5 Tips To Keep Your Workplace Secure In The Remote-First Era
Senior Content Marketer & Technical Expert
Remote-first workplaces, such as ITMAGINATION’s, are a dream of many. Certainly, not IT department’s, though, as this scenario creates many problems of the cybersecurity nature;
In the context of remote workplace security, trust no one;
CIA is your friend: Confidentiality, Integrity, Availability;
Connect your work laptop to a separate, isolated network;
Passwords are passé. Passwordless authentication is in.
A “remote-first” workplace policy is a blessing for all the employees. In this regime, should you need, or want, to stay at home, then you may do so, which brings many benefits, and saves everybody time. Of course, it’s not without any drawbacks. The IT departments of companies surely have more work now.
Before the pandemic, offices were full of life, hosting all employees under one roof. Security was much easier. Secure the office, secure every device inside, job well done. Since home visits are not feasible, and they won’t be, now the burden of securing all data on a laptop is also on an employee.
Imagine this for a moment. Let’s say you have a cat. Ensuring it is in a safe environment is a relatively easy task at home, it gets significantly harder when it goes outside. You cannot bail it out of trouble, look out for it, or find shelter for your cat. It’s similar to all laptops suddenly finding themselves outside of companies’ HQs, and in the wild. There is one key difference in this comparison. Gaining illegal access to only one of the devices is potentially enough to take over the whole organization.
Below, we have 5 tips for you for staying safe online in the professional concept.
Trust No One
First, and foremost, the golden rule also happens to be one of the easiest. Assume that all incoming communication is hostile. Be careful what you’re installing on your computer, as installing an app from an unknown source is potentially dangerous. It does not stop there.
Refrain from plugging in a random USB from your colleague. Likewise, be cautious of opening files from emails, even if they look like they’re harmless. There may be malicious software inside of images, MP3s, and other typically safe files.
It’s not the ill-will of your co-workers which would be the cause for an infection of your computer. It’s often the case of a virtual game of “hot potato.” Their computer could be a host to a malicious piece of code. The virus would then hide inside all images or music files, you receive one of them, you open it, and the cycle continues.
CIA is Your Friend
CIA, the set of rules referring to cybersecurity, not the Central Intelligence Agency. The three rules are as follows:
While they might be self-explanatory, let us explain what these mean in the context of cybersecurity.
Customer data, passwords, and other sensitive data must be kept private. This is a no-brainer, we are certain, though occasional slip-ups do happen. Remember to store customer data on secure platforms, and do not keep it directly on your disk, unless encrypted.
Should an attacker gain access to your PC, there are considerable chances your customers’ personal information might find their way onto third-party computers. That wouldn’t be good, would it?
Data integrity is about keeping data accurate. Corrupt files are not fun to deal with at all. It’s also about ensuring that the data we store is indeed true: certain malicious third-parties might cause a lot of bad blood should they change some crucial information.
By far, the best solution to the problem is a blockchain. It’s a challenge to overwrite data at one computer that’s a part of the synchronized chain. For the change to persist, you would have to also change the information, in the same way, in more than half of participating computers (!). Good luck with that.
Another problem is keeping the data safe in transit. Luckily, nowadays most of our communications happen over encrypted routes, therefore there isn’t much to worry about.
Making data available to those who need it is key. Think of a typical day, how often do we share documents, spreadsheets, and presentations? The key is making resources available securely. It also needs to be available consistently, at (almost) all times.
What if you had to access a crucial file before an important presentation, but your company servers were down? Sure, you may download the required file to your disk. Remember, however, about “confidentiality.” If you do save it offline, make sure your disk is encrypted, by at least BitLocker. If we are talking about something that absolutely positively cannot fall into the wrong hands, then there are plenty of options readily available. One of the best ones is BestCrypt, you can take a quick look at how it works here.
Passwords. When You Have The Opportunity, Enable 2FA
Passwords are a necessary evil. We love them, and we hate them. They act as keys, ensuring what is behind our gates stays only ours. Passwords stop being keys as soon as we choose an overly simple combination of letters (sometimes letters and numbers). We are then left with a stick acting as our uniquely shaped object in our hands.
The first step to securing our login information is a secure password. It has to be at least eight characters long with at least one uppercase letter, one lowercase letter, a special sign, and a number. Combinations of numbers that follow each other (such as 123), names, addresses, or a simple word one may find in a dictionary is a major red flag.
Let’s look at an example of a good password. One uppercase letter, twelve characters, and we have got ourselves a password that takes approximately three hundred years to crack with a brute force method. Throw in a number, and we upped that to two thousand years (in a best-case scenario).
Sadly, we are still vulnerable to social engineering. What we may do is, we may enable two-factor authentication (2FA). While not a perfect solution, it does provide an extra layer of security.
Passwords Are Out, Passwordless Is In
As great as it all sounds, 2FA is still not perfect. If you have set up 2FA tokens to come to your phone number, then we are sorry to disappoint you. Obtaining a duplicate of your SIM card is easier than you may think. Passwords, in general, are problematic. They are hard to remember, and it’s hard to generate secure ones. What do you do?
