From one of our previous post, "Coronavirus calls hackers to the scene", we are already informed about basic precautions and protection measures we must take when working from the home office.
Since then, the number of people working in the home office has sharply increased, and we would like to provide detailed information on how to make the workplace more secure at home. It is irrelevant whether the device used is a computer provided by the employer or the employee's private computer (BYOD), all devices are susceptible to cyber-attacks.
1. Are your operating systems and applications up-to-date?
Ensure that the Windows Update service is activated in all circumstances. To stay up to date, select the Start button > Settings > Update and Security > Windows Update, and then select Check for updates.
Instructions for updating Microsoft Office programs can be found here.
For other applications, additional programs may be provided to carry out these updates for you. If you have the option, you should activate the auto-update function for regularly used applications.
Why is this important? Missing patches and pending updates of operating systems and applications provide a gateway for hackers and their malware. They exploit existing gaps (zero-day exploits). A computer that is not regularly updated with software updates poses a risk and offers an unnecessary target.
How secure is your router?
In this context, also check whether your Internet router or WLAN hotspot has the latest firmware and update it if necessary.
2. Use only current browsers
Use a modern, up-to-date browser that can help block malicious websites and prevent malicious code from running on your computer. Internet Explorer, for example, is no longer up-to-date.
3. Use security software
Another essential protection factor is the use of security software. Microsoft offers a comprehensive range of on-board tools for this purpose in the Windows 10 environment with Windows Security. To do this, check the Windows Security Center tray icon in the taskbar. This provides information about any measures that may be necessary to restore or improve the security of the computer.
Also, 3rd party security providers offer extensive tools and protection mechanisms. These include DriveLock Managed Security, which provides comprehensive application and device control.
The solution also offers the option of data encryption.
Check the update status of your security software from time to time. Often, these solutions are updated daily, sometimes several times a day.
Both the Internet router and your WLAN usually have firewall capabilities. With AVM FritzBox, for example, these settings are hidden on the Internet > Filters > Lists > Global Filter Settings area.
Local Windows Firewall
Also, since Windows8, the Windows operating systems have a local firewall that is usually activated. To do this, briefly check its status and make sure that it is switched on.
5. Secure WLAN
Today, users in the home office are often on the move via WLAN. Therefore this should also be configured or set up accordingly: Make sure that the WLAN is encrypted.
Many WLAN routers offer different encryption methods. If possible, make sure that you use a WPA, preferably WPA2 encryption. A network key must also be configured for this. As a rule of thumb:
"The longer the key, the better."
Ideally, access to the company network is via VPN. For this purpose, a VPN client must be installed and set up on the computer. This creates a kind of tunnel from the home office to the company network. All data traffic passing through this tunnel is encrypted and no longer visible to other network participants.
In the best-case scenario, all your data traffic will be routed through this tunnel and additionally secured by the company's firewalls.
7. Rely on security solutions
Microsoft Windows users also have an advantage here, because Microsoft offers a selection of different security solutions with Windows 10 and Windows Security. Click on the taskbar:
Windows Security Center tray icon. Here you can see various measures you can take to restore or improve the security of your computer.
There is also a large market with a wide range of different protection mechanisms and security solutions. In most cases, the basic equipment includes an anti-virus solution. With the rise in mobile end devices and thus also data carriers, encryption solutions are becoming increasingly important in order to protect your data and systems from misuse and data loss.
Our Managed Security Service is a quickly available and uncomplicated solution. It includes an application and device control and also supports and extends Microsoft's BitLocker management if required.
8. Secure passwords
Passwords play a significant role in security. Usually, access to data and network resources is password protected.
Please observe a few simple rules:
- Password length takes precedence over password quality
- Use a separate password per account
Hint: You can check whether and to what extent you or your accounts and/or passwords are affected by such identity theft on the following websites:https://haveibeenpwned.com/, https://sec.hpi.uni-potsdam.de/ilc/, https://monitor.firefox.com/.
- Passwords must not be a regular word in a dictionary.
Tip: Use a password manager
Therefore, most of us need a variety of passwords to secure the whole account. Because of the length/complexity, it will be difficult to remember all this. Therefore the use of password managers is recommended. Examples are 1Password or KeePass.
In the meantime, a large number of applications have two-factor authentication. In addition to the password, another method is required to log on to an application. Two-factor authentication is required by law.
9. Protection against access by third parties
You must also protect your computer from access by third parties in private environments. Use a computer in your home office exclusively for work. If this is not possible, it makes sense to at least set up a separate user for this purpose. This ensures that confidential company data does not intentionally or unintentionally fall into the hands of others.
10. USB sticks
Only use company-owned USB sticks for work purposes. What applies to the separation of work and private life on the computer should also apply to external storage media. The same memory stick is often used for both the holiday pictures and the confidential contract. This means you lose track of the storage of data worthy of protection, but it is also a potential gateway for malware. Especially for foreign or even found memory sticks.
11. Caution with email links
Be careful what you click on: links or attachments in emails or on web pages are always dangerous. Especially during the Coronavirus, people's need for information has increased significantly and with it the willingness to click on email attachments or links. Scepticism is always advisable here:
Do I know where the email comes from? Does it really look the same as always?
Essentially, nobody will ask you for confidential data through email.
A simple trick can help: Your bank (allegedly) asks you by email to change your password. Instead of clicking on the link in the email, you can go directly to your bank's website in your browser and change your password there. This way you have not used the link in the email and thus avoid the danger of a phishing attack.
12. Software from the Internet
Your company computer is usually equipped with the required software, so there should be no need for you to download and install applications yourself.
However, if you find yourself in a situation where you have to download and install software from the Internet, you should definitely take a closer look. Often additional programs are offered that you do not need. Before you download software from any website, try to find out who the manufacturer is. Usually, the manufacturers have download options for the software on their own sites. So they can be sure that it is the original software and that it has not been manipulated.
Application control with intelligent whitelisting offers additional protection, for example, it only allows the execution of approved programs.
Popups on web pages urge you to click on something. Very often, this is done by setting cookies or other markers so that you receive dedicated advertisements. Just as well you can catch spam or even a virus.
Therefore, the basic recommendation is not to click on pop-ups or to ask exactly whether you really have to click.
The same applies to porn sites. Even if the topic is gladly hushed up or pushed into the dirty corner, there wouldn't be millions of such pages if they weren't visited. Especially here, the danger of catching a Trojan or something similar is quite significant.