The transition to remote work caused by quarantine created new digital risks for many organizations. The office was equipped with infrastructure (computers, measures, office mail, etc.) for efficiency – and safety – for which people with specialized technical knowledge and receiving a salary were responsible.
With these new changes, it is crucial to know how to know about digital security, keep reading and learn everything you need to know in order to stay safe while working online.
Digital Security: Intro
With the transition to permanent work from home, employees work from personal computers (often used by a boyfriend and children). The tuning router always checked the main, who connected to the Internet.
Ironically, many journalists were prepared for these new risks because they often worked from personal devices, used personal email, and used their records in social networks and messengers.
Earlier, journalists answered themselves or contacted digital security consultants to ensure these resources' safety and correct setup. So the risks have not mainly changed, except for the broader use of tools for collaborative work and communication, such as Trello, Zoom, or HPC services, especially in the engineering sector, when personal computers alone would not be enough to handle the tasks.
Digital Security: Adjusting
On the other hand, you can use this situation as an opportunity. If someone quarantined himself to restore order in his apartment, why not do the same with your digital resources?
Accessibility is also safety; How not compromise? It is nice to use all the tools digitalization brought us. It feels good that finding help with python homework takes just 1 minute, but users pay with their data for such facilities.
In that very same metaphor, it's important not to go so far as to make sure that the housework doesn't degenerate into repairs, for which this is not the right time.
Typically, most of the discussion about digital security concerns how to protect your resources (email, social media, devices) from intruders. But preserving access - so that you can continue to use your mail, computer, stored files, etc. - is also a non-pecuniary issue.
If you too much care to establish harmony and adjustment of security, there is an excellent chance from zero that you will lose your working tool at some point. You changed your password in a hurry, and then you forgot it.
To regain access to an electronic screen or computer, you will have to go through password resetting, which can be difficult and time-consuming. It is impossible to reset the password in some cases (master password for a password manager or administrator password on the encrypted computer).
Due to quarantine restrictions, it may be challenging to get help from the system administrator at work or in the service center. Therefore, you should specify the communication channel with a person who provides IT support and the conditions of such a license: whether the person offers remote support and where to contact them if anything happens. Let's say you've always communicated on Facebook Messenger, but something happened to your Facebook account?
Digital Security: Great Digital Scavenging
Take a look at the list of things you've wanted to clean up for a long time. Electronic mail (so, all these million screens), social networks, dark stores, flash drives, and external disks, computers, smartphones, old smartphones, another smartphone, which is mainly used to play with children, but from which there is still access to electronic mail and Google Drive with working information. All of this list will turn out differently. You should take enough time and not forget to remember all those things you were going to get on well for a long time but did not get around to. Even if they do not come now, you will at least know what you have.
Digital Security: Mail And Other Services
First of all, guess how many of your posts you have in general. Maybe there are some old ones you haven't used for a long time, but they are listed as renewal methods in your other emails or social networks? In other words, these postal screens can give you a code or a link to share your password for your current postal screen, Facebook, or another account.
The danger lies in that cybercriminals have access to such a long-forgotten mail screen. However, if the password for this screen has also been reused for other sites, one of them has become a data worm, and this password is now available to cybercriminals.
These old data mail for renewal of the account should be deleted, and you should indicate there is another mail, correctly set up and protected by two-factor authentication.
If you have not tried to do it before, it is also an excellent opportunity to set up two-factor authentication. If two-factor authentication is set, check where the backup codes are stored. Since, most likely, the second factor you receive either by SMS to the phone or from the add-on on the phone is the backup codes you need in case of loss or malfunction of the telephone. Otherwise, entering your account from the new device will be challenging.
It is essential to check whether your mail forwarding is set to other addresses and whether you recognize all the lessons it is forwarded to. Forwarding is a handy mechanism, for example, if you "move" from your old mailbox to the new one. But if you no longer have access to the screen to which the mail is forwarded or do not recognize it, these addresses should be removed.
Most modern postal services allow you to check open sessions: from which devices and programs your account has been accessed. It is essential to understand that logins from two different browsers on one computer will be treated as two separate logins, just like mobile browser logins and mobile mail add-ons on the phone.
