infoguard-secure-home-office-2

[Part 2] Home office? Yes, but do it “securely” – incl. a checklist

It’s all about coronavirus – everywhere you look, so it’s understandable if you don't fancy reading yet another article about it. All the same, right now the issue is a priority for all of us, especially for employers, because the security of staff, customers, partners etc. comes first. Nevertheless, the work cannot be allowed to suffer – it has to be ensured that people remain productive, but also “secure” when working remotely in the home office. In our first article, we have already given you 5 tips to ensure IT security when working from home. As a result of the positive feedback we received, our cyber security experts are now going one step further. In this article, you will find more detailed tips and a free checklist that you can download!

The coronavirus (COVID-19) has also been here in Switzerland for several weeks. Companies are now required to let their employees, wherever possible, work remotely from home offices for their protection. However, many companies were or still are only partially prepared for home working in terms of infrastructure, processes, etc. This makes organisations of all sizes and sectors targets that are vulnerable to cyber criminals. The very thing that is essential for safeguarding the health of employees can pose a threat to the company IT infrastructure, systems and information if the proper precautions are not taken. But who wants a system lockdown on top of a coronavirus lockdown?

In our first article, we already gave you 5 tips for “secure” remote working at home. To put it in a nutshell, secure VPN, remote access in combination with MFA (multi-factor authentication), Endpoint Protection and scrupulous installation of updates and security awareness measures. You can read the whole article here.

Who, where, what together for maximum IT security

IT security is an issue for all of us – especially when working together is difficult by imposed distance. But who is responsible for what? What measures need to be taken? Our cyber security experts have gathered this information and more for you in a concise checklist, which you can download here, free of charge:

Download Checklist «Working From Home Office – Securely!»

 

For those of you who don't have time to download our checklist right now, we have summarised the most important points for you below.

Precautions to be taken by the IT department to protect against cyber attacks

The IT department must ensure that security awareness measures are not forgotten about, even when people are working from home. At the moment, one of the most important tasks is warning the staff about the dangers of phishing, as there are various phishing e-mails circulating in connection with the coronavirus, a vicious but effective tactic by cyber criminals. By the way, you can find out how you and your employees can detect phishing e-mails in our free phishing poster, which you can download here.

It goes without saying that login data must not be shared or that tools must not be used for private purposes. IT support must continue to be notified (and be available!) if employees notice anything unusual.

In order to be able to anticipate as far as possible, the IT department must implement comprehensive technical protection measures. First of all, it needs to be ensured that appropriate virus protection is installed and always up to date. Secondly, you should activate the operating system's client firewall or EPP, e.g. via Group Policy Object (GPO). Any devices and storage media that are used outside the company network should be encrypted (e.g. BitLocker). Are you sure that all client and server patches have been installed on time? If not, you definitely need to do so. Don't forget to check and update all the security systems regularly.

Of course, there are many more points! In our checklist, you can find out exactly which ones, details of those mentioned above and also what you should avoid at all costs. Click here for the download!

Precautions to be taken by the staff

Cyber security affects everyone – especially if you are working outside the secure, protective "office wall". Not everyone has the privilege of having a dedicated room at home as an office, but whether this includes you or not, you should consider a few security rules when you are planning your workspace.

Make sure that no one can see your screen – not even your neighbour who may also be working from home. A good option (when you're on the road too) is a privacy filter, which makes the screen more difficult to see. It also goes without saying that you should make sure that your Wi-Fi connection is secure and has no vulnerabilities. If you have any questions, our internal IT support team will be happy to help.

Alongside designing the space correctly, the behaviour is at least as important. Specifically, sensitive data must never be sent unencrypted, and certainly not via a private e-mail account. Printed documents/information must not be left lying around open at home and the screen must be locked when you leave your workplace (even in the home office).

Do you have to have a telephone or a video conference? Obviously, you should look for a quiet location to have this. Nobody should be able to listen in – not family members and not the neighbours. Of course, the same applies to telephone conversations in public places, e.g. on public transport! Don't use the speaker on the laptop when you are having a phone/video conference. The webcam should be deactivated by default and it is best to cover it.

Last but not least – tips for the management

Especially in the current situation, despite being at a distance, the management must be visible. First and foremost, this includes communicating appropriately. What's the latest news? What measures have been/are being taken? How are problems being handled? What are the emergency procedures, opening hours, reporting channels, etc.? Don't forget to communicate on how employees can direct their questions and to who, and ensure that they are taken seriously.

In order to ensure that the measures which are technically necessary for secure home working are in place, you should give due priority to setting up a secure remote access solution. This also includes providing virtual solutions such as approval workflows. Establish clear procedures that need to be followed in the event of a security incident, and remember to restrict access to sensitive systems wherever it is possible and reasonable to do so.

Home office – better safe than sorry

Security is currently the top priority – both on- and offline. Make sure that your employees have the necessary protection and can work remotely from home efficiently. You can find tips for this and more in our clearly structured checklist, which you can download here for free:

Download Checklist «Working From Home Office – Securely!»

You take care of protecting your staff. We will help you to protect data and systems!

<< >>

Security Awareness , Cyber Risks , IT Security

Patric Imhof
About the author / Patric Imhof

InfoGuard AG - Patric Imhof, Senior Cyber Security Consultant

More articles from Patric Imhof


Related articles

Exciting articles, the latest news and tips & tricks from our experts on all aspects of Cyber Security & Defence.

Blog update subscription
Social Media
infoguard-cyber-security-guide-2