14 Work From Home Security Tips
If the recent years have taught us anything, it is that a great multitude of jobs can be done without ever leaving one’s home. And while there are distinct advantages to working from the comfort of your personal space, working remotely raises an important concern: security.
For many IT professionals, security is something other people in a company are responsible for. Your own setup in your own home is your own affair. However, if you are working from home, security suddenly becomes more important for you personally – you are no longer dealing with a private network separate from your job.
In this article, we will discuss some measures you can take to make your data more secure while working from home (or from another remote location). Here’s what we’ll be talking about:
Whenever possible, use a separate device or have your employer provide you with a dedicated work device set up in compliance with your employer’s security standards. If you have a separate work device, only install software you need for your work on it.
If that is not a possibility, avoid suspicious emails, links, and websites, and take extra care when installing any new software on a device you use for work.
Ease of access is generally a good thing, but you don’t want people and devices you don’t trust accessing your wi-fi network. Fortunately, there are several easy ways to make your home network more secure.
First, you should never rely on default SSIDs and passwords. Your SSID is the name of your wireless network. You can call it whatever you like, but you ought to avoid using your personal data (name or address). This way, you make it difficult for an uninvited person to identify it. You should also change your password from the default one.
Both your SSID and your password settings can, most times, be accessed from your home address. Simply enter 192.168.1.1 into your browser and hit enter. If your router doesn’t use that address, find your router’s IP address using your operating system’s settings. It will be under Ethernet or Wi-Fi, and likely labeled Default Gateway. You can also set up encryption for your connection – use WPA2 if available. Additionally, you may be able to allow only certain devices to connect to your network.
All wi-fi settings can vary to a degree depending on multiple factors, including hardware and software used. Consult the user manual for your router or your ISP in case you stumble into difficulties.
If you are not living alone, your workplace is also somebody else’s home. And while you and your colleagues know not to interfere with somebody else’s work, your families, especially if you have young children, might not share the same professional frame of mind.
It is therefore important to keep your work devices, be they desktop computers, laptops, tablets, mobile phones, or indeed any other hardware, safe from interfering family members or other members of your household. And while it is often not possible to prevent your family members from physically handling your work devices (e. g. keeping them under lock and key), you can – and most definitely should – protect them with passwords so as to avoid them accessing your work data.
We have mentioned password protection before, and we will again. Take note, though, that simply using a password is only part of the story: what you really need to do is use a strong password. That means avoiding relating it to anything familiar, such as names, addresses, dates, dictionary words, and the like.
Many software solutions, including most password managers, offer the means of testing the strength of a password, generating strong passwords automatically, and storing passwords securely. Never use a weak password for anything, let alone anything important.
Two-factor authentication means that, even if your password is compromised, a malicious hacker will not be able to access your account without providing additional proof of identity. There are plenty of ways to implement two-factor authentication, and many of the solutions available are free and easy to use.
Your webcam is a window into your home which can be remotely accessed. An unscrupulous hacker can gain visual access to your workspace, and possibly read important documents or gain other insights into your work data.
If you are using a plug-in webcam, unplug it when not on a conference call. If you are using a laptop device, cover the webcam when you don’t need it. You could buy a sliding cover or have your employer provide you with one, or you could use something as simple as a post-it – the important thing is to stay protected.
When you do need to use your webcam, note that many video conferencing applications offer functionalities for blurring your background or replacing it with a virtual one. You may be storing sensitive work or personal data on a normally safe shelf in your workspace, only to make it accessible to strangers with access to your webcam.
While we’re at it, be mindful of the security features your video conferencing tools have available. You may have heard of Zoom bombing, a form of online harassment where an uninvited user accesses a video conference and acts in a rude or intimidating manner towards the participants. While Zoom may have given the phenomenon a name, the behaviour is certainly not platform-dependent.
But Zoom bombing is not just about harassment – an uninvited user may gain access to sensitive business data or even personal data, just the same as if they were hacking your webcam. To avoid that, make sure your conferences are private: set up a password or a waiting room for each meeting.
Security should also be a concern when shopping for conferencing software. If you are responsible for software acquisition, take a long, hard look at the security and encryption features.
Finally, whichever software you end up using, use the very latest version. Out of date software is a liability, and newer versions will likely have repaired known vulnerabilities.
VPNs, or virtual private networks, add another layer of security to your device. We won’t go into the technical details of how VPNs work, but suffice it to say that they create an encrypted connection between your device and the server it is accessing, using an intermediary secure server.
Find a VPN which suits your needs and keep your work and personal data even more secure, and your connection safe from ISP throttling.
Most browsers track and log your activities, from search history to cookies, and use your personal data to personalize their services. If you are working with sensitive data, however, you might want to avoid any tracking, and to make sure your data is safe from a security breach on part of the browser developer.
To do that, use a browser which disables fingerprinting, tracking, and redirects, and possibly has other security features – in other words, use a secure browser.
There is no such thing as a system entirely impervious to hacking. However, you can fortify your device’s security using an antivirus and/or firewall software. Reach out to your employer for advice on security software and the settings you need to use in order not to disturb any remote access you need for your work.
Your employer likely uses cloud storage or a dedicated server protected by the best safeguards available. Avoid storing any sensitive data on your device, and always use your employer’s centralized storage. This way, even if you lose a part of your locally stored data, you can safely restore it from your company’s servers.
If you are in any way responsible for your employer’s business accounts, you probably know this already, but it bears reiterating: only use the software you know, and only use the latest version thereof.
Note that all manner of scammers can try to mimic your colleagues, clients, or superiors – better safe than sorry. Always ask for additional proof of identity when you are not sure a person contacting you is who they say they are.
As we’ve mentioned above, out of date software is a vulnerability. And that includes your operating system and any other software you may be using for work.
An operating system will likely have an automatic update mode available – you should make use of that. Operating systems developers, just like any other developers, tend to fix any known vulnerabilities in their updates. They also have their own security tools. If you don’t have to approve of each update manually, you will get them as soon as they are available.
The same goes for your video conferencing software, and any other messaging software you use for work. The more up to date your software is, the safer your data are.
If you are responsible for security with your employer, make sure all your company staff are aware of the risks they are taking when working from home. Formulate and communicate a clear work from home security policy, and make sure the staff stick to it.
A good policy should include most of the steps described above, but concentrate on communicating it simply and clearly: in a large company, consider job- or department-specific policy documents and checklists. Device security, network security, well-selected up-to-date software, regular backups, and overall avoidance of oversharing may save you precious time, money, and data.
Working from home was becoming a trend even before the recent upsets in workplace culture, and internet security has been a thing since there was an internet. Most of the above is commonsense advice, but don’t be fooled into thinking it is not important. Best practices are almost invariably rewarded.