Security blogs

Working from Home

With the significant increase in social engineering attacks, especially in light of the “work from home” requirements, I am finding myself in an uncomfortable situation. Many companies are expecting their staff to work from home, be positive and productive in light of the need to self-isolate.

Unfortunately, cybercriminals also working hard to attack people working from home, acknowledging that home security systems and security behaviours don’t have the same controls as the office.

With this in mind, we need to take extra precautions to ensure the safety and security of organisational information systems being used by staff at home.

  1. Find a place in your house and make it your office. Do not share it with others while you’re working.
  2. Don’t leave confidential information lying around the house. Lock your work device when you finish using it.
  3. Do not email yourself documents to your personal email address to make it easier to print at home.
  4. Don’t use unauthorised social media applications to communicate with other staff members. Only use the tools approved by your organisation.
  5. Your colleagues are not sitting next to you anymore so verify any request to share confidential information or transfer money even if that was sent from their own e-mail. Always call them and verify the request.
  6. Tried to avoid having conversations next to any IoT device like Alexa or Google Home. They are always listening.
  7. Never share devices or passwords. Devices should not be shared with other family members and they must have a unique password and a lock screen timeout.
  8. At work, you’re not tech support, so when you are at home remember the technical issues should be solved by the experts. Call the helpdesk if you need help.
  9. Don’t let the browser remember your passwords. This would allow anyone who accesses your device to be able to connect to any site that you have allowed the browser to remember your password. Use a Password Manager instead.
  10. If possible do not usual personal computer for work-related activities. If you must please use a virtual private network connection to connect to your work.
  11. If you are using Wi-Fi at home please ensure that you are using suitable encryption, like WPA2, and the Wi-Fi network name should be hidden. This helps reduce the likelihood that someone can connect to your Wi-Fi.
  12. If possible, separate your work computer from other devices by creating a separate network on your Wi-Fi.
  13. Always use where possible, multifactor authentication to log into any site or application.
  14. Make sure that you apply the latest security patches and enabled automatic updates for your operating system and applications on all devices.
  15. Make sure that you have the latest anti-virus installed and have your built-in firewall is enabled. If possible, ensure all sensitive files are encrypted.
  16. Backup all of your data using your organization’s approved backup mechanisms and tools. Not on your device.