It may not be as safe as you think, and security tools for the home computers are not as effective as they may be at your business…
There have been a number of articles on the Internet in the past year about anti-virus products becoming ineffective at detecting and defending against today’s malware. A recent report, published by the reputable security firm Imperva, states that the detection rate of a newly created virus is less than 5%. The hackers are ahead of the game; finding new ways to write their code to go undetected. They also package the harmful software and make it available for use by others with prolific tools known as “exploit kits”. This is of concern for businesses, which have become increasing targets for intellectual property theft, fraud, or theft of employee or customer information. A more important question is what does this mean for the data stored on your home computer and what can you do about it?
What is the risk?
Personal computer users are easy targets for hackers. Many people do not believe they have data worth stealing, after all, the hackers are not likely interested in the photographs from last year’s visit with Uncle Bob and Aunt Bea. Here are some of the data hackers could be interested in that most people do not think about:
- The passwords stored in your browser or in a file for accessing business and cloud computing resources such as Citrix, e-mail, online payroll processing, and document storage.
- The files you emailed to your home for printing or brought home on a portable device to help work with an important client or internal employee matters.
- Personal data such as social security numbers, e-mail contact information, medical insurance documents, banking or tax preparation information.
Hackers typically do not infect only one computer, they distribute the malware across a range of computers using something known as botnets. While accessing one home computer may not yield a valuable harvest of data, the aggregate data from a number of computers using botnets is quite useful for hackers wanting to commit data theft, fraud, or to steal identities.
Security experts in business are working diligently to install multiple layers of advanced and innovative technologies to detect and defend against these threats. They use terms and implement tools that aid with “sandboxing”, “whitelisting”, “advanced threat monitoring”, “network forensics” and more. These terms have great meaning for business security specialists, yet very little meaning for the ordinary person who is just trying to enjoy their PC or do a bit of work from home. The advanced tools security experts use to defend a business network against attack, are not always readily available in the home-use market. This is a concern as home computer usage can become the weakest link in businesses data protection efforts.
What can be done to minimize data theft from your home computer?
In the absence of advanced technologies for defending against malware for home PC’s, here are some tips that can help keep sensitive data safe if you must take work home:
- Talk with your IT department: Chances are the IT group has already prepared guidance and options available to keep your business information and personal information protected while working from home.
- Use a secure laptop: Many businesses offer well configured laptops that have enterprise monitoring tools to defend against threats not available to ordinary home users. If your business offers this facility, be sure to use it.
- Run anti-virus: While anti-virus products are behind in defending against malware, they are making progress with advancing capabilities to detect configuration changes to a PC or block dangerous web sites and software. Most would agree, an anti-virus product should still be used. Many anti-virus vendors offer businesses a home use program; ask your IT department if you may obtain a copy through this program. Even if the service has a fee, it is typically at a discount and worth the investment.
- Separate sensitive data: Keep sensitive data in a separate location from browsing and other personal activities. Consider a separate storage device that requires a password each time the data is accessed. Products are available such as USB drives and portable disks from Imation that require a password to access encrypted sensitive information. The encryption is helpful to ensure data cannot be accessed when the device is lost. Disconnect these disks when the data on them is not in use.
- Avoid auto-saving passwords: Do not store passwords in the browser using the save button. These stored passwords are fast and easy targets for hackers and are frequently collected by malware.
- Sandbox your browser: Consider using your web browser with sandboxing enabled. Web browsing, or clicking on web browsing links in e-mail, are often used by hackers to gain access to computers. Sandboxing attempts to shield the computer operating system and data from attacks to the browser. A free browser tool is provided by Sandboxie. Additionally, some anti-virus products, such as Bitdefender for example, offer this capability.
- Maintain current patches: Be vigilant about keeping your home computer patched and up to date when Microsoft, Apple or the provider of your choosing offers them.
In addition to the above tips, the National Cyber Security Alliance provides up-to-date information for protecting your home computer and network. Consider bookmarking this site and visiting it regularly for news and tips you can use to protect your personal and business information at home: http://staysafeonline.org/stay-safe-online/