October 2, 2023 – In this time and age, flexibility in the workplace is a must. Whether you’re working from your home, a coffee shop, an airport or a beachside location, understanding the possible cybersecurity risks associated with remote work is a must.
We sat down with DeVry University's chief information security officer Fred Kwong to learn how workers can protect themselves from possible "threat actors".
Remote work has become increasingly popular since the pandemic. Workers are choosing to have jobs with a little more flexibility. What cybersecurity risks should they be aware of?
Many organizations, like DeVry University, offer flexible, remote work schedules. But just as you said, both organizations and their remote workers need to understand the cybersecurity risks. This starts with employees understanding what is in their home environment. There has been an increase in IOT devices such as smartwatches, smart thermostats, and smart TVs, and many employees may not understand what devices are on their home network. These devices can be unsecure and offer a way for hackers to expose and access company-owned devices.
To prevent this from occurring, employees should periodically review the devices on their network and see if there is anything connected that they don't recognize. If possible, make sure the Wi-Fi connection is secure and encrypted, and use your company's virtual private network (VPN) if provided.
Additionally, remote workers should stay alert when they are working outside of their homes. If workers are in a public place, accidental sharing can occur when conversations are overheard, or business's confidential information can be seen on their company laptop. Whenever possible, avoid the use of public networks, and again use your company's VPN. Another aspect remote workers should consider relates to data protection and physical security. Laptops and phones out in the open can be quickly stolen if not protected. Laptops should be secured, and screens should be locked when your device is not in use. This prevents threat actors from gaining access to corporate systems by gaining physical access to those devices.
Of course, remote workers aren't just working from home. Some are traveling, others are digital nomads. What can they do to ensure they are not a victim of any cyberattack?
The first step is understanding the environment in which you are traveling. The U.S Department of State – Bureau of Consular Affairs offers travel advisories across the world. Before traveling, check the latest advisories to understand the level of risk associated with the location you are going to. It is also important to understand if there are any specific rules about bringing computer electronics to those countries. Certain countries give government officials the right to open and review information on corporate devices. In those situations, it is important to understand the type of data you have on your corporate devices. It could make sense to bring a separate device for those locations.
It's important to use many of the same tactics and tips I previously mentioned:
· Use a virtual private network (VPN) when connecting to public Wi-Fi to encrypt traffic and mask your IP address.
· Avoid doing sensitive work on public networks when possible.
· Enable two-factor authentication on accounts for an extra layer of protection.
· Keep devices locked when not in use and don't leave them unattended.
· Be wary of oversharing travel or work details online that could aid hackers.
· Remain mindful of "shoulder surfing" when accessing sensitive accounts or data in public spaces.
By following these tips, travelers should be able to keep hackers at bay.
No matter the time of year, it seems people are always on the go. What other final tips do you have for remote workers?
Remote workers who travel should take extra precautions to protect data and devices from cyber threats on the road.
· Be aware of applicable data privacy laws based on your location and avoid transferring sensitive information to countries with weak protections.
· Take extra care at international borders, making sure your devices are encrypted and safeguard passwords in case of device searches.
· Do not leave work devices unattended in rental cars or taxis as they are targets for theft.
· Be wary of public device charging stations at conferences. These can steal data.
· Secure hard copy documents at all times and shred unneeded papers.
· Have a copy of your physical travel documents in a password vault or digital safe in case those documents are lost or stolen.
· Routinely check accounts for unauthorized access attempts from unusual locations and make sure your security team knows where and when you plan to travel.
Staying vigilant about these additional threats while traveling can help keep your work data secure and make for a more pleasant travel experience.