In response to COVID-19, some public servants are now working from home. While it is necessary to practice good cyber hygiene in office, it is crucial to continue good cyber hygiene practices while working remotely as there has been a surge of cyber-attacks targeting remote workers.
The Guyana National CIRT (CIRT.GY) recommends the following good cyber hygiene practices:
- Secure Wi-Fi Connections. Ensure you use a secure Wi-Fi connection that is password protected. Avoid using free public Wi-Fi to conduct sensitive work. Use your own internet connection at home and resist the urge to use your neighbors free Wi-Fi or the Wi-Fi offered at Cafs to perform work duties.
- Use Strong Passwords[1]. Ensure your passwords are longer than 8 characters and contain alpha-numeric and special characters. A rule of thumb when creating strong passwords is to ensure the password does not contain any dictionary words. Strong passwords make it more difficult for attackers to guess your passwords.
- Use Two-Factor Authentication[2]. While strong passwords are good, setting your account to use Two-Factor Authentication will significantly increase the chances of securing your accounts. This is typically implemented by adding a trusted phone number or email that will receive a unique code to grant access to your account.
- Update your Software[3]. Ensure your devices have the latest manufacturers updates and antivirus software installed. This is necessary to reduce the likelihood of your device becoming compromised.
- Backup your Data. Given that employees working from home might not benefit from centralized backups at the office, there is need to ensure that copies of critical work files are made and securely stored on removable media such as a flash drive or portable hard drive. Please note, the removable media should be kept securely.
- Secure Connections[4]. Network Administrators can create virtual private networks (VPN) access for remote workers to enable them to securely access data on the organizations servers. This also enables secure internal communication among staff.
- Secured Devices. If possible, use company configured devices with up-to-date software patches and endpoint protection. Administrators are encouraged to ensure each employee has a unique login ID. Extra precaution can be taken by logging and monitoring all remote login sessions.
- Use Phishing Filter. Network administrators can install filters on email applications and the web browser. These filters will reduce the number of phishing attempts.
- Be Cautious. Consider carefully all communications you receive online. Avoid opening, viewing or listening to any media or attachment that may be suspicious or may have originated from an untrusted source.
- Protect your Personally Identifiable Information (PII). Refrain from entering personal information in pop-up screens. Legitimate companies, agencies and organizations will never ask for personal information via message pop-ups.
[1] https://security.berkeley.edu/passphrase-complexity-guidelines
[2] https://www.sans.org/security-awareness-training/resources/two-step-verification
[3] https://www.enisa.europa.eu/news/executive-news/top-tips-for-cybersecurity-when-working-remotely
[4] https://security.berkeley.edu/education-awareness/best-practices-how-tos/system-application-security/securing-remote-desktop-rdp