Employees Working Remotely Need to Take Proper Security Precautions

Since the COVID-19 pandemic made its presence known in North America, companies that continue to function have had to dramatically change their work habits. With social distancing measures in place, a huge number of people are currently working remotely from home.

Although this is a great help from a perspective of continuing to conduct business seamlessly, it has the potential to create security issues, since many employees are using their personal computers and devices to either connect with your company network. Although you’ve likely taken proper precautions to secure your network, using a personal computer to connect to it via a personal, possibly unencrypted wireless connection can add a layer of uncertainty.

Here are some things to consider to minimize or eliminate issues.

Clearly communicate to employees your computer security policies.

Whether your employees’ are using their personal devices or company-issued laptops, it’s important that they fully understand company policies and expectations regarding use of devices while doing work. It’s a good idea to review your company’s online policies and procedures, update where necessary to address any possible problems and communicate to them to refresh their knowledge.

Suggest they update their passwords.

For security purposes many companies mandate that employees change their online passwords on a periodic basis. This is an excellent practice that can be very helpful in maximizing their risks against security hacks while working from home. Recommend that they reset their work-related passwords on a weekly basis or every two weeks during this period. Hackers are crafty, and one of the most effective ways to safeguard against breaches is by changing passwords.

If possible, secure your home network.

Most people today have home wifi networks, and most of them are password-protected. You might want to suggest that your employees explore their computer or router instructions to learn if any additional layers of security are available. If so, it would be worth considering making their home connections as secure as possible, as it will not only help them connect with your computer network more securely but also serve them well personally at home after they return to work.

Back up sensitive files and keep them in a safe place.

Consider where sensitive files should be stored within the company’s system. If you have secure cloud- or hardware-based document storage in place that facilitates file-sharing, that’s great. You might also suggest that employees store copies of files on a separate personal drive that’s only used for company files that they keep in a safe place during the time they’re working from home. This could even be a company-issued external hard drive or simply a flash drive that they return to you when they return to work. In either case, only company data should be kept on the drive, just in case a backup file is needed. It pays to be secure.

Instruct them not to click on any unfamiliar email links.

This is a standard part of online security, and everyone knows it but doesn’t always practice it. If employees are working from home and there’s distracting activity in the environment, the last thing they want to do is click on an email link without first considering the source and whether it’s safe. If there’s any question at all. Delete it.

Telecommuting is a necessity for many companies now, and it has been for many others for years. It’s possible that it might become a preferred way or working for some of them once leaders realize the advantage of allowing their employees to not go to the office every day. If employees understand the online security risks they face, it will help minimize the possibility of security breaches and other problems occurring.

Advertisement

For Your Own Safety, Reconsider Your Company’s Email Policy

Ever since Internet-connected computers began appearing on company desktops, employees have been using them to send personal messages, surf the web and sign up for coupons. Most people have become so comfortable with having this convenience, and the Internet has become such a major part of our work toolboxes, that we often don’t think about problems that can result from misuse.

But ask any IT person who has had to search through lines of code to identify and remove a virus that was innocently downloaded by an unsuspecting employee, and you’re bound to hear scary stories of the dangers that lurk in the ether between a hacker and your company’s email server.

Businesses should regularly take a good, hard look at their company’s Internet and email use policy. Of course, we all need web access to do our jobs, look things up and communicate with clients, coworkers and customers. That’s a given. But it’s always a worthwhile exercise to learn what problems exist that could create unnecessary downtime and even loss of revenue, all because someone clicked on a link that they shouldn’t have trusted.

When planning your company’s Internet use policy, there are a few things you might want to consider.

Determine what is approved and what is off-limits.

Evaluate how your company as a whole is using the Internet as well as email, and develop a list of uses that are okay. The point here is not to limit anyone’s freedom, but to ensure that your company’s Internet connection and email applications continue to run smoothly. Some companies, for example, will block Web searches that contain certain keywords that have dicey connotations. Others will block specific websites. It’s up to you as a company leader to determine what you’re okay with and what you don’t want your employees to access.

Only allow file attachments that meet certain size requirements to be sent or received.

Many files, including a lot of those that contain multimedia, like high-resolution photos and video clips, can contain a ton of data. Even a short, 30-second video clip can be several megabytes in size. When you send or receive them via email, they can clog up the server connection and cause Internet speeds to diminish. Determine with your IT leader what size files are safe to attach to email messages. A simple notation in your email system can cause it to display an error message if the file is too large. The good news, there are some great web-based options for large files transfers, and some of them are free to use. Once you’ve checked them out, you can add them to your policy as preferred applications for transferring large files.

Instruct employees from clicking on suspicious links or downloading unfamiliar files.

If you have virus protection on your system, this shouldn’t be an issue, as you might get a warning message about bad links or spam attachments. That said, no one should attempt to open a file or click on a link unless they’re absolutely sure it’s safe. Many company employees receive official-looking emails from what purport to be legitimate companies, and it’s become all too easy to click on the wrong link. Hackers are crafty and smart. Teach your employees what they might expect and what to do/not to do if or when they encounter something that just doesn’t seem right.

Hold in-service training for all employees.

If you present your policy as part of a training session or series, it will provide your employees with the opportunity to ask questions and raise issues for consideration. While company Internet connections and email applications are part of doing business, you also have to remember that not everyone is Internet-savvy. It might take a little explaining to convey the policy. It’s much better to do this than to leave any policy details open to interpretation.

 

Storing Your Data in the Cloud? Be Safe.

One of the most helpful things to happen to home computing in recent years is the introduction of cloud storage, that nebulous place somewhere out in cyberspace that can store seemingly endless amounts of data.

You’re probably using it right now to store photos, movies, documents, and other data that would take up an enormous space on your computer’s drive. After you’ve purchased a book or a film online and you’ve read or watched it, a simple keystroke or two takes it off your device and puts it into the cloud, ready for you to download it again. Or maybe you share files with friends, family members or co-workers via the cloud. Virtually everyone uses it today in some form or other.

The cloud is here to stay, at least for the foreseeable future, so go ahead and use it. But do so safely. Here are just a few things to be aware of as you’re saving your vacation photos from last year.

As long as you have some security measures in place on your computer, your files should be safe. But your data can be hacked as it travels from your laptop to the cloud. The good thing is that many if not most storage peripherals encrypt your data while sending it to the cloud In other words, it essentially disguises it so that, even if someone does get access to it, they can’t interpret it or use it.

If you access the cloud via a web-based application, one thing you’ll want to look for is a web address that begins with “https.” The “s” means secure, and it appears in the URLs of websites that offer a secure connection between your server and theirs. If the address doesn’t appear this way, you might get a pop-up message that tells you that your server is unable to establish a secure connection. If this happens, you’re better off not using that web-based service. Find another that guarantees security.

This leads to another consideration. Explore and evaluate online cloud storage options before you commit to one, to ensure that the one you’re going to use has a strong track record of providing online security. Look online at ratings and reviews for various services and read user comments to learn which have lots of satisfied customers and which have experienced occasional (or even frequent) data breaches. Also, if you know someone who’s experienced in using the cloud, ask for recommendations. This could be a friend, a relative or a person who works at your local computer store whose opinion you trust. Get the facts before making a decision.

Be extremely careful about uploading personal files if you’re in a public wifi hotspot. While these spots, easily found today just about everywhere — in cafes, waiting rooms and even outside in public squares — provide a level of convenience we all appreciate, they’re not always resistant to hacking. Just as you wouldn’t conduct a banking transaction via public wifi, you’ll want to think twice before you send any personal information on its merry way to the cloud. You just don’t know if someone in close proximity might be able to intercept your sata or files.

Finally, when you do select a cloud service, you’ll receive a password. Keep it confidential, remember it and don’t allow anyone else to have access to it. Your cloud service might even mandate that you change your password on a regular basis, even sending you prompts to remind you to do so. They might also recommend two-step verification to add a second level of security.

Your personal files and data are meaningful to you, so it’s important to incorporate as much security as possible if you’re going to use a third-party cloud service.

5 Computer Security Tips for Coffeehouse Commandos

We see them all the time. Maybe you are one of them. The people who bring their laptops to the nearest wifi-equipped coffeehouse, sip a cup of joe and spend hours working at their favorite table. They send and receive emails, transfer files, FTP web pages to servers, watch videos, connect with their school computer systems, play games and more.

It’s easy and convenient to set up shop at the neighborhood java hut, cafe or fast food establishment. Before you connect, though, it’s wise to do everything possible to maintain a secure personal digital experience, one that protects your computer’s personal files and data.

