During the protracted Covid-19 pandemic, more people than ever before have been working from home, paying bills, and socializing using basic Wi-Fi services. Being safe and feeling safe at home are therefore more important than ever.
However, the pandemic has also meant that “a lot of services were provided online, and that happened in kind of a rush, so security was an afterthought,” said Apostolos Malatras, team leader for knowledge and information at the European Union Agency for Cybersecurity (ENISA). As a result, hackers are indiscriminately going after anyone from large organizations to individuals. As cyberattacks become yet another invisible enemy to contend with, staying home to avoid the novel coronavirus no longer seems so safe or comforting.
Regardless of geography, cyber criminals are holding databases and systems hostage with malicious software (ransomware) until they are paid off. ENISA reported more than double the number of cyberattacks against European entities in 2020 over the previous year. In the U.S., the FBI found that cybercrimes hit 791,790 cases in 2020, an increase of more than 300,000 cases over 2019, costing a record total of US$4.2 billion. The attacks are not only wreaking havoc on government infrastructures like oil pipelines and public transportation but also government databases, hospitals, and health-care networks. The assaults are invading the privacy and compromising the financial, physical, and psychological well-being of millions.
In most cases, working from home requires connecting laptops or desktop computers to a Wi-Fi network. Most Wi-Fi network or internet service providers (ISPs) support basic cybersecurity. To be more secure, an additional secured router may be deployed. More importantly, having a cybersecurity mindset is key.
The following are some suggested best practices for protecting yourself against cyberattacks.
Securing your home network is like digging a deep, virtual moat between your home devices and data and the hackers.
First, be extremely careful about clicking to open anything from an unknown sender. Ransomware attacks usually target large corporations, insurance companies, and legal firms. Ransomware emails are usually disguised as email notifications informing you of minor law violations, like traffic tickets. The email encourages you to click on a link to disprove the claim, thus releasing the malicious software. Opening the link containing some malicious JavaScript on the computer you use when working from home will compromise your home servers before spreading to other computers on the network. Therefore, do not be tempted to click on any unknown link. Just delete the message. In addition, keeping your system up to date is helpful. This seems to be a simple thing to do, yet many people make the same mistakes.
Network security is certainly important; it will be useful to throw up roadblocks to make it so onerous for the hackers that they’d rather find another target.
First, change the default username and password on your routers and other IoT devices to something harder to crack and hence more secure. In other words, use something different from the top 10 most common passwords worldwide. Additionally, set up a separate network for guest users so that if a guest has malware on his phone or tablet, your primary network will be unaffected. Once you have finished changing the settings on your router, be sure to log out as administrator. Remembering this step means that even if a hacker can break into your administrator account, he may not reach your network and devices. You can also make your data harder to decipher by encryption with WPA2 or a virtual private network (VPN). In addition, shield your data and your location using a VPN, using a service set identifier (SSID), hiding in a public network, or turning off your Wi-Fi network when you are not at home.
Moreover, turn on the built-in network firewall in your Wi-Fi router to add another layer of protection to your home security. You can also place the router in the center of your home, as routers placed near a door or window are more likely to have their Wi-Fi signals intercepted by hackers. Lastly, your network can be further protected by enabling media access control (MAC) address filtering and disabling remote administration. The U.S. Federal Trade Commission (FCC) provides guidelines on securing a home Wi-Fi network.
Meanwhile, you can become more aware of the smart devices you own. For example, many owners of smart meters did not even know where their smart meters were until discovering that hackers had compromised them. It is helpful to assess the IoT-connected devices in your home and eliminate the unnecessary ones; fewer devices mean less exposure to attack. Then, increase the protection of the remaining devices by changing default passwords and using advanced security options if available. In addition, keep the devices’ software up to date. Finally, choose devices that have gone through several generations, have an older brand, or have many positive online reviews, as they are likely to have higher security standards.
In addition to hardware-protective measures, security software can be used to protect against computer viruses.
First, firmware remains crucial. Hundreds of thousands of home Wi-Fi routers are under attack, and some are more vulnerable than others. If the device was purchased in 2015 or later, keeping up with firmware updates may suffice. If an update is unavailable, disconnect the device and use another router or access point until updated firmware becomes available. If the device was released between 2010 and 2015, you may or may not get a firmware update.
Check the manufacturer’s website for firmware updates and follow the instructions; otherwise, disconnect the device and get a new one. If the device was first released before 2010, it is best to get a newer device.
In addition, software security can be built into the hardware to add an extra layer of protection. For example, Gryphon offers a smart mesh Wi-Fi router with parental-control software features. The Gryphon app uses machine learning to continuously learn the network traffic behavior patterns for each connected device and monitor for cyberattack threats.
In addition, the software periodically sweeps for open ports, which are more vulnerable to attack, and for any rogue devices that attempt to break in. If a threat is detected, security alerts and recommendations will be sent out.
Moreover, the software flags weak passwords and prompts the user to choose stronger ones. The Gryphon app has multiple filtering functions. For example, malware and ransomware will be checked against a comprehensive database of malicious websites and be blocked if they reach any connected devices. Finally, phishing scams will be blocked to prevent accidental clicking.
From the very beginning of the Covid-19 pandemic, many people have avoided having installation or repair technicians enter their homes. As a result, DIY (self-install) security systems, on the rise in recent years, are becoming even more popular. Covid-19 has also accelerated consumers’ desire for remote technical support. In response, some security services provide remote customer support via video tutorials and do-it-with-me installation sessions via video, phone, or chat. Moreover, the rise in consumer privacy concerns is driving the development of video analytics and biometric authentication to enhance the security of devices like video doorbells and IP cameras.
Government agencies use reports about attacks to track their patterns, as much can be learned from past attacks. Therefore, your report may keep others from experiencing an attack in the future. Recently, the European Commission has set up a joint cyber unit to enable national capitals attacked by hackers to get help from other countries and the EU. Cybercrimes can also be reported to Europol. Many EU laws are related to cybersecurity breach reporting.
Never underestimate the importance of backing up. Whether the backup is cloud-based or hardware-based, it is important to back up all critical data daily. Some storage devices provide automatic backup software. When an attack occurs, a user can easily be back to work with another computer in no time.
According to the Swiss cheese model of pandemic defense, no single layer can offer complete protection from a virus.
However, multiple layers of protection, each imperfect, will achieve much more effective and complete protection.
Similarly, there will not be one layer completely effective against cyberattacks, but multiple layers of digital protection around one’s home network will make it so arduous that most hackers will be turned away.
In short, carrying out these best practices will increase work-from-home cybersecurity and, at the minimum, allow you to recover from an attack with minimum disruption.