Information Security Hygiene when you WFH

During the current pandemic, legions of people have made the switch to ‘work from home’ mode, which has significantly increased the risk of cyberattacks. DataArt has prepared several recommendations to help you work from home safely.

Computer

Devices that you use for work should be compliant with the information security requirements and policies of your company:

• If possible, use a corporate laptop that is enrolled into corporate management tools (added to a corporate domain and Mobile Device Management tools, like Intune)
• If you have your own laptop that you use for work, do the following:
  • Install antivirus software and update it regularly
  • Create a strong password
  • Enable Full Disk Encryption (FDE), like Bitlocker (Windows) and FileVault (macOS)

Operating System

• Install OS updates and patches, especially security-related ones
• Install any updates for the third-party software you use
• Don’t use the admin account; create a user account and make sure it is also password protected. If you need temporary elevation of privileges to perform administrative tasks, use sudo/runas.
• Lock the screen on your device when you go to another room if you do not live alone or have guests.

Network and Router

• Use a wired connection instead of Wi-Fi when possible
• Check that you have a backup Internet connection channel (3G/LTE)
• Check the settings of your router and change all default and weak passwords
• Turn the firewall on
• Ensure that the router’s administration interface is not accessible from the Internet
• Switch Telnet and other insecure services off
• If possible, segregate your wired and wireless networks into different VLANs
• If you use Wi-Fi make sure:
  • Your router access is password protected
  • You configure WPA2 with AES as an encryption algorithm on Wi-Fi network
• Minimize the use of Bluetooth whenever and wherever possible, especially on older mobile devices.

Secure Operations

• Use the VPN provided by your company to access server files and services
• Use a Remote Desktop connection to your office workstation instead of working on your home computer, if possible
• Use only corporate email for any business-related activity
• Do not store corporate information on your private devices any more than absolutely necessary to complete your work 
• Use corporate tools for data storage and sharing, like SharePoint online, OneDrive for Business, GSuite, Box, or other tools provided by your company
• Write down or memorize contact information for your company’s InfoSec department and Security Incident reporting facility. Contact them immediately in case of any suspicious activity on your computer, of if you suspect you’ve suffered from a virus outbreak, phishing/spam or any other attack.

Internet browsing

• Be ready to combat SPAM and phishing emails or social media messages. There will be plenty, particularly on the topic of coronavirus:
  • Do not click on suspicious links
  • Do not open suspicious attachments
  • Do not respond to suspicious contacts in Skype and other messengers