The digitalization of the working environment is experiencing a significant boost: Working from home, telecommuting, and mobile working are establishing themselves as alternative forms of work and are leading to the widespread use of digital work tools. Numerous paper processes must be digitalized, with working from home, bringing your own device (BYOD), and cloud applications acting as helpful drivers. Currently, new standards are being established that affect the spatial and temporal distribution of work. Companies and government agencies alike are being forced to try out new ways of working and to create solutions for a smooth everyday working life.
These opportunities for IT security are often accompanied by the challenge of converting the corporate IT infrastructure to remote access virtually overnight. As a result, many public authorities and enterprises have found themselves in a sort of accelerated digitalization process, because their employees are all working from home – a situation that very few of them are sufficiently prepared for. To support government agencies and businesses in building a secure home office environment, here are nine tips for working securely from home:
Work-from-home tips to increase the IT security of your employees
1. Inform employees about IT security and data security
Clear and binding regulations regarding IT security and data security should be communicated immediately in writing to all persons concerned.
2. Designate unambiguous communications channels and contacts
Clarify responsibilities and contact persons in the event of loss of components and reporting paths. These communication channels should be known to all employees and be verifiable by the employees.
3. Physical security measures for working from home
Employees should be urged to personally take specific security measures when working from home as well as in the office. This includes physically safeguarding the workplace against attack, which means locking doors and blocking screens. It is also advisable to cover the webcam on the desktop computer or laptop and to position screens so they cannot be seen from outside.
4. Wi-Fi and password security in home offices
Employees should secure their home Wi-Fi by changing the default administrator password, activating WPA2 encryption, and using a strong password.
5. IT security: watch out for phishing and CEO fraud
Create awareness of attacks aimed at obtaining information and data that contain references to passwords, banking relationships, or access to systems or applications. Draw particular attention to CEO fraud. Social engineering poses the biggest risk in the home working environment. Attackers misrepresent themselves and use tricks to induce incorrect employee behavior. Email phishing is part of this, but special caution is also important with phone calls, text messages, social media content, and fake messages via messaging services used for collaboration in company applications.
6. VPN – secure communications in the home environment
Employees should be provided with secure communications channels to access corporate resources. Where possible, use virtual private networks (VPNs), which act as agents to establish connections from the user’s endpoint to the corporate network though a secure tunnel.
7. MFA and 2FA – secure passwords for secure applications
Secure passwords provide additional protection against unauthorized access to applications. Ensure that employees establish complex and unique passwords, and additionally use a multi-factor authentication mechanism (MFA or 2FA). Passphrases are good passwords because they are as long as possible, complex, and use unpredictable terms or sentences. “We encrypt data storage media!” or “do not link cells in Excel” are examples of passphrases. Both are strong, contain many characters, and are easy to remember and type, but they are difficult to hack. Augment them with symbols, numbers or uppercase letters. If your employees need a unique password for each of your required applications, it is advisable to ensure they use a password manager, which is a program that saves passwords in a sort of safe and automatically retrieves them when needed. And using unique passwords for each resource is highly advisable. Otherwise an attacker only has to succeed in compromising one of the websites you visit to access all of the users’ passwords – including yours – and then simply log in to all of your other accounts.
8. Update operating systems, web applications, and apps
Ensure that all technologies used are up-to-date and that updates are implemented regularly. Employees should always work with the latest system version.
9. IT security when working at home
Every employee should regard laptops, company mobile phones, and other resources, such as files and internal resources, regardless of their location, as what they are: simply resources. Sensitive company data remains sensitive no matter where it is, and controlled access to endpoints must always be maintained. Screens should not be visible to other persons in the home, in the office, or through the window. Screens should always be locked during breaks. Such policies are important to foster data awareness and in the interest of corporate security – at home as well as in the office.
Information security should always have highest priority
Security can suffer when new digital processes, technologies, and applications are not yet well established. In the home environment as well, information security should always have the highest priority. Enterprises should define and apply security strategies for every remote employee – whether permanent, external (fixed freelance), partner, or service provider – in order to fulfill their business objectives, remain productive, and minimize the risk of cyber attacks. IT security should never be so complex that your employees are not able to apply individual measures. Especially now, with phishing attacks on the rise, it is important to strengthen awareness of digital security. Attackers may take advantage of the current situation, so you must be especially alert to phishing emails and fraud. Encourage your organization to take suitable strategic and process measures to remain resilient against heightened attack scenarios due to localized work arrangements.
Since February 2017, Daniel Heck is Vice President of Global Marketing of Rohde & Schwarz Cybersecurity. Daniel has many years of experience in international marketing for IT security and topics such as customer relationship management, enterprise content management, search technologies, and e-business. Before joining Rohde & Schwarz Cybersecurity, he was Senior Director EMEA Marketing at SugarCRM, a provider of CRM software. Daniel knows the cybersecurity industry from his leading positions in marketing at Eleven (CYREN), LogLogic (TIBCO), and Surfcontrol. He has achieved outstanding growth results in his career to date and is particularly familiar with the branding and expansion of IT solutions.
Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.