Many employees are currently still working from home which entails a lot of new IT security risks, since hackers are increasingly taking advantage of the current uncertainty.
In most companies, the home office had to be connected from one moment to the next, hence proper preparation has often been neglected. Although video conferences, cloud applications and mobile end devices make decentralized collaboration a lot easier, these infrastructures also open up new points of attack for cyber criminals. In addition, there are tens of thousands of obsolete computers, unsecured routers, and poorly protected WLAN connections that all of a sudden offer access to sensitive company data. But how can companies successfully protect their employees' home offices from hacker attacks under these conditions?
The following 10 golden rules from Rohde & Schwarz are useful best practice tips you might want to consider:
1. All employees should receive binding and clear regulations for the protection of IT and data in the company in writing if they are connected to the company network.
2. Pay extra attention to Internet attacks to protect end devices especially during the Corona crisis, since the situation is increasingly being exploited by hackers. Malware is smuggled onto computers via fake websites, emails or graphics that come from apparently trustworthy sources.
3. Protect data on the end devices. Organizations with high security requirements should equip their employees' end devices with hard disk encryption. Only authorized users can then use their data and operating system via multi-factor authentication. If the device is lost or stolen, it is not possible for third parties to access the data.
4. Basic security measures. The workplace in your own four walls should be physically secured by locking doors and screens. It is also advisable to cover the webcam on the computer or laptop when it is not needed, and to switch off the microphone when not in use to avoid possible espionage attacks.
5. Secure your home WLAN connection. The standard administrator password should be replaced by a new, strong password and WPA2 encryption be activated.
6. Update operating systems, web applications and apps. For an essential protection against hackers, all IT technologies in a company must be up-to-date and all employees should update regularly and work with the latest system version.
7. Beware of scammers. Attackers deceive and use tricks to gain access to passwords, bank details or access information. For example, they send deceptively real-looking emails. In addition to phishing, you should also be careful with calls, SMS, social media content and fake messages that are distributed via Messenger. This so-called social engineering represents one of the greatest risks in the home office in times of dramatic changes.
8. Companies should use secure communication channels to connect the tablets, smartphones, or PCs of employees in the home office to the company network. Virtual private networks (VPN) are recommended. They establish connections between the end device and the company network via a "secure tunnel".
9. Use strong passwords. Passwords protect applications from unauthorized access. The more complex and clear passwords are, the harder they are to crack. Multi-factor authentication, for example using a PIN, fingerprint, or password, offers additional protection against access by unauthorized third parties.
10. Protect data in the cloud. Cloud applications and collaboration services are ideal for decentralized work. However, the protection mechanisms of the cloud providers usually do not meet the security requirements of many companies. There is a risk of data espionage and compliance violations. The solution is data-centric protection: placeholders are set in the cloud that only contain metadata that is necessary for collaboration and workflows. The user data deserving protection is stored fragmented in the company network or at another location.