There may have been occasions previously where you have had to work from home and utilise a work provided laptop or similar device. Today, everyone who is home working is using options such as their own personal device, a shared home computer, a work laptop, tablets, smartphones… and the majority of these have little central cybersecurity management from your organisations I.T. Security function.
We are using technology in a way never experienced before and many are having to face decisions regarding what they should do, can do or are going to do it anyway!!
Thankfully, even if your employer cannot offer protection to your devices (such as VPN’s, Application Access Management Systems, Enterprise Web Security), or if you are self-employed, there are some simple steps you can take to protect yourself while working from home.
Here are 10 cyber security areas to assist you in home working
- Always use strong passwords for all your accounts
- Set up two-factor authentication where available
- Enable your local firewall
- Use reputable antivirus software
- Secure your home router
- Install updates regularly
- Back up your data to a reputable service
- Use encrypted communications
- Lock your device
- Look out for phishing e-mails and sites
Where there are many more in-depth details to cover for each of the areas listed above, we have briefly highlighted key points below.
Always use strong passwords for all your accounts
A strong password should be a mixture of upper/lower/numeric/special characters and at least 8 characters long.
If you are feeling confident – use a password phrase, proven to be even more secure. Some systems don’t like spaces in the password so you could use (and please don’t – this is just an example):
Thequickbrownfoxjumpedoverthelazydog
Set up two-factor authentication where available
Your organisation should have two-factor authentication to log into their key systems, such a VPN’s or key cloud applications.
You can also do this with major cloud services you may use as home such as data storage solutions, shopping sites and utility companies.
Enable your local firewall
Firewalls act as a line defence to prevent threats from entering your system, they create a barrier between your device and the internet by closing ports to communication. This can help prevent malicious programs from entering and can stop data leaking from your device.
Your device’s operating system will typically have a built-in firewall. In addition, hardware firewalls are built into many routers. Just make sure that yours are enabled.
This is an area where free options, for good solutions, are available – such as Solarwinds, Comodo, ZoneAlarm and AVS Firewall.
Use reputable antivirus software
Not all antivirus software is great antivirus software.
Generally, free antivirus software has an efficacy rate of around 50-60% against today’s real-time threats. Always select a proven vendor who demonstrates 90%+ against real-time threats. Most “100%” guarantees are against known threats… not unknown or mutated threats.
Secure your home router
Most home routers today, Sky/BT/TalkTalk/Vodafone, come with unique strong passwords for the admin accounts and for the WiFi connection. This saves a non-technical user having to attempt to access the router and change the default password.
One common issue we have identified is the location of the router itself. There are numerous times where routers have been placed on window sills, usually because of the convenience of the location of the telephone socket, with the back of the router facing outside. Do not do this. Access to your WiFi or administrator account of your router is access to all the devices connected to your WiFi.
Install updates regularly
Everyone knows that Microsoft or Apple updates come at the most inopportune moments. Half-way through a game of Candy Crush, a movie, a Webex… These updates are important. They contain security updates, patch updates for your operating system and feature updates. Finish your game, movie or Webex and then complete the updates.
Do not keep putting off your security updates. They are protecting you from the very latest threats.
Back up your data to a reputable service
Homeworking will mean access to a lot of critical and confidential information. Your organisation will most likely have measures in place to ensure that data stays within the control of their infrastructure and therefore backup services.
That being said, people will always find a way of working on a design, a spreadsheet, a presentation locally on their device because it is more convenient or quicker.
If you are working like this, ensure that all the data on your device is stored with an offsite (outside of your home/cloud) service provider such as Box or Dropbox or Office 365.
This is will still not be agreeing to your organisations remote working or security policy. Your first option should always be to work on the files whilst using your organisation’s infrastructure. Otherwise, upload your work files at the end of each working day.
Use encrypted communications
If you use a HTTP addressed website, you are transmitting data in plain text and you cannot guarantee where that information is going, is it being intercepted or how it is being used.
You should always look for HTTPS with your domain name. This demonstrates that the communications is encrypted and that the website has a certificate that has been verified by a certificate authority.
If your organisation, or your role, requires you to send e-mail in an encrypted format, then a 3rd party solution, such as Egress, will normally be provided.
Messaging services such as Signal or WhatsApp come with end-to-end encryption rather than your default app on your smartphone.
Lock your device
If you do have to work in a public space, or if you live with people who you shouldn’t share work information with, then it’s important to keep your device secure. Password-locking your device will usually encrypt its contents until someone enters the password.
If in a public place, there is also the option to physically lock your device to a desk/table or suchlike by using a device such as a Kensington lock.
To ensure your information is safe in a theft situation, ask your IT department if your laptop has been encrypted with a 3rd party or service such as BitLocker.
Look out for phishing e-mails and sites
Last and by no means least, in these days of home working, phishing and website threats are at the highest spikes ever experienced.
Homeworkers may feel under pressure to open and respond to e-mails quickly to show they are working and not sitting in the garden. This is great news for potential hackers.
Slow down. Read the e-mail properly. Check the senders’ address. Check for typos, a rushed call to action, a request that is unusual from that sender.
For more information on what to look for in phishing e-mails, see our HMRC Phishing Email blog post.
We also provide market-leading, fully managed Security Awareness Training and Testing. Please visit our website for much more information on this service.
Your organisation should run these types of services for your benefit.