The isolation necessary to fight the new coronavirus pandemic is imposing a radical change in the routine of many people who, among other protective measures against the disease, will work from home.
If you are one of the people who is used to the daily life and facilities of the office, but now will deal with the home office, know that having a discipline of information protection in this new “workplace” is as important as keeping schedules and deliveries. Because, unlike the office environment where all devices are configured by the company’s technology teams, in the home office there is a shared responsibility to protect equipment that your company may not have managed and to encourage security behavior in other people living under the same roof as you.
Therefore, here are some tips that can help you not only protect your company’s data, but also improve information security at home.
Isolation Principle
Isolation is a term you must be hearing a lot, because keeping your distance from other people is one of the most important measures to combat the new coronavirus. Isolating technologies is also an essential measure for computer security, separating things by purpose and criticality.
The first measure in this direction is to make a clear distinction between personal information and company information. If the company provides you with a computer for work and you have another machine at home the separation is materialized here. It’s very important that the personal computer is not used for work activities and the work computer is not used for personal things, and the same goes for the installation of applications: keep the software for personal and corporate use on their respective devices.
Another very important thing is not to share the company computer with other people in the house. As much as they may be loved ones, they have not gone through the same training as you, and may not understand the value of company information as you do. Take the opportunity to teach the principle of isolation and share the tips in this post with your family, they may be useful for everyone.
This kind of conceptual “wall” helps to prevent many attacks on company data, because although an attack on a personal level is not desirable, having your machine used as a bridge in an incident against the company can bring greater damage to your career.
Network
If you live in a house where many people pass by and whose wifi password has been shared several times at parties and other events, it is important to change it periodically. Because it’s difficult to have control over who can access a network whose password is passed on by word of mouth. An intruder could be sharing your network with you right now.
Consider that the work computer is your livelihood tool, so it is worth the effort of having to enter the new password on all the other devices again.
It is also worth enabling the WPA2 setting which makes it very difficult for an external attacker to capture your network password. This setting is present in almost all router models.
Updating your router’s system is also important. Router manufacturers periodically publish updates, many of which fix security problems. Updating is protecting, but in this case you may need the support of a person with technical knowledge to do this.
Another thing that requires technical support but can help a lot with security is to split the network into two segments: one for personal equipment and one for work equipment. Your technician can configure the network so that no communication from one network reaches the other, with the exception of shared devices such as printers.
An alternative to segmentation is to use a VPN, or Virtual Private Network. It creates a kind of tunnel which, depending on the configuration, will only allow communication from the computer to your company. In this case, it’s necessary for the IT area of your organization to configure this mechanism in your computer.
Distrusting the security of public Wi-Fi networks (such as those in squares and parks) or that, for some reason, are open to anyone can be a matter of survival for your data. Public ones in many cases have a lower security level than your company’s network and may have attackers waiting for an innocent person to log on and attack them. Those that are too open are usually traps for attackers, except in cases where the user did not know how to configure the equipment.
At the computer
As mentioned above, the burden of coresponsibility for the protection of your company’s information is greater in a home office context. It’s therefore worthwhile to review important computer protection issues.
The first of these is: keep the systems up to date; don’t forget to update the devices. Antivirus can also be the last line of defense between a criminal and your company data. Keep them up to date and run scans frequently.
It is very important that we have backups of our work in case of any problems. Backing up at home can be a controversial issue, since you are keeping copies of company data in environments the company doesn’t control. However, losing all the data can be worse. In this case it’s important to ask your company to determine what to do about it.
Another necessary measure is to lock the computer. If you share the space with other family members, and even if you have explained the principle of isolation to all of them, this doesn’t guarantee that it will be respected. So block the computer when you move away from it.
Most of the concepts and tips presented here apply perfectly to smartphones, so you also need to take the same care with these devices.
The criminal takes advantage of the context
Criminals try to take advantage of any special condition to conduct their scams, and this time of pandemic that we are going through, can offer new chances for new attacks or old scams, but remodeled for the current context.
These threats don’t always arrive only by email. A criminal who knows that managers and staff are no longer within walking distance of each other, for example, may contact staff members via SMS or other messaging applications posing as a manager and requesting passwords or other sensitive information.
It can also happen by sending suspicious links, fake news about the disease which installs computer viruses, or even through fraudulent phone calls in which the criminal poses as a person you know, or a member of an organization you trust, asking for information or bank transfers.
Nevertheless, now is the time to avoid panic. By acting this way we will get through this phase not only preserving our health, but also avoiding the opportunism of criminals.
And just a reminder.. Wash your hands!