Securities and Exchange Commission (SEC), the Better Business Bureau (BBB) and the World Health Organization (WHO) have all issued warnings in recent weeks about an increase in criminal scams with exploits that leverage the coronavirus public health scare.
- Be equally skeptical of all other emails, SMS, IM and text messages. Examine sender and domain sources carefully. Review and verify all links (URLs) and attachments for legitimacy prior to clicking/opening them. Social engineering remains the dominant medium of choice for cybercriminals and attackers.
- Use strong, unique passwords for each site and application and update passwords frequently. Complex passwords greatly strengthen end-user security and can help alleviate critical security exposures caused by credential theft.
- Enable Multi-Factor Authentication (MFA) whenever it is an option. MFA makes credential theft harder. Stealing user name/password combinations are the go-to method utilized by hackers in a majority of attacks.
- Utilize anti-virus software and set it to update automatically.
- Encrypt everything. Encryption places stored and transmitted data into an unreadable state. Even if a hacker steals your data, they won’t be able to use it because they won’t have the encryption key to unlock it.
- Set computers, systems and devices to lockout and logout during idle time. Automatic log-outs on idle systems will prevent unauthorized access to email, data, websites, personal files, software, applications and other sensitive information.
- Keep software updated. The vast majority of all successful cyberattacks leverage only a small number of security vulnerabilities. Updating web browsers and other software will harden your devices against these widely leveraged flaws as well as others.
- Avoid using public computing systems and Wi-Fi connections. Use only SSID protected wireless networks, preferably utilizing a VPN connection.
- Make purchases on trusted, secure websites only. Secure site URLs begin with HTTPS (not HTTP) and display a padlock icon.
- Download and use mobile apps from reputable sources only (Apple, Amazon, etc.). If you are unsure about the authenticity of an app, research it prior to downloading. Also, be sure to delete unused apps to minimize potential access points to your device.
- Never use an unknown USB device. USB connections are a common entry point for malware and infection. Any device connected to a USB drive can be infected with malware, a remote access Trojan and other malicious tools that can mimic legitimate files like WORD, EXCEL, PDF or music files.
- Harden your device settings on fixed and mobile systems and devices. Configure devices to avoid shared connections from other users and lock down application permissions and unnecessary access to personal information.
- Always use a credit card when purchasing online. Purchases from dishonest or fraudulent websites can be more easily disputed through credit card companies. Purchases made with debit cards are harder to dispute and can expose your bank accounts.
- Always hide usernames, password and PINs. Keep account credentials safe by never sharing user names or passwords.
- If you do make a mistake and find yourself the victim of cyber exploitation, it is imperative to seek help immediately. A good place to start is by reporting the incident to your local police or online to the FTC or FBI.
The coronavirus has forced businesses, of necessity, to move employees to home-based offices. But residential networks lack many of the security controls employed by corporate networks, which puts the security threat at our doorstep. Hackers are increasingly using email phishing and other attacks that leverage the global health scare to compromise users in their homes. The best defense for the home workforce and consumers in general is to heighten their security posture by adopting good digital hygiene when working online.
Coronavirus Resource Center
Have more questions about the impact of the coronavirus on your business? Visit Marcum’s Coronavirus Resource Center for up-to-date information.