Sunday, July 12, 2020
Home Cybersecurity News Five steps to better security working from home

Five steps to better security working from home

Many more people are working from home (WFH) than ever before. Now that we know it can work for so many people, I expect it will remain popular even after the current crisis is over.

The bad guys know this, and they’re sharpening their focus to take advantage of folks working from home perhaps for the first time.

A recent episode of The CyberWire podcast listed five steps to improving your security when working from home. I want to visit those, elaborate on why they’re important in the WFH environment, and, in at least one case, disagree a little.

The steps will be familiar to most.

1. Stay up to date

If you’ve been putting off getting your system as up to date as possible, do it now. This applies not just to Windows (or whatever operating system you’re using), but to the applications you use as well — especially those you use at work.

Your workplace may have strict, even automated policies that keep your equipment up to date — you never have to think about it. At home, it’s easy to let things slide.

If you brought company equipment home, it’s even more important, since those automated systems may or may not work when disconnected from your company’s network.

You don’t want to be the employee that allows malware (like, say, ransomware1) onto company property when it could have been easily prevented by keeping things up to date.

2. Use two-factor authentication

For every account that offers it, including accounts you use while working from home, enable two-factor authentication.

Again, bad guys target the stressed and overbusy employees of high profile (or high value) companies working from home for the first time. While we’re all being told over and over to pay attention to our personal hygiene, it’s very easy to overlook password hygiene in times of chaos and stress.

Two factor (or multi-factor) authentication is a strong layer of additional protection. Even if someone gets your password, they won’t be able to sign in, because they won’t have the additional factor (typically your phone, but often as simple as an alternate email address) that proves you are who you say you are.

3. Don’t reuse passwords

Make certain that every account you have — especially work-related accounts — has a different password. Make it long and strong, and use a password vault to keep track of them all.

When those bad guys happen across a password — either by successfully hacking you, or because it’s been exposed in a data breach — they use what’s called “credential stuffing” to try that password, along with your email address, at a wide variety of other online services. If you used that same password at the other services, bingo, you’ve been hacked again.

If that happened to be an account related to your work — which of course hackers would love for it to be so they could perhaps gain access to your company’s network or data — the repercussions could be significant.

I know many people pooh-pooh credential stuffing, but it does happen (the fact it has its own term should be a clue), and it’s a common way hackers take advantage of those of us who get lazy.

4. Avoid getting phished

I expect successful phishing to increase. Particularly as we work from home, it’s easy to be fooled by an email that looks like it came from your company, or even your boss. It’s particularly dangerous since you may not have the quick and easy resources at hand to verify the message is legitimate, such as walking over to and asking your boss if they really sent it.

As forced WFH continues, phishing attacks will focus on impersonating business scenarios in order to gain access to sensitive corporate credentials and information. Sadly, we all too often hear of data breaches — and, as I mentioned earlier, ransomware — traced to a single employee falling for an email they shouldn’t have.

Don’t be that employee.

5. Use a VPN

This recommendation took me a little by surprise, for two reasons.

First, for many companies it’s a requirement, not a suggestion. In order to connect to your company’s resources, you are required to connect through your company’s VPN. Without it, all you can do is work on your local machine, without the resources you might need from your corporate network.

Second, a VPN from home doesn’t protect you from much. Sure, if you have reason to distrust your ISP, or if there are other machines on your home network that you might not be able to trust, it could protect you from them, but those are rarely huge issues. We tend to recommend VPNs when you’re travelling for use at the coffee shop’s open Wi-Fi, or from a random location like a hotel. Working from home doesn’t have the same issues.

There’s certainly no harm using a VPN from home, assuming the performance and functionality is acceptable; it’s just not something I’d put on my shortlist.

Advertisement
 

Leo Notenboom
Leo Notenboom
LeoNotenboom has worked in in the personal computer and software industry since 1979, as a software engineer, manager of software engineers, consultant and writer.

Stay Connected

Join Our Newsletter

Must Read

Fraud delivers price war as counterfeiters think inside the box

There’s an elephant in the room – and it’s in an authentic-looking box. We need to talk about the rise of the re-boxer –...

Drones and aerial vehicles could change how we think of cities

Drones, personal flying vehicles and air taxis may be part of our everyday life in the very near future. Drones and air taxis will...

What has the world really learned in the global pandemic crisis?

Collaboration, leadership, and innovation are key. 2020’s global pandemic created a quick and massive shift for companies around the world, where businesses made necessary changes like working remotely and an increased emphasis on mental health and work-life balance

CIOs are essential for IT strategies in the new normal

If anyone still doubted the strategic importance of today’s CIO, the COVID-19 pandemic has put those questions to rest. This was clear in a CIO...

Related News

Fraud delivers price war as counterfeiters think inside the box

There’s an elephant in the room – and it’s in an authentic-looking box. We need to talk about the rise of the re-boxer –...

Drones and aerial vehicles could change how we think of cities

Drones, personal flying vehicles and air taxis may be part of our everyday life in the very near future. Drones and air taxis will...

What has the world really learned in the global pandemic crisis?

Collaboration, leadership, and innovation are key. 2020’s global pandemic created a quick and massive shift for companies around the world, where businesses made necessary changes like working remotely and an increased emphasis on mental health and work-life balance

CIOs are essential for IT strategies in the new normal

If anyone still doubted the strategic importance of today’s CIO, the COVID-19 pandemic has put those questions to rest. This was clear in a CIO...

How supercomputers crunched the numbers for pandemic response

As 2020 began, Australia was stunned by the worst bushfires on record. Six months later we are weathering the coronavirus pandemic sweeping the globe. This...

This site uses Akismet to reduce spam. Learn how your comment data is processed.