In the first part of this series, I wrote about some ways to secure home networks, password creation guidelines, two-factor authentication, and mobile security. In this article, I will cover application security and OS security. As we’re becoming more comfortable working from home, hackers are increasingly targeting remote workers. I would first like to discuss a few simple rules that would help remote workers prevent a cyberattack.
By Brian Pereira, Principal Editor, CISO MAG
Rule #1: The cardinal rule is, keep your office device and home device separate. DO NOT use the same device for official and personal work. Never allow your family members to use your office laptop or install games or apps on it.
Rule #2: Uninstall all unnecessary apps from your office laptop. Make sure you are using original versions (not cracked) of the operating system and the applications.
Rule #3: Update your OS and apps regularly – on both your laptop and smartphone. There will always be weaknesses in software and hackers will look for those and exploit them. Software developers patch their apps and release new versions. Yes, OS updates can take a long time and will require you to restart your laptop (several times). Schedule your OS updates for early morning or late at night.
Rule #4: Change passwords every 30 days or so. DO NOT use the same password across cloud services. There are password managers that can help you remember all those passwords, but I would not recommend those. Write passwords in a little red book and store it at the back of your drawer or in a safe at home! Use password phrases that you can remember, with a mix of upper and lower case letters.
Rule #5: Change the default admin password on your home router. Home routers and access points have default usernames and passwords like “ADMIN”. Just read the router manual and you’ll see it. It is easy for a tech-savvy neighbor to guess the default password and hack into your home Wi-Fi network for free connectivity. The hacker will also be able to take control of all the connected devices in your home and steal data and other passwords.
Windows Security Tips
There are also a few other things that can be done to strengthen Windows 10 security on your office laptop. That comes with a caveat: your office IT administrator may have already tightened controls, so end users may not be able to change these settings. However, you can always check these Windows settings.
- Rename the admin account – “Admin” or “Administrator” are names that hackers look for. So, if you can, rename the admin account to something that is not so obvious. Use “Edit Group Policy” in Windows 10 to do this. (Ask your office IT administrator).
- Delete/disable extra admin accounts – Admin accounts have the most privileges and hackers always look for these accounts. There is a possibility that your IT team created multiple admin accounts while maintaining your laptop. Search for those extra admin accounts and delete them. Run the “msc” Windows utility to do this. (Ask your office IT administrator).
- Disable the Guest account – It has minimum privileges and is meant for temporary use. But it can be exploited by hackers. So, disable it after it has served its purpose. Use “Edit Group Policy” in Windows 10 to disable the Guest account. (Ask your office IT administrator).
- Increase security of UAC – User Account Control limits privileges and access of users, depending on their profiles. Start > Control Panel > System & Security. Under “System & Maintenance” click “Change User Account Control Settings”.
- Use Windows Encrypting File System (EFS) – Right-click on a file or folder > Properties > General tab > “Advanced” button.
- Use Windows Bitlocker drive encryption – Type “Manage Bitlocker” in the search box near the “Start” button.
- Disable Jumplists (recently opened) – Start > Settings > Personalization. Select the “Start” option and turn off various options.
- Set a user account password for your office laptop – Start > Settings > Personalization > Lock Screen. Go to “Sign-in” options. (Only the Administrator account will be able to change this – so contact your system administrator).
- Disable file sharing – Start > Control Panel > View by large icons > File Explorer Options > View Tab > Scroll down the “Advanced Settings Pane” and uncheck “Use Sharing Wizard (Recommended)”.
Well, if you’re unable to find all these security and privacy features in Windows 10, ask your office IT administrator to assist you.
To be continued…
Part-1: What Every Employee Can Do Now to Strengthen Security at Home