Working from home: How to stay secure online

---

SINGAPORE - The recent spate of scams targeting bank users in Singapore underscores how cybercrime is a real danger that we cannot take lightly.

 

But working from home and accessing work resources on home networks invariably raises cybersecurity risks, as we go about our jobs cloistered far from the safe harbour of the office network and without easy access to the IT department.

 

Here are some steps you can take to work more safely at home.

 

Download apps only from reputable sources

 

Today, malware called spyware can let hackers gain a foothold in your machine to spy on everything you do, while ransomware can be used to lock up your data files in unbreakable encryption for the purpose of demanding a ransom.

 

A common strategy to get users to download malware is by tricking them through scare tactics such as browser pop-ups that warn of "dangerous malware", or other alarming threats.

 

Another method is through hidden malware called trojans, which hide inside free apps or pirated software available at websites or peer-to-peer download sites.

 

The average user can steer clear of most malware by downloading and running external software only from reputable sources, such as official app stores, instead of third-party sites.

 

Don't open files from unknown sources

 

Malware sent through e-mails is less of an issue these days due to e-mail server configurations that block it by default.

 

However, certain types of file attachments, such as Word documents, Excel spreadsheets or even PDF files, might sometimes contain malicious code.

 

One way to sidestep this threat is to avoid opening files from unknown sources, or if you are not expecting them.

 

Be wary of links

 

The most common ploy with SMSes and e-mails is phishing, where cyber criminals use links in messages to lead you to websites that masquerade as legitimate ones in order to steal your passwords or personal information.

 

They might also use misspelt and unusual characters in the URL that look like those of the correct site.

 

The same is true for links in e-mail messages. Hackers can also embed a Web address within a hyperlink to hide a suspicious URL.

 

Do not click on suspicious links or shortened URLs in messages. Shortened URLs can hide the real Web address of malicious websites.

 

For organisations that you recognise, it is safer to manually type their website URL into the browser instead of clicking message links.

 

Use anti-malware software

 

You can further protect yourself by installing anti-malware software on your computers and mobile devices, though this is not foolproof as new malware can evade detection. Good cyber hygiene practices are still important.

 

Windows users who are loath to pay for anti-malware protection should check that the PC operating system's built-in Windows Security Scanner is at least enabled, or consider installing free third-party alternatives such as Avast and AVG for mobile devices and computers.

 

Backup files

 

To keep files safe and accessible as you work from home, back up your files using a cloud-based storage service at the minimum.

 

Avoid storing important work files on external storage drives, as these can be easily damaged by knocks and drops, and can fail from hardware issues. While data recovery is sometimes possible with external drives, this is expensive and can take weeks.

 

Use strong passwords

 

When it comes to good passwords, the Cyber Security Agency of Singapore (CSA) recommends that passwords be at least 12 characters in length, with at least an upper-case letter, a lower-case letter, a number and a symbol each.

 

It should also not contain any personal information such as your name, NRIC number or birth date.

 

Don't reuse passwords

 

Many workers use the same password across multiple online accounts, which puts them in a vulnerable position.

 

Hackers are known to publish or sell the passwords from online services that they breach, allowing other hackers armed with the pilfered data and automated software to easily test the data across hundreds of popular online services.

 

So, reusing passwords is a very bad idea.

 

The haveibeenpwned.com website lets you check if your e-mail is associated with publicised hacks.

 

Use password managers

 

A good password by itself is not good enough. Cybersecurity experts have advised that consumers should create different passwords for each account in order to keep their online accounts secure.

 

To help manage all these passwords, a good password manager - an app designed specifically to securely store your passwords - is recommended.

 

Such an app can also generate random passwords that meet the CSA's recommendations.

 

Some of the most popular password managers are LastPass, 1Password and Keeper, but there are many others available.

 

When choosing a password manager, the key features to look out for are its ease of use, reputation and subscription cost.

 

Enable two-factor authentication

 

Be sure to secure your cloud accounts with two-factor authentication (2FA) whenever possible.

 

Also known as two-step verification or dual-factor authentication, 2FA is a security process where you are required to provide additional information to verify yourself beyond the initial password.

 

This adds an additional layer of security to prevent your accounts from being hijacked so that you can work undisrupted.

 

2FA is implemented in various ways, such as using hardware or software security tokens, codes sent in an SMS, or even biometric factors such as fingerprints or facial scans.

 

Recent scams targeting bank customers have shown that SMSes might not be that safe if your mobile number is known to the attacker or if there is malware on your phone that can hijack SMSes.

 

So, you might want to consider opting for other authentication methods if they are available.

 

As for hardware security keys to secure your accounts, one popular option is the YubiKey security dongle. It can be used as a physical 2FA device for your Google account, or for storing the secure password for your password manager.

 

One of the newest dongles in the line, YubiKey Bio, offers an onboard fingerprint scanner and will work out-of-the-box with common operating systems and browsers such as Windows, macOS and Chrome.

 

Security dongles from other brands with similar capabilities are available but be sure to do your own research to ascertain their reputation and compatibility with your devices.

 

Source: The Straits Times © Singapore Press Holdings Limited. Reproduced with permission.

---

ALL views, content, information and/or materials expressed / presented by any third party apart from Council For Third Age, belong strictly to such third party. Any such third party views, content, information and/or materials provided herein are for convenience and/or general information purposes only. Council For Third Age shall not be responsible nor liable for any injury, loss or damage whatsoever arising directly or indirectly howsoever in connection with or as a result of any person accessing or acting on any such views, content, information and/or materials. Such third party views, content, information and/or materials do not imply and shall not be construed as a representation, warranty, endorsement and/or verification by Council For Third Age in respect of such views, content, information and/or materials.