Congratulations. You’re now the chief security officer of your company’s newest branch office: Your home. Here’s how to manage your new job…
Welcome to life working at home, where the only person standing between you and all kinds of malware, ransomware and other security threats is, well, you!
No one’s asking you to become a cyber-security guru, but it doesn’t hurt to learn a little bit about how to keep your computer safe and to be aware of potential threats.
You see, there really are people out there who want to grab your password, steal your data and your company’s data, and infect your computer with ransomware while they’re at it. It’s nothing personal but, just like the coronavirus, these things really are out to get you and you need to act accordingly.
So, here, are six tips on how to keep your computer safe.
Enable automatic updates (usually)
If you, or your IT support team, haven’t done it before, turn on automatic software updates for your operating system and programs.
Everyone says that but let me add a caveat: If you use Windows for your desktop operating system, learn what your business’s recommendations are for Windows updates. You may not want to update Windows at all.
You see lately Windows 10 has a pretty rocky patching record. This included machines not booting properly, desktops vanishing into the ether and even the File Explorer search box went haywire for a while. Microsoft has even delayed retiring a 2017 Windows 10 update by six months, just so people don’t have to update their older Windows 10 systems and possibly run into problems.
Given all this, do you really want to update, run into a problem, and then try to troubleshoot it on your own? No, I didn’t think so.
Firstly, if you have an IT support team (in-house or outsourced) check with them on any policies they have regarding software updates.
Otherwise, you might want to pause Windows 10 updates for now. To do that with Windows 10, go to Settings > Update & Security > Windows Update > Advanced Options and look for the “Pause updates” heading.
Everything else you can just go ahead and update but if you go to a random website and it tells you that you must update Adobe Flash, or some other program, before you can use it and you can download it from a link they provide, DON’T DO IT. Often this is a corrupted website trying to put malware on your computer. Instead, most applications will have a “check for updates” and/or “update” feature which is the safest way to make sure you have the latest version of that application installed.
All about AV
You wouldn’t know it from all the ads, but viruses are among the least of your security worries these days. There are all kinds of malware out there, but the traditional virus or worm? Not so much.
That said, while you can use one of the latest and best antivirus programs, for most of us Microsoft’s own free Windows Defender Security Centre is about all you’ll need. If however you’d rather not trust the security of your PC to free software, check out the industry leader BitDefender or employ an Antivirus Managed Service from your friendly, neighbourhood Managed Service Provider (MSP), who will handle updates and virus alerts for you.
We all hate passwords and want to move on. Maybe someday a better option will become popular but, in the meantime, here are some suggestions on how to use passwords safely and efficiently.
First, use passphrases, like “I-Hate-Coronavirus!!,” which you can remember instead of easy to guess passwords like “abcdef”, the ever popular “password” or something that can easily be discovered via social media, such as your birthday or pet’s name.
What you should not do is try to remember complex passwords such as “Gog$^Yack4”, nor should you be tempted into using the same password for everything, no matter how hard to guess it is.
You should use a password manager. With most of us having to deal with dozens of sites and services requiring passwords, no-one could remember all of them while also following the guidelines above. The answer’s a password management program.
Password managers enable you to manage your login credentials across all your devices while keeping your passwords secure. They can also generate complex passwords for you and save you from having to deal with them by automatically filling in web forms and login pages.
LastPass and PassPortal are great app’s for password management or ask your MSP if they provide a password management service.
Lastly, if two-factor authentication (2FA) is available on services that you use regularly, use it. Sure, it can be a nuisance entering in a PIN from a text message or the like, but it makes them orders of magnitude more secure.
The single biggest security problem you’re most likely to run into is phishing. There are two kinds of phishing. In the older type, scammers use email or text messages to trick you into giving them your personal information, especially passwords and account numbers. With the other type, you’re encouraged to download or open a file or click on a link, which will infect your computer with malware.
In either case, they often look like they’re from someone or a company you trust. They often tell you a story to trick you into making a fatal mistake. This can include the following: Saying they’ve noticed some suspicious activity or problem, there’s a problem with your account, you’re eligible for a refund or you need to pay a (fake) invoice.
There’s already been a significant number of coronavirus related phishing messages and you can be sure there will be many more proclaiming a cure, an urgent message from Public Health England, and the like.
Phishing messages may also disguise themselves with personal information. They’ll include your home address, your pets’ names and so on. Don’t buy it. It’s easy to find your personal information on the internet. Just consider for a moment how much to tell people about yourself on Facebook and the other social networks.
You can spot phishing messages with several tell-tale signs. If you look closely at the address, instead of being from a real address, say firstname.lastname@example.org, it will be from email@example.com. They also often open with a generic solution such as “Hi” instead of your real name.
Finally, another phishing variant is the Microsoft support call scam. In this one, you’ll get a call from someone claiming to be from Microsoft or a partner and that an automatic scan of your PC has shown a problem and they’re here to help all for one low price. No, no they’re not. Microsoft will never call you out of the blue. At the very least, you’ll lose a few bucks and the worst you may find your computer and all your company’s files locked up with ransomware.
If you have any suspicion at all that you have received a phishing message, just delete it. Never reply to it or click on any link or attachment within it. If you’re concerned that a message could be genuine, simply contact the relevant party via another means to investigate.
V to the P to the N
These days a lot of our front-line business programs, such as Office 365, Google Docs, and QuickBooks Online use a software-as-a-service (SaaS) cloud model. For these, you don’t need a VPN. But, a lot of our in-house applications are still located in our data centres and server rooms and that means, you’ll need a VPN to safely get to them.
If your company hasn’t set up a VPN for you, tell them to set one up, otherwise anything you send between your home and your office is vulnerable to being spied on.
Picking a VPN isn’t your job – you may be acting as a chief security officer, but you aren’t paid like one, nor do you have the technical expertise.
If you’re running a small business, you need to pick a small-office/home-office (SOHO) VPN, some of the best, easy-to-deploy choices are ExpressVPN and NordVPN. Even so, you’d be well advised to get the advice of an IT professional, maybe search for a good MSP that offers ad-hoc IT support.
Baby’s got Back-ups
You may not think of backups as part of security, but they most definitely are. They’re the “Break glass in case of emergency” option to save you when everything else has gone wrong.
Again, this is something your IT people should be handling for you. But, in the rush to get you out the door and working from home, it may have been neglected.
The quickest, easiest way to back up your business PC from home is to use a cloud backup service. Once your company’s IT team catch up, they’ll also find it easier to get at your backups if they’re on the cloud rather than if you’re using an old-style physical media backup system, such as an external hard-drive, flash-drive or DVD.
If you’re using Office 365 then you should also consider a service that will back-up your Exchange (email, calendars and contacts), OneDrive storage and SharePoint documents too. Many good MSP’s will offer these services for a low monthly price.
Keeping your work safe from home isn’t easy, but it’s not rocket science either. Just follow these tips and you should be OK.
If you would like advice on securing your work from home IT, call the experts – Supreme Systems offer ad-hoc and contract IT support and managed services to businesses across the West Midlands and Leicestershire.
For more information,
- Visit https://www.supremesystems.co.uk/
- Call us on 0121 309 1026
- Email us at firstname.lastname@example.org.
About the author: Julian Brettle has over 20 years of experience as a technical salesperson for IT MSPs and likes nothing more than a cup of coffee and a chat about how to cure your IT headaches. Follow him on LinkedIn at https://www.linkedin.com/in/julianbrettle/
Supreme Systems is an information technology company established since 2008.
Leading IT Services provider and Cloud solutions for businesses in West Midlands.