Geeks for your information
Remote working safety and security - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: Security (https://www.geeks.fyi/forumdisplay.php?fid=68)
+--- Forum: Security Vendors (https://www.geeks.fyi/forumdisplay.php?fid=87)
+---- Forum: Kaspersky (https://www.geeks.fyi/forumdisplay.php?fid=90)
+----- Forum: Kaspersky Security Blog (https://www.geeks.fyi/forumdisplay.php?fid=142)
+----- Thread: Remote working safety and security (/showthread.php?tid=10788)



Remote working safety and security - harlan4096 - 22 March 20

Quote:
[Image: work-from-home-custom-page-featured.jpg]

The coronavirus outbreak has forced many office employees to remain at home. Here’s what you need to keep in mind so that both you and the company stay protected.

In recent months, COVID-19 has taken over the world. Countries are closing borders, production lines are halting, and many employers are instructing employees to work from home. That makes sense: If companies are to continue functioning, and if your job is location-neutral, staying home reduces the likelihood of catching and transmitting the coronavirus while letting you continue doing your job.

However, working in the office and working at home are two different kettles of fish (or indeed phish). And not only because the office has a working atmosphere, whereas at home you just want to lie on the couch and pet the dog.

The real issue — at least for cybersecurity, if not productivity — is that in the office, companies thoroughly protect networks and devices. Meanwhile, unless you’re the CEO, sysadmins are probably not going to come around to your apartment or house and set everything up in line with corporate standards. If a confidential document gets leaked from your home computer, the buck stops with you.

Follow these ten simple tips when working remotely to avoid such a mishap.

1. Protect devices with an antivirus solution

Companies generally undertake a range of measures to protect computers from malware. They install powerful security solutions, prohibit employees from installing applications, restrict online access from unauthorized devices, and so on. At home, it is trickier to provide that level of protection, but leaving a computer vulnerable when work documents are stored there is also a no-no, because if they get stolen or destroyed, it’ll be your neck on the chopping block.

To prevent anything like that from happening, it is vital that you install a reliable security solution on all devices that handle corporate data. If money’s too tight, install a free antivirus. Even one at no cost will significantly reduce the risk of getting infected — and landing in big trouble with the boss.

2. Update programs and operating systems

New vulnerabilities are forever being found in applications and operating systems. And cybercriminals can’t resist exploiting them to infiltrate other people’s devices. Often, they rely on people being too lazy to update software, because in the latest versions of programs vulnerabilities are usually patched. So it’s important to regularly update everything installed on any device that you use for work purposes.

3. Configure Wi-Fi encryption

Protecting the computer won’t help if an attacker connects to your Wi-Fi or takes up residence inside your router. Anyone who does that can intercept everything you send or enter online, including passwords for remote access to an office-based computer or corporate mail. Therefore, it is imperative to configure your network connection correctly.

First, make sure that the connection is encrypted to keep information safe from prying eyes. If your Wi-Fi asks anyone connecting to it for a password, the connection is encrypted (and Joe Blow will not be able to spy on your work). However, you have several Wi-Fi encryption standards, some of which are already outdated, to choose from. Your best bet is WPA2. You can use the router settings to select or change the type of encryption — and remember that your Wi-Fi password should be strong. Just in case, here’s a post about how to create a strong password.

4. Change your router login and password

If you have never changed the login and password required to enter the router settings, do so now. The default passwords for many models are not only too weak, but also known across the Internet and easily searchable.

Attackers often simply write them into the code of malicious programs — if they work, the router is captured and turns into a bot. Plus, the intruders can also spy on you, because everything that you send online passes through the router. Unsurprisingly, the place to change the router username and password is in the router settings.

5. Use a VPN in cafés and coworking spaces

If you’re unafraid of the coronavirus pandemic, and working in a cozy café or coworking space near your home, then take extra care. Public Wi-Fi networks are often not encrypted at all, and even if they are, anyone can get hold of the password.

To prevent rogue customers at the café or coworking space from spying on you through the local Wi-Fi, use a virtual private network. When you’re connected through a VPN, all of your data will be encrypted regardless of the network settings, and outsiders will not be able to read it.

6. Lock your device before walking away

Someone can catch a glimpse of your work correspondence even when you’re just having a cup of tea or taking a bathroom break. Therefore, it’s important to lock the screen whenever you get up. Consider the small hassle a tiny price to pay for keeping corporate secrets safe.

Even if you’re working at home and outsiders have no access to the room, it’s still worth locking your device. You probably don’t want your child to accidentally send your boss a smiley-laden text. Or your cat to walk across the keyboard and mail an unfinished message to the board of directors. If you’re about to go somewhere else, lock the screen. And it should go without saying that your computer needs password-protection.

7. Use corporate services for e-mail, messaging, and all other work

Your company most likely has a set of IT services that employees use, such as Microsoft Office 365, a corporate messenger like Slack or HipChat, and at the very least corporate e-mail. Those tools are configured by your company’s IT service, and IT is responsible for setting them up right.

But IT is not responsible for the access settings of, say, your personal Google Drive. Are you absolutely sure that your colleague — and no one else — will see the file that you sent a link to? If the file is accessible to anyone who has the link, then search engines can index it. And if someone googles something on the topic of your document, it might appear in the search results and catch the eye of someone who should not even know of its existence.

Therefore, stick to corporate resources when exchanging documents and other information. Those cloud drives, but configured for business, are generally far more reliable than the free user versions. Corporate mail usually has less spam and none of your personal correspondence, which adds up to less risk of missing an important e-mail or forwarding something to the wrong address — and colleagues will know for sure that it’s you, not someone pretending to be you.

8. Stay vigilant

Alas, sometimes a malicious — and highly convincing — message can sneak into corporate mail. This is especially relevant to remote workers, because the amount of digital communications increases sharply with telecommuting. Therefore, read messages carefully and don’t rush to respond to them. If someone urgently needs an important document or demands immediate payment of an invoice, double-check the someone is who they claim to be. Don’t be afraid to call the other party for clarification, or confirm the action one more time with your boss.

Be particularly suspicious of e-mails with links. If a link to a supposed document does not point to a corporate resource, better to ignore it. If everything looks fine, and the link opens a site that resembles, say, OneDrive, do not enter your credentials on it. Better to manually type in the OneDrive address in the browser, log in, and try to open the file again.

9. Track your progress

So that management doesn’t think that you’re having a holiday instead of remote working, it is more important than ever to stay “transparent.” That doesn’t mean that you have to create signs of frenzied activity, simply make sure that your boss can see what tasks you are working on and how they are progressing. So don’t be too lazy to note this in your company’s task tracker, and be ready to report on what you’ve done and how much time it took.

Try to work during normal office hours, so that it’s easier for colleagues to reach you and the working day does not stretch over a 24-hour period. When there is no need to travel to and from the office, it quite often happens that you sit down to work right after breakfast and break away only when night approaches. As a result, you get tired quickly — so it’s better to limit your day to standard working hours.

10. Create a comfortable workplace

Last but not least, don’t neglect your health and well-being. If you work on a laptop, lounging on the couch with it might seem like a great idea. But your back won’t thank you in the long run, so try to find yourself a desk and a comfortable office-type chair.

Make sure the room is well-lit. If the lighting is poor, use a lamp to prevent eye strain. And don’t forget the health basics: periodically stand up, stretch your legs, drink water, get plenty of sleep, and don’t skip meals.
...
Continue Reading