We already live in a digital world, and COVID-19 has turned many kitchen tables into offices. The proliferation of apps, increased online interaction and ‘things we log into’ (that’s the technical term) we need more passwords, more security and to be more diligent about our online behaviors. We also can’t just rely on workplace firewalls now that we’re often working on our home wifi instead of the secure office network.
We asked 14 experts how to improve your online security and they’ve provided practical tips to keep your computer secure. Scroll down for some tips you can implement straight away!
Emma Lovell, Senior Manager – Cyber Security Governance at Woolworths Group: Do you remember those villains from James Bond films? Elaborate plans expecting Bond to die (moon bases, lasers, ridiculous hydrogen power plants in the Saudi desert) and all foiled by the simplest of escapes. Cyber security and working from home is exactly the same. All of the good hygiene that people applied in the office needs to translate to our home working environments:
- Keep your antivirus up to date
- Turn on automatic software updates
- Use multifactor authentication where available and a password manager
- Lock your workstation, and
- Remember that cyber security is also about being aware of social engineering attempts – verify identities before sharing information online or over the phone.
Your organization’s Cyber Security team is doing their best to protect you and your business, but they can’t do it without you!
Nicola Hermansson, Partner – Consulting at EY: Trust your instinct. Attackers increasingly are targeting people…. Remember, they think you are the weakest link. If you receive an email that feels a bit fishy… spelling mistakes, unfamiliar email address, asking you to click a link, open an attachment… Stop. Think. Catch the phish!
Tanya Mears, Director – Cyber Security at EY: A high percentage of security incidents are caused by people accidentally, either through manual process errors, clicking on inappropriate links, or sending unencrypted information outside of an organizations network. With people working from home, there are new challenges and distractions with added pressure, so being vigilant when distributing information and double-checking what you’re sending or clicking, is especially important.
Adeline Martin, Cyber Security Operation Analyst at Origin Energy: A simple tip, but often ignored because it’s too hard, is to use a strong password – at least 9 characters containing numbers, symbols, capital and lowercase letters – and not to use the same password across multiple applications. I usually tell friends to use a funny sentence. Use a password manager to save and generate passwords, such as LastPass, which is very user-friendly, free and safe. Make sure all your software and applications are always up to date, do not postpone pop-up windows with updates, and make sure your antivirus software is enabled and regularly updated as well.
Stacey, Cyberspace Warfare Officer at Australian Defence Force Australian Defence Force cyber teams work diligently to protect Defence networks and intelligence from digital threats: Be cognizant and aware at all times and take the time to think about your actions before you do them. Don’t be afraid to question something you see or hear, whether it is an email, phone call, text message or website link. If it feels wrong it probably is.
Helen Rabe, Global Director of IT Security at Abcam UK: If applicable, then use your corporate services/resources for your office work, especially the VPN. If you use your own setup for your work, ensure you are up to date with your antivirus solutions and ensure your operating systems are also updated. Finally, if you can, enable wi-fi encryption on your home router.
Martha McKeen, Executive Manager Cyber Outreach at Commonwealth Bank: Lock down your logins. Regardless of where you’re working, it’s essential to focus on developing strong password behaviours. Longer passphrases that are unique for each service you use are essential. To ease the balance between good security and practicality you can consider using a password manager to help you manage multiple accounts. Have a think about which of your accounts are critical ones (such as your email and online banking). You can consider managing these passwords directly (e.g. remember them) and allowing your password manager to do the heavy lifting on your less critical accounts. Effectively managing your passwords is a little extra effort for a significant security benefit. My team has documented some tips for using multifactor authentication and other ways to work from home securely in our recent edition of Signals – available at https://www.commbank.com.au/business/support/security/signals.html
Gyle dela Cruz, Cyber Threat Analyst at Cyber Research NZ: For those working at home, be vigilant with unusual email/messages you receive. Do not use your corporate laptop for personal web browsing.
Akshaya Kalyan, leading the IAM Managed Services team in Cyber Intelligence Center at Deloitte: Do not click on the link that you are not sure of is the first most important tip to everyone working from home. Phishing attacks are the most common these days and it’s our action that initiates it.
Shiva Mierczak, Security Engineer at J.P. Morgan, Australia and New Zealand: To set up two factor authentication or 2FA on all accounts.
Sarah Young, Azure Security Architect at Microsoft: Don’t download/send/use things outside of your organization’s agreed processes, devices and apps to work on e.g. don’t email something to your personal account from work so you can have it on your own machine because it’s faster/easier/whatever. It might be a pain to work from a virtual desktop rather than run something locally, but your organization will have their reasons for asking you to work in a certain way and using certain applications. If it’s making it hard for you to work then definitely report that back to your IT department – they need to know – but please don’t make your own workarounds as that’s an easy way for security to be compromised.
Meidi Zhou van der Lee, Full time student – master degree in cyber security at Edith Cowan University: 1) Look into your passwords, make sure to use strong passwords for each and every of your account and do not use the same passwords for critical and not critical accounts, whatever they are. 2) Secure your WiFi connection.
Jasmin Brain, Cyber Assurance Lead at Woodside Energy: Try to keep your home environment as safe as your work environment. Keep your home devices up to date with patching and anti-virus, don’t use the same passwords for your work and personal accounts or leave your passwords in sight, and only use authenticated applications. If your company hasn’t enabled MFA, I would strongly recommend deploying it on your devices and accounts – it can be a lifesaver if there is a hacking attempt on your account!!
Catherine Burke, Lead Compliance & Security Analyst at TfGM (Transport for Greater Manchester) UK: To follow the basics of security.
- Always use strong passwords, and never disclose them to anyone
- Know how to spot phishing emails and how to report them
- Report anything suspicious
- Ensure your anti-virus is up to date
- Follow good practice when handling your organization information
The National Cyber Security Center (NCSC) is a good place to start. With lots of free information and advice on staying safe on-line.
The views expressed in this article are the views of the author, not Ernst & Young. This article provides general information, does not constitute advice and should not be relied on as such. Professional advice should be sought prior to any action being taken in reliance on any of the information. Liability limited by a scheme approved under Professional Standards Legislation.
