Working from home has become the new norm for many people, especially with the recent health crisis, and we must take some time to consider the security implications of working from home. You may not realize it, but when you begin to work from home, you have created an arrangement with your business to open a branch office in your living room, and with that you will now be exposed to the same level of malicious targeting, without the infrastructure to keep you secure. The resources a business puts towards IT security is not insignificant, and when you move to a home office you need to consider those efforts, and then make some of your own to keep your branch secure.
Lets consider your network infrastructure and discuss some ways that you can make it more secure in the same way that a business will:
- Ensure that you are not using the default password that came with your router. There have been numerous incidents in the last few years where home networks were compromised because of the default password remaining in use (Krebs on Security).
- Keep your home computers, and devices, including cell phones, are running the latest version of all of their software. In a business automated systems are keeping your Operating System up to date, but they often do not exist at home. Patch everything!
- Ideally use a wired connection to the internet where possible. WiFi is very convenient, but you may discover issues with network speed or occasionally being dropped from the network. Additionally since WiFi is being broadcast outside of your office, it is essential that you are using a secure passphrase and that you are using at least WPA2 to secure your communication. It would also be a good practice if you didn’t share your WiFi details to your friends and neighbors. When you do share your WiFi access you are essentially making them employees at your branch office, and trusting them with your companies security.
- Secure your work-space. Make sure you are not going to trip over a power cable, or that a careless user of the kitchen faucet will destroy your office. Consider setting up a safe space to work, and keep the same practices you would at the office, locking your workstation, using secure passwords, and be cautious about the websites you visit. You may also want to look at setting up a backup in case something does happen, the impact to you will be reduced.
- Don’t forget anti-virus. There are a lot of really good options available, and I am not going to make a specific recommendation; however, I do recommend talking to your IT team about what they recommend. I generally suggest staying away from free solutions with the exception of Windows Defender that is included with Windows 10.
The most likely method of cyber attack you experience will be Phishing. If you don’t know what that is let me start with a high level over view. A Phish (pronounced fish) is an email sent to you with the intent of stealing your credentials, convincing you to provide information, or install malicious software. These messages usually attempt you to manipulate you with a strong sense of urgency, and often fear. Phishing is widely considered to be the number one security threat to all businesses worldwide. The reason for this is primarily because they attacking the human and not the security infrastructure. Criminals are taking advantage of the current world situations, and using it to encourage you to make quick, emotional and risky decisions. The best defense you can have right now is to look at your emails with a critical eye and take 1 or 2 seconds to evaluate if the message seems legitimate or not. If you have ANY doubt, send a request to your IT team to investigate. The extra time you spend in the day will be made up easily the first time your network is breached because someone stole your work login.
Password security is going to be critical. You may remember a few months ago when the news was full of discussions about Disney+ being hacked and millions of accounts being compromised. The reality of that “breach” was actually millions of users had re-used passwords, or picked incredibly common passwords, and these attackers were able to guess what their password was (CNN). Keeping your home accounts safe and secure is now more important because your security is going to directly impact the security of your business. I recommend utilizing a password manager to allow you to have long, complex, and unique passwords for everything, and for something you need to actually memorize, like your computer login, use a passphrase consisting of 3 to 4 words and include a number and symbols. You can read my previous blog post about passwords for a more in-depth look (Phone Experts).
Lastly, consider your working environment. The desk and chair you use at the office are typically comfortable and ergonomic, ensuring low levels of Repetitive Strain Injuries; working from your kitchen table, on a hard wood chair is almost the complete opposite, and can have long term impacts on your health. Do your best to adjust your working environment to allow for sitting comfortably, keeping your wrists in a neutral position, and resting your feet squarely on the ground (Wikipedia). You may question my inclusion of ergonomics with a blog post about security, but I assure you that being able to focus on your job, instead of the throbbing in your wrists will allow you to make better decisions when reading the email “from IT needing your password”.
The transition to working from home takes some time to adjust to, and usually you have more time to create processes and deal with the above concerns. Unfortunately, many people were told that they needed to work from home as a safety precaution, and did not have the necessary time to prepare adequately. Take some time and go through these recommendations, talk to your IT team, and make sure your branch office isn’t the source of the next breach.