Add-ons are third-party services and programs that have some access to the account. If it's about the Google account, they can access both the mail (read, change) and files on Google Drive, documents, programs, etc. For example, you give the meeting planner the ability to add events to your calendar or WhatsApp messenger - to store the history of correspondence in your Google Drive. It's worth checking whether you recognize all the add-ons, remove the ones you don't use (you can always return them if needed), and pay special attention to the add-ons with high access rights.
Most of these items (except for mail forwarding) are relevant for most services: social networks, dark spaces, etc. In addition, if the service you use does not allow you to set up a two-factor or check open sessions, it is worth considering switching to another service.
Checklist to make sure you did not miss anything:
- Two-factor authentication
- Ways to renew the accounting records
- Redirecting the mail
- Open sessions
- Access to accounting records
Who has access to Facebook pages and site administration?
When a new person or colleague joins a project in an editorial office or an organization, they often create a sign-up sheet on the site and add the Facebook pages to their administrators. However, this access is often taken away when a person is dismissed or stops working on the project. As a result, dozens of people who do not work with you have access to posting and editing materials on the site or page, and you do not influence how they protect their Facebook accounts.
The excellent idea is to redraw the list of users with access to the site administration and remove those who do not need this access.
The same is worth doing on the Facebook page: look at the roles of the page leaders and make sure there are no busy people there. In addition, it is worth paying attention to the functions of the users, especially the editors or administrators. The editor's role is sufficient to post and edit additions, review private messages, and respond to comments. Unlike editors, the administrator can add or remove other users, including admins. The more admins on the page, the more chances that one of them will break the registration record, remove the adminship, and lose control over the page. To avoid this, you should minimize the number of administrators (for example, transfer to editors or remove them altogether) and make sure that the logs of administrators are protected (how to do this, we have already discussed above).
If you use business or advertising managers, it is worth checking the roles there. Significantly often forgotten about advertising managers, who can put ads on other people's pages or access your audience's database.
Digital Security: Computer
If you are using a computer together with a cinema, it is advisable to create a separate desktop for each user. You can still use the installed programs, but each user will have a different desktop, history and browser bookmarks, etc. Each of these accounts must have a separate password, but before you create and password new accounts, you should discuss it with the person you share your computer with to avoid misunderstandings.
If you work on Windows, you should also create a separate desktop account with administrator rights (who can install and uninstall programs and make changes to the system) and downgrade your current one to the rights of a standard user. This significantly reduces the chance of infection by malicious programs (for simplicity, they are often called "viruses"). Protection against viruses is more important than having an antivirus running.
But there is one important "but." If you are using a pirated version of Windows, you can never be sure how it was labeled and whether or not you left "back doors" to infect the system. Laman software is considered to be differentiated. In addition, there is a possibility that running updates on a pirated system can disable them, and the device will have to be reconfigured! In this case, you can recommend reconfiguring the machine from scratch by installing a non-pirated system. Still, it is advisable to postpone it for the quarantine period and ask for help from the experts.
You should now remove all the programs that you do not use. Very often on our computers, apart from those needed for work and services, there are "programs for any occasion": a few graphical and video editors (also lamas), advertising browsers, a few programs for screenshots, and a dozen different programs, which were put on the training, but you already do not know what they are for. It is essential to understand that "more - does not mean better in terms of safety. All the programs find faults (which developers close, releasing updates). The more programs you have on your computer, the greater the potential for malicious programs. A good rule of thumb is to remove everything you don't use.
Suppose you have essential information (documents, spreadsheets, photos, etc.) stored exclusively on your computer. In that case, it is worth making a backup copy to which you will have access, even if the computer, for some reason, fails. Large volumes of information, such as videos and photos, are faster and easier to backup to external storage devices. It is easier to store documents and small amounts of data in a small storage device like Google Drive, iCloud, OneDrive, Dropbox, etc. At the same time, you should set up automatic backups, but do not expect that you will not forget to back up everything you need manually.
Checklist to make sure you did not miss anything:
- Create a profile for each computer user
- Create a separate administrator profile, and reduce the rights of the board to standard users
- deletion of occupied programs
- backup copies of important information
- Make sure Windows is updated