The Risks of Using Private Devices

The biggest challenge of working remotely on a VPN (Virtual Personal Network), by far, is IT security. This is because security for personal use is much less stringent than that needed for businesses and their infrastructure. Typically, personal devices (PCs, cell phones, laptops, and tablets) are not maintained at the same security level as workplace desktops and servers, therefore, they are more vulnerable to hacking. This makes them ideal targets for malicious cyber actors because most or all organizational and customer traffic must pass through these devices.

​

Keeping the Network Infrastructure Secure

Despite the vulnerability of personal devices being used for business purposes, there are ways to keep your information and your business secure. The Cybersecurity and Infrastructure Security Agency (CISA) released an alert on 3/13 to encourage organizations to adopt a heightened state of cybersecurity. Below are their suggested guidelines:

​

1. Update VPNs (Virtual Personal Network) and all devices being used to remote into work environments with the latest software patches and security configurations. 
   
   See CISA Tips Understanding Patches and Securing Network Infrastructure Devices.
    

2. Alert employees to an expected increase in phishing attempts.
   
   See CISA Tip Avoiding Social Engineering and Phishing Attacks.
    

3. Ensure IT security personnel are prepared to ramp up remote access cybersecurity tasks: log review, attack detection, and incident response and recovery. 
    

4. Implement MFA (Multi-Factor Authentication) on all VPN connections to increase security. If MFA is not implemented, require remote workers to use strong passwords.
   
   See CISA Tips Choosing and Protecting Passwords and Supplementing Passwords for more information.
    

5. Contact CISA to report incidents, phishing, malware, and other cybersecurity concerns. https://www.us-cert.gov/forms/report
   
    

Best Security Practices for working from home using personal devices

In addition to the CISA recommendations, IT providers recommend the following as best practices guidelines.

 

1. If possible, use only company provided devices.
    

2. Secure Your Home Workstation if using a personal device: Ensure you have fully patched and updated anti-virus and anti-malware software. It’s important to follow the same best practices you would as if you were in the office, and report any suspicious activity or concerns to internal IT or your MSP (Managed Services Provider).
    

3. Have a secure WiFi access point. Without a secure WiFi access point, you’re essentially leaving a back door open to hackers. That’s because WiFi signals are often broadcast far beyond your home and out into streets. Yes, drive-by hacking is popular among cybercriminals today. A few tips for securing your WiFi access points:
   • Use stronger encryption and a more complex password
   • Hide your network name
   • Use a firewall
    

4. Use a two-factor authentication VPN. VPN stands for Virtual Private Network. It’s essentially a private, encrypted tunnel that goes direct to the IT network in your office. Ideally, you’ll want your VPN to support two-factor authentication. This means it’s doubly secure because you will need to call in to access the network. If you don’t have a VPN, you can consider other services, such as GoToMyPC or Zoho. While these products are not as secure, at least they keep your home network from being exposed. 
    

5. Establish an official communication channel early and ensure that all users know the email address and format of the communications. This is a procedure that will allow you to recognize spam and phishing attempts.
   
   These security measures are not difficult to set up. But if you have any questions or need assistance, we will be happy to help get your employees set up remotely. 
   
   Contact Oakland Solutions LLC at 248-689-1439 or info@OaklandSolutionsLLC.com

​

​

​