Securely working at home

Information security awareness guide

This short guide is based on SANS recommendations issued at the beginning of the COVID-19 pandemic in March 2020.

Why do you need this guide?

Transitioning the workforce to work from home can be a challenge because you may:

• lack the policies, technology or training to secure a remote workforce;
• be unfamiliar or uncomfortable with the idea of working from home.

Major security risks

Social Engineering

Social Engineering is a psychological attack where the victims are tricked into making a mistake, especially in times of change or confusion.

Phishing is a social engineering attack when an attacker attempts to fool you into clicking on a malicious link or opening an attachment in an email. Be suspicious of any email or online message that creates a sense of urgency, has bad spelling or addresses you not by your name, for example, “Dear Customer.”

Protection from Social Engineering

• Learn what Social Engineering is, how to spot the most common indicators of a Social Engineering attack, and what to do when you spot one.
• Remember that Social Engineering is not just email phishing attacks, but other methods including phone calls, texting, social media or fake news.

Weak passwords

To protect from information theft, account hijacking or penetration, avoid weak passwords and use:

• Passphrases (note, both password complexity and password expiration are not sufficiently reliable any more).
• Unique passwords for all accounts.
• Password Managers.
• MFA (Multi-Factor Authentication), Two-factor Authentication or Two-Step-Verification.

Outdated Systems

To protect yourself from malware and hacking, ensure any device you use is running the latest versions of the operating systems, applications and mobile apps.

Quick tips

1. To secure your wireless network at home, change the default admin password of your router, disable admin access from WAN, install the latest firmware, enable WPA2 encryption and use a strong password/passphrase for your wireless network.
2. Ensure all the devices, connected to your home network, including baby monitors, gaming consoles, TVs, appliances or even your car, are protected by a strong password/passphrase and are running the latest version of their operating system.
3. Make sure both the operating system and your applications are patched and updated. Enable automatic updating.
4. Make sure each of your accounts has a separate, unique password. Consider using a password manager to securely store all of the passwords/passphrases for you if you cannot remember them.
5. Two-step verification is one of the best steps you can take to secure any account. Two-step verification is when you require both a password and code sent to or generated by your mobile device.
6. Ensure your firewall is activated.
7. Ensure your antimalware or endpoint protection system is activated.
8. Family or guests should not access work related devices.
9. Common sense: if an email, phone call or online message seems odd, suspicious or too good to be true, it may be an attack.
10. Backup your data and check backups regularly.

More information:

• SANS Security Awareness Work-from-Home Deployment Kit
• Four Steps to Staying Secure
• Creating a Cybersecure Home