Below are five tips to help you maintain a strong level of security while enjoying your favorite beverage at the coffeehouse.

1. Make sure the network you’re connecting to is secure.

The last thing you want is for that guy across the room to be able to hack into your account. For that matter, depending on how strong a wifi location is, someone from next door or even in the vicinity might be able to use that connection as well. While many if not most gathering places do install password protection, it’s better to be safe than sorry. Cyber crimes occur when someone finds a way to gain illegal access to someone else’s account, and you don’t want that to happen.

2. Don’t do online credit card transactions in a public place.

No matter how secure the establishment’s Internet connection is, it’s just bad practice to use your credit card information using someone else’s wifi account. This includes making purchases and performing online banking activities. Your bank and credit card information are meant to be confidential, and unfortunately, hackers are both smart and devious. This, by the way, also applies to transferring any type of sensitive or confidential information.

3. Add password-protection to your device.

There are some people who are so concerned about theft that they actually take their laptop or tablet into the bathroom with them when they need a break. If you’re not of the mind to do that, you might at least want to install password protection on your computer so no one can push a button and see what’s on it while you’re momentarily away from it. It can be a hassle to keep entering a code, but it’s worth the extra effort. By the same token, don’t leave USB drives unattended when you walk away, or they might walk away with a fellow patron, even by accident.

4. Put a privacy filter on your screen.

You’re working on something that’s highly confidential, and you’re doing it discreetly, but there are people at surrounding tables who might be able to catch a glimpse of what you’re doing. They probably don’t care, but people are curious. This is when you’ll want to consider adding a privacy filter, a thin black filter that fits over your screen so it can only be viewed by someone directly in front of the screen, aka you.

5. Get a VPN for your laptop.

A virtual private network, or VPN, is a technology that increases your personal online security by hiding your Internet protocol (IP) address and encrypting everything you send or receive, thus enabling you to access the web privately. Essentially, it builds a virtual passage between your device and the wifi server, so no one can view your data or even your activity. This is a must-have for anyone who spends time online in a public place.

As with everything else, hackers are crafty types and they’re always looking for ways to access data that’s off-limits to them. By taking the proper steps to secure your devices, you can make things difficult for them while having personal peace of mind.

How to Protect Your Home’s Smart Technology

From Google assistants to lights, cameras, door locks, and thermostats, smart home technology is based around devices connected to the Internet of Things that can be remotely monitored from anywhere.

According to Statista, by the end of 2019, there will be about 42 million smart homes in the U.S. alone; and while they offer convenience, smart devices also welcome digital thieves and hackers into your home.

Here’s some useful ways how you can secure your smart devices that will go a long way toward protecting you and your home.

Use passwords

First, if you are able to protect any of your smart devices with a password, it is best to do so. Remember, keep your passwords hard to guess and don’t reuse a password that you already use somewhere else.

Start with the router

The router serves as the main connection between your smart devices and the outside world, so hackers can exploit it to gain access to your wireless gadgets. It is best to protect your router with and home Wi-Fi with a password.

Don’t rely on the default code that came with the router, instead, choose a new password to reset the router’s security. This will deter malicious hackers from accessing the device. For extra security protection, switch out the code on a regular basis.

Update your devices regularly

This may seem like a no-brainer, but it’s important to download and install updates as and when they appear. This patches your devices against the latest security bugs and keeps them as well-protected as possible from outside interference.

First, if you can protect any of your gadgets with a password, then do it. Remember, don’t reuse a password that you already have in place somewhere else.

Use two-factor identification

Another way to further secure your smart home devices is to implement two-factor identification. This prompts you to enter a code (which is sent to you via another device) each time you log into an app. It’s just an added layer of protection to prevent someone from accessing your accounts. Security experts also suggest rebooting your smart-home devices weekly as an added security measure. The reboot will automatically download new security and privacy settings as it reconnects to the internet.

It’s no surprise that smart technology has changed the way we operate our homes and lives. With that said, consumers need to be proactive, rather than reactive, about their smart-home security. By implementing a few of these simple measures, you can protect your privacy and your family from potential harm.

The Internet of Things: What it Is and What it Means for Security

The Internet of Things (IoT) might sound like a complicated, futuristic idea. While there are complex aspects, understanding the main idea is actually quite easy. The IoT is a network of devices that are web-enabled and use the internet to make our lives easier. 

