Security Mindset for Working from Home
With the rapid shift to working from home as Covid-19 lockdowns came into effect all over the world, many organisations did not have the chance to fully prepare their teams as to what this means in terms of cybersecurity. Securing your remote workforce has become significantly more important, as working from home looks set to become at least one aspect of the "new normal."
So how can you prepare your team? What are some of the basics they need to know to keep themselves, and you confidential or sensitive information safe? We've put together a list of quick tips to help remote workers implement cyber security best practices while working from home.
- Give yourself a dedicated office or work space to keep work and home life separate. Let your family know this is your space and not a play zone
- Ensure all confidential and sensitive documents are stored securely and disposed of correctly according to company requirements and procedures. Dumpster diving is a common tactic to gain sensitive information
- Lock your devices when you aren't using them and make sure they are password protected
- Don't save passwords in your browser. Use a password manager approved by your organisation to safely store and retrieve passwords. Make sure passwords are long and complex and use unique passwords for each different account.
- Be aware of smart speakers in your home and move these out of work areas
- If you're having technical issues, it's best to phone your organisation's helpdesk or IT service provider
- Use approved software tools and mechanisms to communicate with your colleagues, rather than things like social media applications.
- Always phone to verify a colleagues request for sensitive information or transferal of funds. It's better to be safe than sorry
- Sending company information to your personal email accounts is a security risk, even if it's just to print something out, and should be avoided.
- If you're out and about, don't use public WiFi services to carry out work tasks and be aware of anyone looking at your screen or keyboard as you type - this is known as shoulder surfing
- Ensure work-related phone calls are taken in private areas where there is little chance of eavesdropping
- Increase your efforts to educate users on the dangers of social engineering and phishing emails - if in doubt, always verify, never click.
- Access work resources and applications on approved devices and avoid using personal devices where possible.
- Always use an approved VPN to connect to your organisation's network from outside the perimeter.
- Ensure your apply the latest updates and security patches to all devices used for work related tasks and make sure your anti-malware software is up to date and running regular device scans.
- Regularly back up your devices in the manner your organisation has approved, and where possible keep a copy offline.
- Most importantly, if you come across anything suspicious, report it to your direct manager or IT Security team.
- Make sure you're aware of your organisation's security policies and what this means for you