In our last blogs, we focused on new COVID-19 related phishing scams and why you are a target for COVID-19 scams while working from home–both important topics, as these types of scams and attacks are on the rise.
However, social engineering is not the only concern you should have as we enter this new paradigm of working remotely. The biggest challenge for companies in the midst of this pandemic is the speed at which many had to deploy a telecommuting infrastructure for employees. Initially, the focus was on providing employees with the company-issued equipment needed to work from home. Unfortunately, securing employees’ home networks may not have been given adequate attention.The reality is that a breach of an employee’s home network can result in a breach of company data, and possibly even the company’s network.
You may be wondering what your employees can do to better protect their home networks and devices while telecommuting. Here is a handy guide to 10 simple steps employees can take now to improve security in their home offices. Share this checklist with your employees to protect your organization’s data assets.
- Divide and conquer
- The devices you use for work (laptop, tablet, smartphone, etc.) should be stored and used separately from your personal devices and away from common spaces.
- The best space is one that is away from foot traffic and allows for locked storage.
- Equipment that is used for internet access (modem, router, gateway, extenders, etc.) should be placed in areas of the house that provide physical protection.
- Use ethernet connections instead of WiFi when possible
- A direct ethernet connection (aka, a “wired connection”) is the most secure option for connection to the internet.
- This means the device is most often directly connected to the router or gateway.
- This option can be challenging due to the physical limitations of the work space, so employees may have to use a secured WiFi connection.
- Rename the WiFi network
- Using the default name of a WiFi network is not a good idea because it can provide an attacker with information about the network device.
- However, giving the network a name that could be used to identify your home or family is also risky.
- A secure network name should be identifiable to you, but not to neighbors or hackers.
- Update ALL passwords
- Leaving the default password on any device is never recommended.
- The passwords you give to network and computing devices should be strong and unique across all devices.
- Best practice is to use a password manager to manage these multiple passwords.
- Be sure to update passwords for any of the following as applicable for your setup
- Network Extender
- VoIP Phone
- IoT Devices
- Internet Service Provider (ISP)
- Device management interface for devices
- Turn on automatic updates for ALL devices and security tools that use your home network
- Many people are aware that they need to keep their anti-virus software up-to-date. However, others may not realize that almost all devices and security systems that they use have an update feature from the manufacturer/developer.
- Enable automatic updates for your network devices, work devices, personal devices, and the endpoint security tools (anti-virus, anti-malware, anti-phishing, VPN, etc.) you use for both home and work.
- Enable 2FA/MFA on devices and systems when available
- Two-factor authentication (2FA) is a type of multi-factor authentication (MFA).
- 2FA requires a user to provide a combination of two of the three common factors (something you have, something you know, and something you are).
- 2FA/MFA options will vary between devices or system, but should be turned on and used.
- Encrypt network traffic with WPA2/WPA3
- Wi-Fi Protected Access v2 (WPA2) is the most commonly used method of securing WiFi networks for data protection and access control. Use the WPA2-Personal version for a home office.
- Wi-Fi Protected Access v3 (WPA3) prevents spying on web traffic and router attacks and is the newest/preferred method.
- Enable WPA2 or WPA3 on all network devices.
- Enable Firewalls
- A Firewall allows you to set rules for monitoring and controlling inbound and outbound network traffic.
- Firewalls may be built-in, such as in a router, or a separate piece of software or hardware. They are often included as part of a security suite package.
- Windows OS since version XP offers a built-in firewall. iOS does not.
- If your router offers a Network Address Translation Firewall (NAT firewall), it should also be enabled for additional protection by hiding networks and devices behind the router.
- Mute smart speaker and voice assistant
- Many people now have smart speakers, such as Google Home© or Amazon Echo©, with voice assistants.
- These “smart home” devices constantly collect data in order to provide a more robust experience for the user.
- Failing to mute these personal devices while working from home can lead to inadvertent company data leaks.
- Use a headset or earbuds
- Many people who telecommute rely on teleconference and web conferencing tools.
- The audio components of these platforms can contribute to a data leak, especially if family, guests, or neighbors can hear.
- Using earbuds with a built-in mic or a headset can prevent information from being overheard or picked up on other devices (such as cell phones) that are being used nearby.
Taking the time to work with employees to make sure their home networks are hardened to prevent common attack methods will aid in better protecting your company’s devices and network.
To share these tips with employees get the 10 Simple Steps to Securing Data at Home Infographic.
For additional resources on secure and productive remote work visit the GLS Work from Home Resource Center: