Working From Home, Staying SafeFor many of us, working from home has become the norm – and may do for some time to come. It’s easy to get ‘comfortable’ however and not treat our home computing experience as formally as we might do in the office. That can make it easier to make mistakes that can lead to security breaches for the company, so please find below some general guidance which we recommend you stay alert to:
How secure is my computer?What Anti-Virus software does your home computer have..?
If you’re using a home computer for work, then this computer should absolutely be as protected as your work computer, especially while accessing company documents, e-mail etc. If you aren’t running your corporate anti-virus product, we can easily – and temporarily – add BitDefender GravityZone for just a few pounds a month (there is no long-term commitment). Home vs. Work Computing
Working at home can often mean mixing our ‘home’ computer activities with work ones. Are you confident that all applications, games etc. on your computer are legitimate, and safe? They may not be, so it’s worth doing an audit of what the kids are doing on it… If it’s a work computer, ISL’s recommendation is that it is only used for work activities. Are you less likely to be vulnerable to a phishing attack whilst working from home?
No! Actually, since the beginning of the pandemic, Cyber Criminals:
- …have set up phishing websites mimicking those of Gov.uk and HMRC to lure Internet users to share their personal and payment information
- …have tried exploiting scenarios such as: Managers/Directors communicating to staff with a heightened sense of urgency
How secure is my connection?The traditional VPN (Virtual Private Network) tunnel is still the safest way to work remotely, but many organisations also opt for ‘RDWeb’ functionality which allows for a more streamlined experience. In all cases, it’s very important that your passwords are setup and kept as secure as possible. Microsoft recommends the following best practices when picking a password – it should:
- Be at least 12 characters long. 14 or more is better
- Be a combination of uppercase letters, lowercase letters, numbers, and symbols
- Not be a word that can be found in a dictionary
- Not be the name of a person or a popular entity such as a character, product, or organization
- Be significantly different from your previous passwords
- Be easy for you to remember but difficult for others to guess. Consider using a phrase like “6MonkeysLooking^”
Once you’ve created a strong password, you should follow these guidelines to keep it secure:
- Don’t share a password with anyone. Not even a friend or family member.
- Never send a password by email, instant message, or any other means of communication that is not reliably secure.
- Use a unique password for each website. If someone steals a password that you use on multiple websites, all the information that password protects on all of those sites is at risk.
- If you don’t want to memorize multiple passwords, consider using a password manager. The best password managers will automatically update stored passwords, keep them encrypted, and require multi-factor authentication for access.
- Don’t store a password on the device it’s designed to protect.
- Try not to write your passwords down, but if you must write them down keep them secure. Don’t write them on sticky notes or cards that you keep near the thing the password protects, even if you think they’re well-hidden they could be discovered.
- Whenever possible, change passwords immediately on accounts you suspect may have been compromised, or even if you just think the password has been compromised.
- Avoid entering your password on any device if you’re unsure whether that device is secure. Devices that are shared or available for public use might have keylogging software installed that could capture your password as you type it. You should also avoid allowing your password to be saved on shared or public computers.
- Enable multi-factor authentication (MFA) whenever available. MFA is a method of access control that requires more than one credential for verification—such as requiring both a password and a pin. This adds another layer of security in case someone guesses or steals your password.