With so many Canadians working remotely from their homes, many may be vulnerable to hackers because they have skipped simple precautions, says a University of Guelph expert on cybersecurity.
Prof. Ali Dehghantanha is the director of the Cyber Science Lab in U of G’s School of Computer Science. He says employers typically have measures in place to secure their employees’ data, such as firewalls and intrusion detection systems, but lose that protection when staff work from home.
“Cybersecurity is always challenging, but it’s easier when employees are working in a known environment and we can monitor machines or path their systems if required,” said Dehghantanha, who leads U of G’s graduate degree program in cybersecurity and threat intelligence.
“But at the moment, we don’t have that flexibility. With so many employees paying less attention to data security, it’s providing the right environment for cyber criminals to attack.”
Most of these hackers are not only interested in the data of individual end users, but they also want to leverage those users’ machines to access their company’s larger network.
But there are simple ways employees and business owners can thwart these attacks by turning their attention to improving their “cyber hygiene.” Here are five.
Use Your Company’s VPN
When connecting to your workplace’s network, use a VPN, or virtual private network, which ensures privacy by masking your IP address (internet protocol) so your online activities are untraceable.
“The VPN acts as a tunnel that encrypts all your data regardless of what network you’re connected to,” Dehghantanha said.
While many websites offer VPN downloads, “most are not trustworthy,” he said, which is why he advises downloading the VPN provided by your employer or from reputable sources.
Don’t Mix Business and Personal
Though it’s not always possible, ideally employees should use a work laptop that’s separate from their home computer. The problem with using a home computer is that it may already have malware or viruses that can then find their way into your work network.
“So, it’s important that you separate these two spaces. And don’t allow your children to use your work computer or laptop to download or play web-based games because that, too, can leave your data vulnerable,” he said.
Encrypt Your Data
Dehghantanha advises encrypting all work-related data on your computer with “keys.” Microsoft Windows, for example, will allow users to encrypt certain folders, drives and documents under the Advanced Settings.
“When you are downloading data onto your home computer, make sure they are in encrypted folders so even if attackers access your computer, they won’t be able to read that data without the right key. Alternatively, you can store the information on the cloud server provided by your employer – but only if you use a VPN to access that cloud,” he said.
Check Your Wifi
Be sure you’re connected to the right wifi network and not connected to what cybersecurity experts call a “rogue wifi access point,” which is configured to look like your real wireless network.
“So, instead of connecting to your own wifi, you connect to their wifi with the same name and now they have access to your devices and to your larger network,” said Dehghantanha.
There are many tools that he recommends using regularly to scan for rogue access points.
Beware of Videoconferencing
Always ensure call invitations are legitimate. When joining a videoconference, make sure there’s nothing private or confidential in the background behind you.
“I’ve heard of people who have their password taped to the wall behind them, or there may be other private matters that could be seen on the camera,” Dehghantanha said, adding it might be best to use a virtual background.
Dehghantanha researches cybercrime, cyber forensics, and security of AI systems. He can offer further tips and is available for interviews.
Prof. Ali Dehghantanha