Working From Home: Continued Security Vigilance

Working From Home

When working from home you take more of the workday structure upon yourself to stay on track and get the work done properly and in a timely fashion. This includes continuing with strong and consistent security practices regarding technology. Whether you are taking a laptop home for the first time or you already work from home often, getting set up properly and staying secure requires taking some time to configure your workspace and maintaining workflow habits that keep both you and your colleagues secure.

Laptop

It is important to get hardware that actually supports the work you are doing. Some people are better of not working at all instead of wasting their time on a subpar system. Consider the software you use often. Go to the company pages to find out what the requirements are. If you have to run multiple applications at the same time and maintain a smooth workflow, the requirements go up, as will the price of the hardware. Besides laptops or computers, also look at your peripherals like screens, headsets, printers, and even items like a mouse, keyboard and cables. Investing in quality goods will save you from hours of frustration later. If you have an IT department, make sure they are properly informed about your needs. Then they can recommend and stock the necessary hardware. If you have to use your personal equipment, for whatever reason, make sure it is capable of fulfilling your demands. For example, older or cheaper CPU’s won’t keep pace. Whatever security software or configuration you go with, it won’t do you any good if you turn it off in an effort to speed up the computer.

Avoid ‘Shadow IT’

Shadow IT is software that staff installs to get things done but isn’t checked or authorized with IT. Whether it is you or an IT department that is in charge of your system and all the programs on it, unnecessarily increasing the attack surface of your system is just leaving your system more vulnerable. Those in charge of the systems need to make sure that enough approved software is available to get the work done. It is always a balance between security and usability. Even if you’re not in charge of the software installed, check for end-to-end encryption and multifactor authentication. Programs that are vulnerable to exploits can lead to a compromised system, whether it is sensitive documents leaking, ransomware or any number of nuisances. Remember that cloud storage and cloud applications can have serious vulnerability holes as well.

Networks

When working in a larger company, it is likely that you need to access a company network. Make sure networks can be accessed safely. Consider a virtual private network (VPN). These are designed to provide encrypted access between users and the network. Here too it is important to keep the attack surface small. Consider user rights and access nodes when selecting network solutions. There’s no point in investing in a powerful system that is merely configured to let anyone in. Make sure login credentials are kept safe. Remember that login credentials might get shared to parties that shouldn’t have access. This could be an attacker in disguise.

Management

Whether it is mobile devices like phones and laptops, or even desktops, they all need managing for software, security or hardware updates. Consider Mobile Device Management (MDM) software to help you deploy software and system updates across the board. Remotely back up data, quarantine or remove malicious and unauthorized software. Monitor for malware, threats and even set up secure containers for sensitive files. Wiping a device remotely can come in handy when an employee leaves the company and can’t bring in the devices right away.

Security Habits

Establish user right to enforce who can enter what area of the network while maintaining enough freedom to do their job. Use firewalls to block external systems. Use multifactor authentication for access, like a password and a dongle for example. Make sure employees get at least basic training in cybersecurity. This could be simple rules like not sharing passwords or like screen locking when leaving your device, even if only for a very short time.

Hardening

Make sure your system is hardened to decrease the attack surface and block access where needed.

Continue following company security policies when working remotely. Vulnerabilities don’t disappear when you are somewhere else. This includes refraining from untrusted software or websites, remaining watchful with phishing emails, not opening links or files from unfamiliar places. Check sender identity, email addresses and domain names carefully. When in doubt, try to reach the sender via another channel to verify identity and integrity of attachments.

Continue using multifactor authentication, if this was already available. Accounts that rely solely on a password will need to be extra careful regarding password strength. Key is its length (at least 8 characters) and using a combination of letters, numbers and special characters. Make sure passwords are unique so that a compromise in one area doesn’t reach the rest of the system.

Harden your home router. Make sure its firmware is up-to-date so that you have the latest security patches. Set it to automatically update or at least email you at an actively monitored email to notify you of available updates. If you use wireless (Don’t!), set it to the highest available level of encryption and turn off WPS.