Cybersecurity Guide for the People Working From Home

If homework is new to your company, and you need to implement cybersecurity policies and systems quickly, start here.

Rushing to make decisions that will affect your security is not ideal. However, situations often arise that we need to react to quickly.

If working from home is new to your business, and you need to implement cybersecurity policies and systems quickly, you need to know cybersecurity risks and how to mitigate them. Start here to ensure that your team is assembled to work from home safely as soon as possible.

Home Internet Connections Can Be Vulnerable

When your employees work on the office's local network, their security solutions take care of data exchange processes. But when they work from home, there is an extra variable, Internet service providers (ISPs). You cannot control the security of ISPs, which could mean that the home connection is vulnerable to attack.

The Solution: a Trusted Virtual Private Network (VPN)

Set up a trusted virtual private network (VPN) so your employees can remotely connect to corporate resources. It forms a secure channel between their workstations and their infrastructure. It will also be necessary to prohibit connections to corporate resources coming from external networks without a VPN.

Behavior Changes Make It More Difficult to Identify Attacks

When people work from home, their routines change. Those who are working from home cannot just walk up to a colleague to talk. You can expect an increase in correspondence, even with new participants, that is, people with whom communication used to be purely verbal. These changes give attackers more opportunities, especially for business email compromise (BEC) attacks, for example, who use an account with an address similar to the victims.

In the middle of the swarming sea of ​​corporate correspondence, it is difficult to spot a small phishing boat.

In other words, a fake message requesting data will not look as unusual as it normally does. The quieter residential environment can make people less aware.

The Solution: Use Only Protected Professional Email When the Team Knows Why

First, employees who work from home should only use their corporate email. This makes it easier to identify attempts by cybercriminals to impersonate a colleague using an account in another domain.

Second, protect your email servers with technologies that can detect attempts to change the sender of the message, such as our solutions for email servers and Microsoft Office 365.

Third, before employees start working from home, make sure they take a quick course on cyber threats.

The Use of Collaboration Tools That Allow Leaks Can Increase

Without face-to-face contact, employees can start using other ways to collaborate. Some may not be the most reliable and all need to be configured correctly. For example, a document in Google Docs with certain access permission settings can be indexed by a search engine, leaking corporate data.

The same can happen with data in cloud storage. A collaborative environment like Slack can also leak, and a randomly added external person could have access to all files and message history.

The Solution: Choose a Better Collaboration Environment

Choose a collaboration environment with adequate resources and security. Participants must need a corporate email address to register. It is often worthwhile to appoint an exclusive administrator to issue and withdraw rights as needed.

The most important thing, before employees start working from home, is to hold an awareness session, which can be done remotely. Require them to use only the approved collaboration system and reiterate that they have a responsibility to keep corporate secrets safe.

Risks of Using Home Computers

In general, not all employees have access to corporate laptops. And cell phones are not suitable for all types of tasks. Employees can start using their home computers. This can pose a serious threat to companies that do not have a Bring Your Own Device (BYOD) policy.

The Solution: Protected Corporate Equipment or BYOD Policies

If possible, give protected laptops and corporate cell phones to employees who work from home. They must be protected with solutions that allow remote cleaning of corporate information, the separation of personal and corporate data, and the restriction of application installation. Devices should also automatically check for the latest critical software and operating system (OS) updates.

If employees need to use their own devices, introduce a BYOD policy to manage corporate data on those devices, for example, using partitions for business and personal data. Require employees to install home antivirus software. Only allow devices to connect to corporate networks after verifying that they have a security solution installed and an updated operating system.

Other People With Access to Staff Equipment

You don't know who your employees live with or who can see their screen when they walk away for coffee.

It is one thing for employees to work at home alone during the day, but another is when they go to a cafe or coworking space, where the risk of leakage or compromise is much greater.

The Solution: Access and Awareness Policies

Security policies must require security and automatic screen lock. And, as with other cybersecurity issues at home, awareness training is a prerequisite for maintaining general surveillance.