Many of us have shifted our usual office workspace to a work from home setting in the past weeks and it has become clear that it may remain this way for some more time. Now that most of us are settled into our new workspaces, it is a good time to start looking for some security improvements which can help secure not only your workspace but also your home network in general.
CyberCube’s mission is to deliver the world's leading cyber risk analytics. We enable society to make better decisions about which digital risks to avoid, mitigate or insure as internet-connected technologies change the nature of risk in the 21st century. As a cyber analyst, I’ve spent most of my career looking at cyber security vulnerabilities. Here are some of my suggestions to help improve security, given the shift to a home-working environment.
The below is not intended to be a laundry list, can carry different degrees of difficulty for technical and non-technical users in implementing, and cannot possibly consider all individual circumstances that come into play with work from home. However, I hope it will help people think about what is in their power, to be more conscious in general about secure practices, and to be proactive in their home environments.
The burden of considering what needs to be done at once is also not necessary. While quick adoption is best, doing at least one of these action points is better than doing nothing and implementing these over time is one way to get to the finish line without being overburdened. Finally, in most cases, defending against an attack is not about having the best defenses ever, but about providing enough barriers/deterrents to an attacker so they focus on the next (and easier) target. Proactive steps you can take include:
1. Secure your access point (i.e. your modem and/or router(s))
2. Device encryption can be important, but guidelines will differ based on Windows, macOS, iOS
3. VPNs are important to secure work traffic, make sure you have a strong unique password for this as well and if not consider changing it with an administrator
4. Keep an eye for regular threats such as phishing attacks (double check!) and USBs (don’t use them, with the exception of USB-based physical tokens such as Yubikeys)
5. If it’s in your power, try to make backups of at least mission critical data/documents, if not more, but depending on your individual circumstances, this might not be possible
6. Developing contingency plans - even if you’re not at a level to develop plans for your company or department, just knowing what to do individually if things go wrong can make a major difference. (E.g. I clicked on a phishing link or downloaded a malicious file - what do I do now? Who do I contact? What information do I need to provide to make others’ response easier?)
7. Changing all default passwords to something unique and strong8. Patch all computers, routers, and other devices (i.e. IoT devices) on the network. Try to often patch computers with ease since operational systems tend to facilitate/automate the process, but routers and IoT devices are often forgotten for updates
9. Review endpoint protection on laptop/desktop computers. We can find decent protection even for free: do some research on these and find out which one is best suited for your case
10. Identify high-risk systems/accounts and set 2FA/MFA on them - the more services you cover, the better11. Some users may want to implement different subnets at home to separate work and personal networks, but this will require some degree of technical work
12. Changing DNS settings can help mitigate some attacks, for example using Cloudflare’s 1.1.1.2 and 1.1.1.3 which block malware and malware+adult sites respectively at a DNS level by domains identified by Cloudflare as belonging in these categoriesAs you read and/or work through the list, you’ll find that some of these items are out of your reach. Doing some web searches or asking for help from your company may address some of these barriers, but some of these may still remain challenging. Don’t despair and just try to do your best with this list, as even doing a few of these will leave you in a better position than you were yesterday.
In some cases, your company may have already implemented some measures, given you instructions, or sent you equipment, in which case follow company guidelines but recognize that some items (for example, unique passwords) will always be within your own power and responsibility. Remember security is a journey and every step helps you get farther from an attacker. Most measures will enable you to create a secure home workspace and can also secure your home network in general.