You may set up your phone to be an authentication key. Microsoft started to authenticate its users by sending them a notification to their phones whenever they are trying to log in - Google has been doing this for a while as well. You need to then tap one of the three numbers that will appear on your screen. Easy, and fast.
Hardware Multi Factor Authentication
The absolute best solution is setting up a flow that requires a hardware key. For a mere $25 you may purchase one of many keys and obtain peace of mind. Passwordless or not, every time you want to log in, you need to touch a key that’s plugged in to your computer via USB.
Even if attackers hack you, even if you become a victim of a phishing attack, there is very little to no chances of malicious third parties being able to take over any of your accounts. Check out this video if the topic of Multi-Factor Authentication Keys interests you or if that’s something you want to try.
Note: We are not affiliated, nor do we have anything in common with any of the companies mentioned in the video, nor with the video creators.
Isolate Your Work Computer From Your Private Wi-Fi
There are many reasons why isolating your work computer from other devices in your home network is a good idea for both security and privacy reasons.
Some devices on your network like smart home devices are known to have many security vulnerabilities, while other devices might not have the most recent security updates installed. Isolating your work computer from the rest of your devices adds an extra layer of security that can prevent additional attack vectors. On the privacy level, if devices have common network access, there may be additional privacy issues to be mitigated.
Enabling Guest Wi-Fi:
There is typically a possibility to enable guest Wi-Fi. Do it, and connect your work devices to the guest network only. If you do not keep work and personal devices separate, you may end up infecting your whole private network, or your work PC.
Some routers have the setting available for you right away, some don’t. In case your router won’t make it easy for you, picking up a $30 router is worth every penny. On one hand, you have money that’s enough for a few cups of coffee, on the other you have a gigantic headache, and possibly being the reason your company got hacked. Not great.
If you decide to play it safe, just plug that new router into the main one, and set it up. If you worry about interference between the two routers, try to keep them away from each other. Another thing you may do is you may set up a 5 GHz network only, as they have a much shorter range, thus will cover less ground, and be a smaller nuisance.
How Do We Handle Security At ITMAGINATION?
In March 2020, ITMAGINATION moved from a hybrid working model to a remote-first model within one business day. This means that our team members primarily work from home, but if it suits them, they can work from the office.
This inevitably gave our team a gigantic boost in work-life balance and in working efficiency since 99% of our team doesn’t commute. The boost in efficiency wouldn’t be possible if it wasn't for our outstanding IT team, led by our Head of IT – Mateusz Mateusz Głusiec, who were able to make the transition for the whole company within one business day!
Mateusz walks us through the process and the most important considerations we kept in mind to ensure a smooth transition for both our team and our clients.
When we switched from primarily in-person to fully remote work in 2020, we had several key elements that our organization needed to meet to ensure a smooth transition for both the team members and the company itself. 1. Airtight Security The most critical factor of going fully remote. This includes securing team members' workstations, ensuring the compliance of the operating systems, and encryption of media and data transmission by implementing DLP solutions. This is a key aspect for our team members who can rest at ease that their equipment and data is secure, and a crucial point for our clients who can rest assured that their data is protected and that no sensitive information is shared with any 3rd parties. 2. Top Of The Line Hardware & Servicing We provide our team members with state-of-the-art equipment that includes next-business-day support from the manufacturer, thanks to which we can repair the equipment at the team member’s home directly without sending it to the company's headquarters. This ensures that our team members always use the company equipment for work and we are able to keep our clients’ data safe and secure. 3. Optimized Logistics When it comes to the process of sending and collecting equipment from team member, everything changed here at the start of the pandemic. ITMAGINATION has introduced a new equipment shipment and collection process to make sure that team members have all the necessary tools for their work and on-time delivery. As an ITMAGINATION team member, you don’t need to leave your home for any equipment deliveries, upgrades, or replacements. Similarly to the point above, the speed of equipment replacement (if needed in emergency cases) is done seamlessly. The main goal of these changes is to allow remote work in the same technological comfort as in the office, without any limitations on end-user support and excluding system performance difficulties.
ITMAGINATION pays special attention to the quality and safety of our work environment, and we were granted both the ISO 9001:2015 (Quality Management Systems) and ISO/IEC:27001 (Information Security Management) certifications in 2020 which were renewed in 2021 when we have passed the most recent audit which extended the certificates for another year, confirming ITMAGINATION’s business maturity both operationally and technologically.
Thinking about the internet brings you to mind an iconic song, “Welcome to the Jungle.” Without any rules, assuming everything will try to attack you, it can be a harsh place. Just like in a jungle, however, there are people who thrive there, and don’t mind the dangers of the seemingly hostile environment. If you want to be a native to the jungle, then following these five simple rules will make you safe enough.
We will leave you with a heuristic (a rule of thumb) to keep you safe on the internet. Whenever you are doing something, think how your mom would have reacted if she saw you do it.
360° IT Check is a weekly publication where we bring you the latest and greatest in the world of tech. We cover topics like emerging technologies & frameworks, news about innovative startups, and other topics which affect the world of tech directly or indirectly.