Security Best Practices for Working From Home

In the last couple of weeks, most organizations have transitioned to a work-from-home model for the majority of employees. Unfortunately, we’ve seen a rise in cyberattacks such as Coronavirus-themed phishing attacks and ransomware by hackers taking advantage of these circumstances.

It’s important to be extra vigilant as this may be the defacto work mode for the next few months. Here are some of the security best practices not just for IT and security teams that now need to secure their entire workforce, but also for remote employees who need to take their own precautions.

For Employers:

  • If you are deploying VPN’s or remote services for workers make sure these systems have the latest security patches applied.
  • Enable Multi-Factor Authentication on all portals that allow remote users to access your network and sensitive information.
  • Regularly scan your network perimeter. As more people work from home engineers and power users sometimes open systems and services to the internet that are not protected properly, and that IT isn’t aware of.
  • Make sure your remote workers systems and their security tools are patched and up to date.
  • If Operating System updates are typically downloaded and deployed from internal systems (like SCCM) consider creating an alternate plan that allows remote users to update themselves if a large critical patch needs to be deployed.
  • Roll out applicable work from home security awareness trainings to employees including; Implementing strong passwords, Detecting and Reporting Email Phishing, Social Media usage, and Social Engineering attacks via Phone, Text, and Social Media.

For Employees:

  • Be careful when downloading attachments or clicking on links via email
  • Avoid connecting your systems to open or public wifi. There have been occurrences of logins being stolen and systems being compromised via rogue wireless access points made available in public areas.
  • Make sure your home wifi access point and router are using strong passwords that aren’t the default ones that came with the devices.
  • Make sure your system and security software are updated on all devices.
  • Use a password manager to create and store secure passwords. However, do not store your company’s passwords inside your personal password manager.
  • Unless instructed by your IT team or company, do not connect your personal computers to your company’s network or SaaS services (like Dropbox, Onedrive, Box)
  • Do not allow friends or family to use your work computer.

We’re all in the process of rapidly adjusting to our new normal, finding ways to do our jobs at a high level while remaining physically distanced. But with some foresight and diligence, we can all rapidly return to a high level of productivity without sacrificing security. And if we establish these good practices now, we can be assured that our home environments are secured into the future, for whenever we occasionally need to be productive outside of our offices.