Security Tips for Working from Home

This article was written by the Associate Fellow of Cybersecurity Center, FTSM, National University of Malaysia, and a SPRITE+ Member Dr. Seyedmostafa Safavi, with edits from SPRITE+ Research Associate Dmitry Dereshev.

If you encounter any unfamiliar terms in this article, check to see if our SPRITEHub Glossary has a definition.

One of the main measures to reduce the transmission of COVID-19 is social distancing, which, for many organizations, involves allowing or instructing employees to work from home.

With such a quick shift from an IT-secured work environment, remote work can pose security risks. Some opportunistic crooks are already using the coronavirus as a tool for malicious scams, and to exfiltrate passwords and other data, hoping that the employees would click on malicious links.

Here are some of the most important elements to make sure you are secure while working from home:

1. Use your company computer to make sure you work securily; do not mix work and leisure activities on the same device as much as possible.
2. Be especially careful about any emails that refer to COVID 19. Do not take action if they ask you to click, login, or download an article that is available in attachments.
3. VPN is a must. Get a VPN to protect your connection and encrypt your data in transit. This may already be provided by your employer. With a VPN you can encrypt the data as it moves from point A to point B across the Internet, so that no one else can see what you are sending or receiving.
4. Use your organization's network resources for sharing your company stuff. Avoid sharing sensitive corporate information through e.g. email or other possibly unreliable/insecure connections. Use your company's network to manage your information-sharing tasks.
5. Use antivirus/antimalware. Antivirus and antimalware software are important to have on your personal and corporate computer, especially if you use your system to work from home. Preventing ransomware from damaging your data is one of the most important parts of this software, and it is important to check if the feature is available in a product you use to protect your system.
6. Be vigilant about what others see during videoconferencing. If you are using videoconferencing technologies with your webcam switched on, make sure that there is no personal information in view such as passwords or written documents with private information. If you plan to share your screen, make sure there is nothing on your desktop that would reveal sensitive information about you, your clients, or your work.
7. Keep your OS and applications up to date every day. The operating system, applications and the antivirus should be updated to the latest patch.
8. Don’t share meeting IDs on social media. Anyone can attempt to join a meeting knowing its ID or link, including unauthorized third parties. Keep your meeting IDs shared only with those who should be present during the meeting. Activate the "waiting room" option if present in your meeting software, to screen those who join the meeting.
9. Encrypt all data in your office computer and pen drive. The data should be encrypted, including pen drives and the hard disks. This will protect your data in case of device theft/loss.

Management has a big impact on this specific area for their organizational security and its safety. Here is a cheat sheet for management to productively protect their organization facilities when everyone is working from home:

1. Establish policies that address data privacy, security, and confidentiality.
2. Create attendance and availability standard for your staff.
3. Create a policy to make sure mobile and laptop data are safe and private.
4. Create a policy on saving and sharing data in a secure way.
5. Make IT support easily available to all employees.
6. Maintain monthly security incident training section and test your personnel, to make sure everyone is on the same page with regards to security.
7. Manage and follow access privileges to maintain the confidentiality of data.
8. Manage an anonymous portal to receive all reports regarding any risky activities reported by your staff.

Thank you for reading this short article, I believe you can use these tips to make your home office run in a safer manner.