Work From Home – How to Improve Your Remote Work Security

Working from home, in a home office, wasn’t an entirely new thing in 2019. For instance, I do most of my business work from a remote home office location for more than a decade now. But the COVID-19 pandemic and resulting lockdowns in many countries forced a lot of companies to offer full-time work from home for the first time, often provided with only very basic knowledge of remote work security. Many organizations and employees were forced to move into the unfamiliar territory of work from home with almost no time for preparation. Neither for the organization nor the employee.

When moving your workplace from your company’s office to your home office, in most cases you leave the secured territory of your IT department. Working from home requires you to improve your cyber security to protect your personal and your corporate information. This article offers some easy-to-follow tips on how to improve your remote work security measures. It is a follow-up to our previous article Security Tips: A Personal Security Checklist and adds some info focused on working from home.

When establishing your home office, we highly recommend, that you set up a couple of remote work security policies for yourself and all members of your household. First, use locks where ever and whenever possible. From a security perspective, having a dedicated area for productivity is almost a must. If you can lock your home office when away, then do it. If you cannot lock your office, use a lockable drawer for your devices, when not using them. And build the habit of locking your device’s operating system, whenever you are away from your desk. It also helps to enable automatic locking. Make sure to set an amount of time that while convenient is not unreasonably long. We recommend 30 seconds for mobile devices and five minutes for laptops.

You should also separate your work and personal devices as much as possible. If you use private devices, make sure to comply with your organization’s information security policies. It is a good idea to inform your IT department of the private devices you use. Some companies might have “Bring-Your-Own-Devices” (BYOD) policies that you might have to follow. And do not share your devices with other members of your home. If you have kids, you should not allow them to use your work PC or laptop unattended.

Your router is your doorway to your home network and the internet. And also, to your organization. Most routers today offer a firewall, wireless networking, and a broad list of security features. Some more expansive devices will include extra security options like a stateful packet inspection firewall, Denial-of-Service (DoS) protection, content filtering, and others. Some very important steps should be taken as soon as you take a new device out of the box.

You will be accessing company resources from your home office. So, one of the primary considerations for data and remote work security is the location of where your data is stored. Especially as it is expected that your company has access to their data all the time. Many companies rely on secure cloud storage solutions like Dropbox, OneDrive, or iCloud. You have to comply with your organization’s policies on how and where to store data and should prevent storing work-related data on any of your private devices.

Many companies use business VPNs to enable remote workers to access their internal company network. This is a particularly well-protected service against the interception of data – which is critical when working from home. In many cases, VPN client software is available for all kinds of devices, such as mobile phones and tablets, and operating systems like Windows, macOS, Linux, Android, or iOS. Your IT department will provide you with the necessary steps to add this very important measure to tighten your work-from-home cyber security.

One thing you can do to enhance your cyber security while working from home is to encrypt the data on your devices. All this means is that this information will be inaccessible to everyone except those who have the key, which would presumably be limited to yourself and a few others. Here is a list of device encryption options for the most common operating systems:

To minimize the risk of zero-day exploits, ensure all devices apply security patches as soon as possible, ideally via automatic updates. Most modern devices will automatically apply updates by default, but you may need to allow your device to restart to complete the patching process.

The same reasons to keep your operating systems up to date apply to all installed software on your devices. You should pay special attention to the web browser you use and install each and every available security update. While most modern software today will check for, and apply security patches automatically, for some software it will be necessary to check for the latest versions manually.

Where possible you should consider using a secure SaaS application over installable software. It cannot become out of date and the management of security is in the hands of the provider rather than you.

Anti-Virus or Anti-Malware software can help protect your computer from viruses, spyware, ransomware, rootkits, trojans, worms, and other types of malware. Anti-Virus software is a very useful line of defense against the many threats that are out there and is a “must-have” for anyone working from home and worried about remote work security.

These programs not only do help you remove malicious software but also in case it finds its way onto your computer. They also perform real-time checks to alert you of potentially dangerous sites and links before you click them. They also put a step between downloading and installing programs from the internet. That will give you the chance to review that what you are doing is safe. In most cases, your company should provide you with some anti-virus software. If they do not, you should reach out to your IT department for support and recommendations.

Being able to find and ideally remote your device is a crucial part of ensuring information security when a device is lost or stolen. Securely wiping a device makes it much harder to access your data, no matter how much time or determination an attacker has. Here’s how to enable find my device for common operating systems:

When lending, giving, selling, or just throwing out an old device, make sure to return it to factory settings. This will prevent your data from being accessed after you no longer have control over your device, temporarily or permanently. Before doing this, remember to back up or transfer any important information on the device. Here’s how to return your device to factory settings:

We already wrote a lot about passwords, authorization, and authentication in our previous security blog post, Security Tips: A Personal Security Checklist. The same recommendation on your personal cyber security checklist also applies to your remote work security measures. Use strong passwords. Do not share them. Change them regularly. If your company does not offer proper password management software, talk to your IT department or your Information Security staff and ask for it. It makes life so much easier for you AND your organization.

While we all have new worries these days, our old worries – and cyberthreats – haven’t gone anywhere. One of the best ways to stay safe online simply requires remaining alert. Think of your home office as your “real” office. You should scrutinize all email messages and avoid clicking on any links or attachments, especially in unsolicited emails. They may be attempts to gain parts of your account credentials or to download malware onto the device. Be highly suspicious of urgent requests and verify them through an alternative communication channel before sending money or data. I doubt contact your IT department and ask for support.

It’s amazing what you can learn from down-to-earth podcasts or videos on security. There is a good list of free online courses about cyber security available at welivesecurity.com by Esset for you.