By communicating with each other, internet connected objects streamline an almost infinite number of processes for both work and play. Most of us know about IoT devices like digital assistants, doors you can lock from your cell phone, and watches that track your physical activity. In addition to these everyday devices, IoT helps industries like farming, healthcare, air travel, oil drilling, and more to work more safely and efficiently.

While the IoT has made the world a lot easier for almost everyone, it also comes with risks. The more connected devices we use, the more personal data we put out into the world and the more vulnerable we become. Data like your home address, banking information, birth date, gender, and other identifying information may be stored in IoT devices. Even scarier, downloading apps and software onto your devices is a major way that hackers are snatching people’s data. From GPS trackers to sound recording software, bad actors are finding new and terrifying ways to invade users’ privacy, steal their information, and use it for their own gain, Today’s data thieves have more opportunities than ever before to steal your personal information.

So how do you protect yourself without giving up the convenience of your IoT devices? 

First, choose more secure login methods instead of passwords if you can. Using your fingerprint or facial recognition to authenticate reduces your risk of being hacked. Look for devices and programs that require two-factor authentication, too. Receiving a secondary, temporary password to enter after you log in lowers your risk of a data breach. 

One of the easiest ways to secure your data is to connect all of your IoT devices to a “guest” network at home and use your regular network for your phone and computer. Doing more sensitive activities (like online banking or shopping) on the regular network protects your data. And if your guest network is compromised, it won’t act as a gateway to your personal information.

As IoT becomes more mainstream, more and more platforms are focusing their innovations on security. A stronger focus on maintaining users’ privacy on web-enabled devices and better data management could make living in our ever-connected world even more convenient.

How To Keep Even the Most Basic Email Account Secure

Today, it seems there’s no shortage of stories about email hacks or online data security breaches. Just recently, Lifelock — which is meant to help consumers protect their identities online — was the victim of a massive customer email address exposure, according to Mashable.

If you know very little about email security, those stories can make you feel hopeless when it comes to trying to protect your information and identity. With that said, there are steps you can take to better protect your email account.

Password Security

Password security, and more specifically, the complexity of the password you use to protect your email account, is significantly important. Don’t just throw together part of your name and birthday and call it a day. Make sure to use numbers, symbols and uppercase and lowercase. Consider also making your password long, as opposed to a short string of a couple characters. Lastly, consider using password generators to provide a complex, multi-character password that will be more difficult to break.

As one final note for strong digital security best practices, do NOT reuse your password across multiple digital platforms. The reality is that if and when a web service you use is hacked and the password you use on that platform compromised, if you had used the same password on other platforms, they will now be at risk as well. Yes, it takes extra work and remembering multiple passwords is never fun, but this mitigates a lot of extra digital security risk.

Security Questions

First and foremost, if your email platform allows for 2-step verification, always turn it on. This verification process is highly important in increasing the security of your account.

Outside of that, most email platforms have a security answer question process to recover accounts or gain access to them. In the same vein, your security question answers shouldn’t be obvious for just anyone to come up with either. If you’re friends with your mother on Facebook, and she lists her maiden name, and one of your security question answers is her maiden name, that is incredibly easy for someone to work out with very little research. The answer to a good security question shouldn’t be easy to guess, and should be something you’ll remember — even if it’s an answer that doesn’t actually make sense with the question. If you’ll remember it, and someone else wouldn’t know it or be able to research it, that’s really what matters.

You should also always be sure your recovery options are up-to-date. Don’t just leave it to fill out later. If someone gets into your account, and you’re alerted, you’re going to want to have a recovery option like your personal phone number set up so you can fix it ASAP. Check out your recent activity often, too. If it looks like someone has tried to log in from somewhere strange, that’s something to flag, and means it’s time go in and change your password just for good measure.

The technological challenges of e-mail security

E-mail security continues to be a problem for users at all levels. The baffling array of attacks, including phishing, whaling and business e-mail compromise, shows no sign of letting up in 2018. IT professionals, for the most part, have taken a laissez-faire approach: train users more in ways to avoid e-mail attacks and hope for the best.

But how do you train users when two-thirds of inbound phishing attacks use the company’s own domain name? That makes such scams extremely difficult to detect, according to an article published on the IDG Contributor Network.

