Securing Work from Home
Security Tips for Remote Work: As we draw closer to the new year, many of us remain out of the office, remotely working for the foreseeable future. Though by this stage, working from home is likely nothing new, it is vital that during this period we do not become complicit to information security threats.
Before 2021 begins, it is time to take stock of the situation, and think about how well we are maintaining our security and if there is anything that can be improved. Below are our top ten security tips for remote work.
Ensure Physical Security
Just like at any office, a level of physical security must be maintained to help protect valuable or confidential information. Unlike an office, during times of remote work, this responsibility falls to staff.
Those working from home, will invariably already have an incentive to maintain physical security, i.e., protecting their personal property, though organisation should help to encourage additional physical security practices beyond just locking doors and windows.
For example, making sure devices are locked or shut down, and left out of sight if nobody is in the property. Likewise, assuring that devices are locked around roommates, children, or others is equally important. Though unlikely to be malicious, these sorts of security incidents can easily occur by accident.
Provide VPNs and Network Security Solutions
One primary concern for the remote work environment should be the security and integrity of internet connections.
With many working being forced to use their own home networks, secure and reputable virtual privacy network (VPN) solutions should be provided so information can be sent and received in a secure fashion.
As well as this, staff should be informed about the potential dangers of using public Wi-Fi networks; understanding that with readily available software, attackers can easily intercept data transferred to public networks by means of what is known as a ‘man-in-the-middle’ attack.
Encrypt Sensitive Information
As a form of cryptography, encryption is a process that obscures information from non-authorised parties and is an essential method of securing information in any working environment, including working from home.
If your organisation is working with personal data, having adequate encryption to protect this information is not just good practice, but also a legal requirement under the General Data Protection Regulation (GDPR).
Ensuring that information is not just stored, but also transferred in an encrypted form, is a fundamental to maintaining security in a remote work environment.
Separate Work and Personal Devices
Though the divide between personal and professional equipment has likely become somewhat blurred for many in the last year, maintaining a degree of separation is always going to be best practice.
For example, avoid sending work related emails for private email addresses and vice versa. Not only does this betray a lack of professionalism but can also lead to the potential compromise of sensitive information.
By maintaining separation between work and personal devices you also lower the chances of both informational systems being compromised in the event of an information security incident.
Keep Software Up to Date
Regardless of whether we are talking about personal or professional devices, it is always best practice to ensure all software is as up to date as possible, as even a few hours can mean the difference between compromised and secure.
If staff are using company issued devices, there should be protocol in place to keep software up to date and secure, rolling out updates as and when they become available; though for staff, it can be tempting to delay these sorts of updates for convenience sake, even when all that is required is a simple computer update and restart.
Ensuring employees and staff are reminded of this risk can go a long way in protecting information security.
Maintain Router Security
As well as the protection that virtual private networks provide, ensuring that home networks are configured in the most secure way, not only improves the personal information and cyber security for staff, but also adds an additional layer of security to remote work.
Depending on the model being used, staff may be using a more or less secure form of encryption to carry data; from the weak and outdated WEP (Wired Equivalent Privacy) to the common and strong WPA2 (Wi-Fi Protected Access II). Whenever possible the most secure form of encryption available should be used.
It is also recommended that WPS (Wi-Fi Protected Setup) is disabled. This function, which allows a quick method of connecting devices can be convenient but could also allow anyone with momentary physical access to the router, permanent access to the network.
Additionally, creating a media access control (MAC) address filter allows users to build a list of trusted devices which are permitted to connect to the network, whilst excluding non-trusted devices.
Backing Up Procedures
When working on devices in the office and on a secure network, the practice of backing up important information is invariable a regular, automated process.
With work being completed on company-issued devices and being stored on organisational networks, this process has likely not been interrupted by the remote work situation; though if members of staff are expected to work on other devices, alternative back-up solution should be considered.
As with the general storage of information, alternative, or non-centralised back-up solutions should provide adequate security in the form of encryption and password protection.
Malicious software can come in many forms, from capricious viruses that spread throughout your system and wipe data for no apparent reason, to extremely targeted ransomware which renders data inaccessible, allowing attackers to demand payment in exchange for decryption keys.
As already noted, the cross-over between work and personal devices is likely at an all time high, with the general vigilance of staff potentially diminished as a result of the unusual circumstances.
Though it may seem obvious, providing a robust and effective antivirus solution to those working from home will help protect your information from a whole host of easily avoidable security issues.
Don’t Neglect Password Security
Password security should always be a top priority for organisations and employees. If employees are dealing with a plethora of different accounts and passwords, this may mean providing a robust password manager solution; though at its core is ensuring members of your team understand the importance of creating and maintaining strong passwords.
One of the most common methods of creating a secure, yet memorable password is to combine 4 unrelated random words, such as ‘CorrectHorseBatteryStable’ (although not that). To make it more difficult for this to be ‘cracked’, it is important these words have no relation to the user, i.e., username or date of birth.
Whereas a two-word combination may be broken within a few hours, if you ensure that the password is at least 15 characters long, the ‘would-be’ attacker will be waiting years to crack your password.
Continue Remote Information Security Training
Security Tips for Remote Work helps improve home working practices, but effective information security awareness training is one of the best ways of maintaining strong safety measures during this time of remote work.
By educating members of staff about a broad range of vital information security topics, every member of an organisation can act as a defensive line against attackers and threats.
Hut Six offers a comprehensive and effective solution for information security awareness training. Covering a broad range of relevant topics, including remote work, encryption, social engineering, and phishing attacks, Hut Six training allows your organisation to train, test and track your team’s progression towards an information security culture in the office and at home.
Hut Six training has a range of solutions to perfectly fit any organisation. With concise and engaging tutorials, real-life scenarios, customisable content, phishing simulator and easy-to-use LMS dashboard, you can protect against a wide range of threats and help protect your information at a cultural level.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
iOS Wi-Fi Exploits, School Ransomware & Vaccine Supply Chain Targeted - InfoSec Round-Up Dec 6th
Building a Business Case for Information Security Awareness Training blog by Information Security Awareness Training provider Hut Six.
€50M Ransomware Attack, Spotify Details Exposed & Man-United Breach - InfoSec Round-Up Nov 29th
How Zero Trust Works - Zero Trust Security blog by Information Security Awareness Training provider Hut Six Security.
Facebook Scammers, $2M in Stolen Crypto & Russian Cybercrime Surge - InfoSec Round-Up Nov 22nd
How to Write a Cyber Job Specification: Finding the Best Cybersecurity Talent. Cyber blog by Information Security Awareness solution provider Hut Six Security.
Relationship Fraud, DoppelPaymer Attack & DWP Leak - InfoSec Round-Up Nov 15th
Marriott Breach, eBay USB Drives & Possible Capcom Ransomware - InfoSec Round-Up, Nov 8th
How to Build a Cyber Team - Top Points to Consider When Building Your Team. Blog by Information Security Awareness solution Hut Six Security.
Vaccines Under Attack, Finnish Patient Blackmail & ICO Enforcement - InfoSec Round-Up Nov 1st