The COVID-19 pandemic has resulted in many people working from home for the first time.
Beware of scams
Working from home has specific cyber security risks, including targeted cybercrime.
Criminals see crisis as an opportunity and businesses transitioning to working from home can be an attractive target.
Be aware that the COVID-19 pandemic will be used by cybercriminals to try to scam people. While working from home you should:
- Exercise vigilance when receiving phone calls, messages and emails.
- Exercise caution when opening messages, attachments, or clicking links from unknown senders.
- If in any doubt, check with IT.
Secure remote access
Use a secure solution to remote access company networks and resources, such as;
- An encrypted VPN connection, OR
- A Remote Desktop Gateway, OR
- Splashtop or similar software (enabling 2FA)
Once you have a secure way to work, follow these security tips for working from home;
☐ The physical environment used for home working is secure and screens are not viewable to anyone but the employee.
☐ Company data remains on company computers or cloud platforms and is never copied, saved or downloaded to personal devices.
☐ Sessions that connect to business devices, services or data are logged out during breaks and when work is finished.
☐ A secure and adequate firewall router is in place, preferably with no opened ports.
☐ If wireless is used, it is configured with suitable security (WPA2 or WPA3 is preferred) and uses a hard to guess password NOT set to open/shared without any password.
☐ Public wireless is not used to access work systems, even if the work systems are cloud hosted.
☐ Default usernames and passwords on network devices have been changed.
☐ Firmware on network devices is up to date.
☐ Multi-Factor Authentication has been enabled wherever possible.
☐ Strong passwords or passphrases are being used.
If personal devices are used for work we recommend the following conditions:
☐ Devices are personally owned by the employee and not public, shared or borrowed.
☐ Use a currently supported operating system with appropriately licensed software applications.
☐ Are up to date with Windows security updates and computer manufacturer firmware, BIOS and drivers.
☐ Run adequate anti-virus software that is kept up to date.
☐ Use a ‘Standard’ user account with complex password that is not shared, and only used by the employee (Administrator accounts should not be used on personal devices when working from home).
☐ Have a screen lock out policy the goes to the login screen after a period of inactivity (5-15 minutes is great, 5 minutes ideal but not suitable for everyone).
☐ If using a VPN, implement full hard drive encryption (Microsoft’s Bitlocker in Windows 10 Pro or Device Encryption in Windows 10).
We are all facing unprecedented and challenging times with the COVID-19 pandemic upon us. We hope these security tips for working from home go some way in helping to protect you and your business.
If you would like further advice on working from home, please leave your details for a free consultation or call our friendly team on 01903 786287.