Digital security at home: A practical guide

Nowadays, security is a top priority. In current times, when working from a remote location has become predominant, performing our job alone and collaborating effectively with colleagues remotely are competences that we all had to learn or master quickly. The result however, is positive: we now connect, interact and get the job done no matter where we are. 

Although businesses enforce robust technological defenses, we should be aware that cybercriminals are constantly looking to find a door left open for them to pull scams off and steal sensitive data. We should take proper care to secure our wireless home networks and devices. 

Don’t have time to read the whole blog entry? Then watch our “Blog in 1 minute” video for a quick summary of its main points:

Following, there is a set of best practices that have been confirmed to be adequate to maintain our digital security at home and protect our personal assets and data. Often, working from home feels more casual, but security measures cannot be relaxed. The more we incorporate devices like mobiles, tablets, and webcams into our home networks, the more we need to ensure that everyone safeguards them.

Each and every one of us should be vigilant for personal assets and data. No matter where we work – at home, or at the office – here’s what we need to do:

  • Use secure Wi-Fi and make sure that you are connected to the virtual private network (VPN)  of the business.
  • Don’t write down or share passwords or credentials.
  • Double check email addresses and attachments to avoid sharing confidential information with any unintended recipients.
  • Promptly install all firm provided software updates.

Home-based work is here to stay. Keep you and your family secure while working from home. This handy guide offers the tips you want to know.

 
Shut the door! It’s all about minimising risks.

As we already mentioned, there are several steps to follow in order to work in a secure environment. We already provided the baseline in the introduction. In this section, we will deepen several topics.

Security IT
1. Create strong unique passwords

Creating strong unique passwords is of critical importance.  Attackers use software which can break weak passwords in a few seconds! Once attackers have a password, they will attempt to use simple variations of it to access other accounts and devices which belong to you.

Click here to expand or collapse our tips
 
2. Install updates, security patches, firewalls and anti-malware.

This represents essential digital security hygiene that all of us need to do. 

Attackers exploit vulnerabilities in devices and software to gain access to them and take them over. Firewalls and anti-malware attempts to stop attackers before they can exploit vulnerabilities need to be up to date and configured correctly.

Click here to expand or collapse our tips
 
3. Be suspicious and careful when clicking links, running software or giving away information

Regardless of how well you follow the guidelines we have just suggested, you can undermine your efforts if you make the wrong choices. 

Attackers use social engineering tricks to try to persuade you that they are genuine by means of landlines, cellphones, emails, and on the web. 

They aim to extract passwords or sensitive information from you which, in turn,  will be used to gain access to your accounts. They could also try to persuade you to run software or to click on links which will enable them to install malicious software on your systems to, for example, access your bank accounts and medical records.

Be suspicious! 

Click here to expand or collapse our tips
 
4. Spot security issues and know how to respond and recover

Being a victim of some security incidents is not always immediately apparent. 

While ransomware encrypts all data indiscriminately rendering it unusable, other malicious software may be operating silently in the background, collecting private information (including passwords) and sending them to the attacker or streaming your webcam and microphone to the attacker’s server. 

1) Your system may have been compromised if you experience one or more of the following situations

 2) If you suspect your system is compromised, then isolate it from your network (to avoid a potential malware to spread in your network) and other devices, and seek professional advice and help.

3) Ensure you backup your data on a regular basis and know how to restore it in the event of an incident. Backups should be stored in such a way that they cannot be compromised when the system they are backing up is compromised.

For example, a USB connected drive which the backup software uses for backups would be found by ransomware software and encrypted too. Consider cloud services for offsite backup as well.

4) It’s also critical to be suspicious of where your products are made from. Whether it’s siphoning text messages, gathering information from wearables or IoT devices, or obtaining call records, there’s a serious risk.

5) Some useful recommendations
 
Examples of digital security threats and personal consequences
1. Ransomware and cyber-extortion

The term ‘Ransomware’ refers to a family of malicious software (malware), used by cyber-criminals to extort money from victims. It can work like this: 

  1. A user ends up with the malicious ransomware software running on their system. They may have opened an infected email attachment, visited a website which compromised a vulnerability in their browser and delivered the malware to them, or downloaded and run a free game which actually was a Trojan with the malware hidden inside it.

  2. This malware uses state-of-the-art encryption to silently encrypt all files it has access to. This will comprise all drives that are physically connected to the local system, such as USB connected thumb drives, as well as those files that are accessible on shares across the network.

  3. Once all files are encrypted, the ransomware will display a notice demanding that the victim must make a payment within a short time period (three days, for instance), in return for a key to decrypt the files. Otherwise, the files are irretrievably lost.

  4. Paying the ransom is no guarantee of getting the decryption key, and often the attackers will attempt to extract more money once they realise someone has lost something of value that gives them sufficient incentive to pay.

People have lost years of family photographs, partly finished dissertations, rare digital music collections, irreplaceable research, critical source-code and much more.  Even for the people that were diligent in taking backups, some found they were unusable as they were also encrypted by the malware because they had been continuously connected to the infected system.

 
2. Identity Fraud

Identity fraud occurs when cyber criminals have collected enough private information about a person to be able to impersonate them and fraudulently make money.  

For example, they could obtain genuine documents such as birth certificates, passports and driving licenses as well as open bank accounts, obtain credit cards, take out loans, order goods, etc.  

Sometimes people aren’t aware that their identity has been stolen and used fraudulently until they start to receive bills or invoices they haven’t ordered, or even when debt collectors attempt to recover monies owed.  It can take months or years to repair credit ratings and good standing amongst potential future creditors, immigration agencies, employers, etc.

 
3. Internet of Things (IoT) Distributed Denial of Service (DDoS) Attack

An example of such an attack is a significant outage caused by a DDoS attack on a domain name system service provider. 

Attackers have been able to hack into hundreds of thousands of vulnerable IoT devices to use to amplify the attack. The string of malware to hack the IoT devices used the standard/out of the box username and passwords. E.g. username: “admins”, password: “password” to get access into hundreds of thousands of IoT devices. The attackers have used IoT devices including routers,wearable, etc. This led to numerous websites to be down for several hours including some social networks.

What we think
Milena Tomova
Milena Tomova, Senior Information Security Officer at PwC Luxembourg

Information security provides an adequate secure environment in which any business service can function properly and operate uninterruptedly.

Back to Top