Since e-mail is now used by as many as half the humans on the planet, according to research by Radicati, it remains the most effective and inexpensive way to reach out to friends, family and business contacts.

So if it’s clear e-mail isn’t going anywhere, how do we solve its inherent problems?

Security Made Easier

I have spent the last 25 years studying web-based issues and have a number of patents in the cybersecurity area. More recently, I’ve been focusing my efforts on e-mail security and working to comprehensive solutions that are compatible with existing systems, but at the same time improves e-mail security and functionality.

Let’s face it: e-mail is in dire need of an update since the existing design and architecture allows for virus attacks, spam abuse and other major security concerns.

Spammers are becoming more creative in their ways to get you to click on their links, including using dummy web pages that look like the real thing and then encouraging you to enter your user name and password. You need to be more careful than ever, checking the e-mail address in the from field and rolling over the link with your mouse to see if the web address is legitimate. Keep in mind, most financial institutions will never send you e-mail with links; they usually call or send a letter.

Advances in my patents include: the secure transfer of e-mail messages through existing clients and without necessitating changed e-mail addresses. That’s critical since most other secure e-mail systems (Hushmail, Proton, etc.) require you to use their domain address.

In addition, the system can track all actions performed in connection with an e-mail transmission and has the ability for a recipient to view information about an e-mail message, optionally including information about how other addressees have responded to it, before deciding whether to retrieve and open the e-mail message or not.

The Authentication Route

Experts believe e-mail authentication will become more mainstream in both the public and private sectors, shifting from merely deploying authentication to enforcement, where a domain’s published e-mail policy directs mail servers worldwide to block unauthenticated e-mail. In the private sector, this shift will be driven by marketing departments, who view authenticated email as a brand protection tool, as it can also increase e-mail deliverability.

Authentication may seem like a complex route, but it’s already in use by banks, credit card companies and secure cloud services, so why wouldn’t we authenticate the most fundamental form of communications that business uses today — the simple e-mail message?

How We’re Making E-Mail Better, From Security to Productivity To Addressing Junk Mail

E-mail. It’s way better than snail mail – faster and more efficient, and you don’t have to worry about rooting around for a stamp when you want to send the traditional kind of non-digital message or card or letter.

But in other respects, sometimes you kind of yearn for tradition.

Like, when was the last time you got a hard copy letter in your real mailbox from a Nigerian scamlord? And I’m betting you easily get ten times the “special offers” and other types of junk mail in your in-box (despite the best filters) than your friendly neighborhood letter carrier carts around to hand-deliver to you.

For all the drawbacks of e-mail, it’s become a ubiquitous and vital tool, one that keeps us connected and communicating more effectively than anything else that humankind has come up with. After all, what other tool can lay claim to 3.7 billion global users who send 269 billion messages every day?

We just have to make it better

That’s what a lot of people are doing, addressing the different points of pain that make the user experience something that’s not as optimal as it should be, when you think about it. It has been nearly 25 years since it became one of the first major transformations of the Internet Age. Isn’t it time?

Optimization is what one e-mail innovator, Rahul Vohra, has sought to accomplish with Superhuman. This app is not just super looking, but it’s faster than a speeding bullet. The idea is to enhance productivity, not just through speed, but also by bundling features like read statuses and undoing sends. It negates the need for all those browser extensions.

Edison is a different take, an automated e-mail assistant that interacts with Edison (the AI) and does everything from unsubscribing from junk mail lists to managing your contacts and bills. It’s another e-mail productivity tool.

On a different front are a series of handy tools to save you from those annoying e-mail trackers that add immensely to your junk mail overload. (How bad is it? Over 40 percent of all the e-mails sent every day are tracked.) One is called Senders. It requires no special software or plugins, intercepting e-mails, scanning for tracking codes and scrubbing when they are found. Another app, Ugly Email, detects and highlights messages in Gmail boxes embedded with tracking software.

Some of the patents around email communication that I have worked on are designed to address a much broader expanse of issues – with improved security at their heart. Working in tandem with all e-mail clients, we enable secure messaging transfer and tracking, for example, along with “for your eyes only” features and a configurable, cryptographic engine for storage.

Today’s e-mail system may not be perfect, but we are seeing many innovations that are making our use of it faster and better and more secure. Yes, it is about time.