Cybersecurity in home office times: 5 tips for secure network(s)

Virtually overnight, an “analog” virus turns the classic world of work upside down: home office suddenly runs like an assembly line, or as others say, “goes viral. Who would have thought that a microorganism would get digitization up and running and transport us into modern times from one day to the next? The classic office worker suddenly becomes a home or teleworker – whether he wants to or not. Not only the health of employees must be at the top of the agenda, but also the integrity of information worth protecting. Because this “analog” virus also serves as a backdoor for its digital cousins. So, what to do about leaking access points, noticeably weak passwords, against operation long-fingerers or cyber criminals who want to get healthy from the pandemic? How do you turn your employees into real security networkers? Clearly: with security (and the following tips)

1. Enable multi-factor authentication (MFA)

End the eternal password game with multi-factor authentication.

An MFA lets only authorized users into the system, and puts a stop to insecure passwords to boot. Besides USB dongles, software-based solutions require the least effort and are the most convenient for employees to use. They use an app for common smartphones in which a one-time code is generated and additionally entered. Unlike SMS-based solutions, they are immune to SIM swap attacks.

2. Data security measures: Encrypted access

Ideally, you already have secure VPN (Virtual Private Network) access or can set it up quickly. With VPN solutions, you create an encrypted “communication tunnel” between your location-independent end device and the corporate network: This way, the exchange of information remains internal and (eavesdropping-)secure, and man-in-the-middle attacks fizzle out without effect. Tip within a tip: Pay attention to the license size when selecting a VPN solution or when using your existing VPN solution.

3. Encryption instead of data clutter

Even if this technology still meets with little approval among companies (not even one in three SMEs uses it): Encrypt for all it’s worth. Complete hard disk encryption ensures that data does not fall into the wrong hands if the computer is lost. And the General Data Protection Regulation also “rewards” your efforts: the obligation to report within 72 hours no longer applies and data is not considered lost. This means that fines are not imposed in case of doubt.

4. Back ups are priceless

Survival-critical backup copies must not be lost sight of, especially in critical times. Because ransomware attacks are more topical than ever. Despite the “Corona discount”, most companies are left sitting on the ransom costs without ever seeing their data again. With back ups, you not only avoid cyber criminals, but also downtime, e.g. due to disconnections or unintentional or unconscious deletion of master documents on servers and hardware. Tip in a tip: Remove the storage media immediately after the backup process, because ransomware encrypts all accessible USB sticks and the like at the same time. Also check regularly whether the backup copies can be restored.

5. Secure remote rules

Compliance policies should also regulate the withdrawal to the home office. This includes, for example, restricting access rights for employees connecting to the network (who is allowed to access what, when, and how) and limiting the use of third-party peripheral devices such as USB sticks. Enforcing a low-data-loss password policy (especially for companies without MFA in use), including automatic log-outs for extended periods of inactivity and clearly vetoing analog sticky notes with passwords – even at home – also minimize uncertainty factors. Tip within a tip: As a matter of principle, the network should only be accessed via a device to which the IT department has access at all times.

Conclusion: Corona becomes a digitization driver

The large-scale shift to the four walls at home shows that special situations tickle everything out of companies. But in the future, we will have to create operationally and fail-safe conditions for home office employees not only technologically, but also in terms of organization, skills and culture. The same applies to stable routines, as is the case with other emergency plans. One thing is clear: If we finally give digitization a proper and secure leg up, working from home will become a serious option for action. But Corona shows us something else entirely in the analog world: The Internet, of all things, socializes us, we can become incredibly creative in an emergency, even as sedentary employees we can get by with surprisingly little traffic from one second to the next, and we experience how nature and the climate recover within a very short time and that health is the most important thing.

Extra-Tipp: Corona-Scam – Phishing for Money

As a lone wolf at home, it’s even more important to keep your eyes open. Since the virus outbreak, cybercriminals have again been bursting inboxes with spam emails about the pandemic. Promising, alleged news about Covid-19 from the World Health Organization (WHO), supposed appeals for donations or fabulous offers of respiratory masks that direct users to fake stores – the freeloaders shamelessly exploit the uncertainty of the population and want to get healthy from the virus. You can assume that WHO does not address private individuals. For this reason, attachments and links in such mails should not be clicked on under any circumstances.

Ildikó Bruhns

Ildikó ist seit 2011 für ESET tätig und tagtäglich ganz nah am Thema Cybersicherheit. Sie hat an der Bauhaus-Universität Weimar Medienkultur studiert - mit Faible für Filmphilosophie. So gesehen, ist für sie die IT-Security-Welt durchzogen von hollywoodreifen (virtuellen) Duellen zwischen Gut und Böse oder einem ewigen Katz- und Maus-Spiel à la „Catch Me If You Can“. Ihre Artikel werden in (Fach-)Magazinen und online publiziert.