Top Tips for Cybersecurity when Working Remotely

The EU Agency for Cybersecurity’s Executive Director, Juhan Lepassaar shares his top tips for teleworking in times of Covid-19.

One of the key preventative measures for the spread of Covid-19 is social distancing. Luckily, in this increasingly connected world we can continue our professional and private lives virtually.  However, with huge increases in the number of people working remotely, it is vital that we also take care of our cyber hygiene.

Awareness and preparedness are both vital – use the CERT-EU News Monitor to stay updated on the latest threats and check the following basics:

• Secure wifi connection. Most wifi systems at home these days are correctly secured, but some older installations might not be. With an insecure connection, people in the near vicinity can snoop your traffic.
• Fully updated anti-virus system in place.
• Up to date security software. Security tools such as privacy tools, add-ons for browsers etc need to be up to date. Patch levels should be regularly checked.
• Remember to back up periodically. All important files should be backed up regularly. In a worst case scenario, staff could fall foul of ransomware for instance. Then all is lost without a backup.
• Lock your screen if you work in a shared space. (you should really avoid co-working or shared spaces at this moment. Remember, social distancing is extremely important to slow down the spread of the virus)
• Make sure you are using a secure connection to your work environment.
• Check if you have encryption tools installed.

Things employers can do:

• Provide initial and then regular feedback to staff on how to react in case of problems. Who to call, hours of service, emergency procedures and how they evolve.
• Give suitable priority to the support of remote access solutions. Employers should provide at least authentication and secure session capabilities (essentially encryption).
• Provide virtual solutions. At the EU Agency for Cybersecurity, we use electronic signatures and virtual approval workflows to ensure continuous functionality.
• Ensure adequate support in case of problems. This may require setting up special rotas for staff.
• Define a clear procedure to follow in case of a security incident.
• Consider restricting access to sensitive systems where it makes sense.

Covid-19 Phishing Attacks

It is important to step up awareness of digital security during this time as we have already seen an increase in phishing attacks. We recommend, as far as possible, to not mix work and leisure activities on the same device and be particularly careful with any mails referencing the corona-virus. Attackers are exploiting the situation, so look out for phishing emails and scams.

In the current situation, one should be suspicious of any e-mails asking to check or renew your credentials even if it seems to comes from a trusted source. Please try to verify the authenticity of the request through other means, do not click on suspicious links or open any suspicious attachments.

• Be very suspicious of mails from people you don’t know- especially if they ask to connect to links or open files (if in doubt phone your security officer).
• Mails that create an image of urgency or severe consequences are key candidates for phishing – in these cases always verify via an external channel before complying.
• Mails sent from people you know, but asking for unusual things are also suspect – verify by phone if possible.

More Information

ENISA