The One, Best Thing to do to Stay Safe Working Remotely

Like nearly everyone else you’re probably working from home these days. Even if you aren’t doing so full-time, you almost certainly work from home, or remotely part of the time. Remote work has been a growing trend for years. The COVID-19 pandemic has only accelerated that trend. It’s likely that after the epidemic is under control many people are going to continue working remotely more than in the past.

Unfortunately, remote work can present an increased risk of cybersecurity failures. When operating off of the corporate network, many people don’t have the same level of cybersecurity protection. Home routers aren’t as sophisticated and secure as corporate firewalls. Intrusion detection, secure gateways and other software designed to prevent security failures often aren’t available. You may be using your home computer that hasn’t been “hardened” to resist attacks, and doesn’t have the same quality of endpoint protection software as your computer at work. Most concerning, people displaced suddenly from the office are often less aware and on their guard about cybersecurity, and more vulnerable to attacks.

Improving your security posture when working remotely can seem like a daunting task. While there are many steps you can take, doing one thing can protect you from a majority of cybersecurity threats. Wherever possible, turn on and use Multi-Factor Authentication (MFA).

Multi-Factor Authentication is a simple concept that’s been around for years but has only recently been gaining widespread acceptance and use. The idea is that to successfully authenticate to a resource (an application, a server, your computer, etc.) you need to use not just a passphrase, but also a token of some kind that is in your possession. If the token is in your possession, and you can’t access the resource without it, it becomes much more difficult for an attacker to break in. Even if a bad actor somehow obtains your passphrase, they won’t have the token – and your information is still safe.

MFA has been cumbersome to use in the past, but all that is changing. Most Software-as-a-Service applications are capable of supporting MFA now and usually can make use of something as simple as texting a code to your phone to act as the token. More sophisticated and reliable solutions are available through dedicated MFA apps you can install on your phone, and special hardware tokens you can buy online and plug into the USB port on your computer. These dedicated apps and hardware tokens are safer and more reliable than getting a text. Even getting a text stops over 90% of the automated attacks you can be exposed to, according to recent Google and Microsoft research.

What can you do to implement MFA? Here’s a quick checklist:

• Check the settings of all SaaS applications you use, like Gmail, and follow the instructions to set up MFA.
• For SaaS and other applications managed by your corporate IT team, ask them to set up MFA or enable it in these
• Install an MFA app on your phone. Microsoft and Google both have authenticators. We prefer Authy (authy.com) for its security and ease of use.
• Do adopt and use a password manager in concert with MFA. Using randomly generated unique passwords along with a good MFA tool like Authy will defeat 99% of cyberattacks, even phishing attacks targeted directly at you.
• Do not check the box to “not ask for codes on this device” or tell your browser to “remember me” on any mobile device. Doing so means you will no longer be using MFA!
• Continue to be aware and wary! Even with MFA and unique passwords, avoid clicking on suspicious links, opening attachments you didn’t expect to receive or respond to suspicious email. Your best defense is your own awareness!

Stay safe! For help with effective remote work for your team or company, reach out to us for a conversation!