In the past globally company IT systems that were not configured work remotely. However, with the COVID-19 pandemic lockdown of many countries, many organizations and their staff are now in the situation of forced to full-time Work From Home (WFH). When we are Work From Home we should consider the following security tips for working from home.
We wanted to bring you some Security Tips for Working From Home to help your company and your staff stay secure during the COVID-19 pandemic. It will help not just to protect end-users also it will help security, IT Teams, and IT departments who suddenly need to secure their workforce.
Security tips for employees working from home
Every computer operator required to think about physical security shouldn’t go out the window when you’re working from home. As a best practice you lock up the office when you leave for the day, do the same process when working from home.
Work Data and Personal Data
As a topic describe it might be easier said than done, but this is a very important factor for your work life and home life, especially while working from home. This can help reduce the amount of sensitive data exposed if your personal device or work device has been compromised.
Finetune your Wi-Fi ADSL Router
A traditional home broadband routers or modems are using its default firmware to provide layer 3 or layer 2 function with end-user. During the router configuration, most of the telecommunication engineers do not think about putting a complex password on their router. Changing your router’s password from the default to something unique is a simple step you can take to protect your home network from malicious actors who want access to your devices.
OS and Application up to date
Here’s how to check if your operating system still in support life span:
- Windows: Check the Windows lifecycle fact sheet
- Linux: Most active kernel image OS are well supported
- Android: Security updates target the current and last two major versions but you may need to check that your manufacturer/carrier is sending the security patches to your device.
- macOS: Apple has no official policy for macOS. That said, Apple consistently supports the last three versions of macOS.
Active automatic Desktop Locking
When we do, automatic locking is there to protect our unattended devices. This is one of the simple techniques Security Tips for Working From Home. If you go away from your laptop at your home or office, you should lock it. The issue is as humans, we forget.
Use complex Password or PIN on your Laptop
This is a basic security tip that every computer operator should follow. Make sure to avoid anything that’s easy to try, such as birthday, home number or (e.g. 123456, 654321) or common passwords. Additionally, don’t use anything that is related to you, such as your date of birth, address, etc. A good pin/password should look random to anyone that’s not you.
Use modern authentication methods
Two-factor authentication used to grant only after successfully presenting two pieces of evidence to an authentication mechanism. This method dramatically reduce the risk of successful phishing emails and malware infections because even if the attacker is able to get your password, they are unable to login because they do not have the second piece of evidence. The best practice is to use an authenticator app It’s important to be aware that while convenient, SMS is not a good choice for the second factor.
What is find my device and remote wipe?
Traceability is ideally remote your device is a crucial part of ensuring information security when a device is lost or stolen.
- Windows: Enable in Settings > Update & Security & Find my device.
- macOS: Setup iCloud on your device by going to Settings > Your Name > iCloud > Find My Mac.
- Linux: Not built into the operating system and requires a third-party app
- Android: Set up a Google account on the device and it will be enabled by default.
- iOS: Setup iCloud on your device by going to Settings > Your Name > iCloud > Find My iPhone/iPad.
Security tips for employers working from home
More time on cybersecurity awareness training
During the COVID pandemic company workforce stuck to home and this is a good time to provide and interact with the team for good training or teaching about cybersecurity. This will impact the awareness of the end-users, as well as we management, have more interactive sessions with end-users during the lock down situation.
Teach your staff how to:
- Recognize phishing, spear phishing, and whaling attacks.
- Avoid malicious email attachments and other email-based scams.
- Identify domain hijacking and typo squatting attacks
Implement email security practices
Email security is important because malicious email is a popular medium for spreading ransomware, spyware, worms, social engineering attacks, spear-phishing emails and other cyber threats. In general, you want to ensure you have adequate SPF, DKIM, and DMARC policies to prevent email spoofing.
Use access control
If we have a good department structure within the organization, we can be Implementing an adequate access control policy, such as role-based access control (RBAC). This can reduce the risk of data breaches and data leaks that involved privileged escalation attacks.
Practices about cyber hygiene
This is good practice to follow when we are deal with Security Tips for Working From Home
Cyber hygiene should be viewed in the same manner as personal lifestyle hygiene and, once properly integrated into an organization will be simple daily routines, good behaviors, and occasional checkups to make sure the organization’s online health is in optimum condition.
Policy to enforce strong passwords on employee devices
This is something key factor on ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS). Ensure that your staff must use strong passwords by enforcing password requirements on company devices.
Encrypt all company devices
Top management, finance, human resources and systems administrators are always deal with company sensitive data structures. Encryption is the process of encoding information so only authorized parties can access it. While it doesn’t prevent interference and man-in-the-middle attacks, it does deny intelligible content to the interceptor.