Reduce your cyber risk while working from home
As local government workers get accustomed to working from home, there are a couple things our information technology experts here at the State Auditor's Office consider to be some especially risky areas. This blog post will cover the highest risk areas we can think of, but there others you might be encountering. (Related: Check out 5 tips for managing your employees' stress during disruption.)
Make sure your IT experts are involved
Work closely with your IT staff on setting up your teleworking practices; they can be an invaluable resource to helping you stay safe and secure.
Properly configure your home router
When you are working from home, your internet traffic is handled through your home router. This equipment can be a weak spot for hackers to gain access to your network, which can include your work computer. Some basic things you can do:
- Change your router passwords. You got it – plural, this equipment comes with minimum two default passwords to maintain! The administrative password is used for configuring your router settings, while the Wi-Fi password is used to allow certain devices (like your phone) to use the Wi-Fi network. You'll find instructions in your user manual; also likely available online. One last thing – make sure those passwords are strong and complex!
- Review your router settings. Make sure you are using WPA2 security for your Wi-Fi, which provides a higher level of security for your network. Also, for most people, you'll want to disable remote access unless you need to change your router settings from somewhere other than home. Other steps include making sure your router firmware is updated and plug and play is turned off (if you end up needing it you can turn it back on).
For more ways to secure your home network, see www.comparitech.com/blog/information-security/securing-your-wireless-router-and-your-wifi-network.
Stay vigilant about phishing attempts
The risk is higher than ever right now for employees to be tricked into clicking on a malicious link or attachment, as hackers hope employees have dropped their guard given the current crisis. It's true a lot has changed for local government employees now adapting to working from home, and there might even be a sense of urgency to complete certain tasks which only adds to the risk.
Be sure to check out this resource you can share with your employees: portal.sao.wa.gov/PerformanceCenter/#/address?mid=6&rid=18539.
Beware of Shadow IT
What is Shadow IT? These are IT projects done without the knowledge of your IT department often to find technological workarounds for a problem at-hand. For example, this might include use of personal email or personal cloud storage to transfer files. The current crisis might spur such innovation by users, however, it's important to keep your IT department in the loop so that they can talk with you about any risks in using a certain technology.
Interested in this topic? Read more to learn how you can protect you and your organization.
- UNC School of Government Teleworking Guidance: Best Practices, Sample Policies, and Cybersecurity: www.sog.unc.edu/teleworktips
- Comparitech 13 cybersecurity tips for staff working remotely: www.comparitech.com/blog/information-security/security-remote-working/