Securely Working at Home
Information Security Awareness Guide
This short guide is based on SANS recommendations issued at the beginning of the COVID-19 pandemic in March 2020.
Why do you need this guide?
Transitioning the workforce to work from home can be a challenge because you may:
- lack the policies, technology or training to secure a remote workforce;
- be unfamiliar or uncomfortable with the idea of working from home.
Major security risks
Social Engineering is a psychological attack where the victims are tricked or fooled into making a mistake, more in time of change or confusion.
Phishing is a social engineering attack when an attacker attempts to fool you into clicking on a malicious link or opening an attachment in an email. Be suspicious of any email or online message that creates a sense of urgency, has bad spelling or addresses you as "Dear Customer.”
Protection from Social Engineering
- Learn what Social Engineering is, how to spot the most common indicators of a Social Engineering attack, and what to do when they spot one.
- Remember that Social Engineering is not just email phishing attacks, but other methods including phone calls, texting, social media or fake news.
To protect from information theft, account hijacking or penetration, avoid weak passwords and use:
- Passphrases (note, both password complexity and password expiration are dead).
- Unique passwords for all accounts.
- Password Managers.
- MFA (Multi-Factor Authentication), Two-factor Authentication or Two-Step-Verification.
To protect from malware and hacking, ensure any device you use is running the latest versions of the operating systems, applications and mobile apps.
- To secure your wireless network at home, change the default admin password of your router, disable admin access from WAN, install the latest firmware, enable WPA2 encryption and use a strong password for your wireless network.
- Ensure all the devices, connected to your home network, including baby monitors, gaming consoles, TVs, appliances or even your car, are protected by a strong password and are running the latest version of their operating system.
- Make sure both the operating system and your applications are patched and updated. Enable automatic updating.
- Make sure each of your accounts has a separate, unique password. Consider using a password manager to securely store all of the passwords for you if you cannot remember them.
- Two-step verification is one of the best steps you can take to secure any account. Two-step verification is when you require both a password and code sent to or generated by your mobile device.
- Ensure your firewall is activated.
- Ensure your antimalware or endpoint protection system is activated.
- Family or guests should not access work related devices.
- Common sense: if an email, phone call or online message seems odd, suspicious or too good to be true, it may be an attack.
- Backup your data and check backups regularly.