The first work week in the UK since prime minister Boris Johnson announced the lockdown to prevent the further spread of Covid-19 (Coronavirus) is coming to an end. Majority of the workforce in this country has experienced working from home for the first time.
As reported by SC Media UK for the past few weeks, Covid-19 has evolved into a serious cyber-security crisis. With individual freedoms curtailed but work pressure remaining the same, workforces across the world are facing curveballs on their home grounds.
The security industry was quick to jump in with practical advice for people to work from home securely. However, almost all of them lacked the personal touch of someone who has managed to work exclusively from home over the past few years.
Segregation of time and tasks is the key when it comes to work, said Nilesh Mapara, information architect - EMEA and APAC at Firemon. An SC Media reader, Nilesh has been working from home for nine years, “and loving it!”
“I am a believer in strict segregation. The work laptop is for work and personal laptop is for personal use. It keeps you honest and helps prevent faux pas. Any device that is capable of writing data or storing data must be segregated,” said Mapara.
Outdated software used in personal devices is a legible security issue. Over a billion Android devices that use version 6.0 or the earlier ones remain vulnerable to hackers and malware as they do not receive security updates anymore.
“Employees are the first line of defense, and staff working remotely for the first time might not be familiar with the organization’s policies and processes that apply to remote work environments,” said an advisory by PCI DSS, an information security standard for organisations that handle branded credit cards.
PCI DSS prescribes the use of multi-factor authentication for all remote network access originating from outside the company’s network, strict password policy, and adequate training for employees. Work devices must have up-to-date patches, anti-malware protection, firewall functionality, and, above all, no unwanted apps, it said.
With the possibility of lockdowns extending more than two months and cyber-criminals reportedly targeting remote-workers, authentication becomes even more important. Updating device and network passwords frequently is important, said an advisory issued by vmware Carbon Black.
“Employees should be changing their passwords every few months—this becomes more important than ever when they are off the corporate network. Additionally, update your router password—use a full sentence for maximum security,” it said.
“Two Factor Authentication (2FA) adds an additional step to the process of accessing critical data. The first step being a username and password, and the second step being additional verification (like a pin or a push). Enabling 2FA ensures that the user logging in as an employee is truly who they say they are.”
As a person with a “bad habit of going over the top”, Nilesh said he has been consistently updating his network and device security apart from maintaining dedicated hardware for work. He uses encrypted end-to-end VPN to access corporate resources, as a safe method to avoid data leaks. Ultimately, security measures depend on one’s work, said Mapara.
“For my work, VPN is sufficient. But those who handle sensitive data, such as finance, govt, military intelligence, medical etc, are required to use additional measures to ensure that the data remains safe,” he said.
“It is highly recommended that you encrypt your laptop drive using a renowned software, or for corporate computers, company provided software, to stop information leaking to wrong parties, in case of theft.”
Working from home might save travel expenses and time, but it still costs, noted Mapara.
“Costs vary depending on the individual’s circumstances. If you are dedicating a room in a three-bedroom house or flat, your work costs a third of your household bills, such as rent/mortgage, electricity, gas, water, broadband etc.”
Investment in physical security is needed if you use costly hardware, he said. It begins with a lock port for your laptop or computer. The doors and windows of your work room, or the space that you use for work, is equally important. If possible, use an alarm system, he suggests.
“If you have expensive company equipment or sensitive data, do look into a burglar alarm. Also check whether your contents can be insured.”
Unexpected costs occur when device malfunction, virus attacks or ransomware destroys data. Mapara maintains a local disk array and cloud storage where he backs up data regularly. Apart from the added security, this allows optimum broadband usage, ensuring no bottlenecks during work hours, he said.
How does one manage the time and attention needed for work? Segregation works there too, says Mapara.
“I maintain dedicated work hours and spend it at a dedicated space in my house. I start around 9 am and finish by 5 pm, depending on the workload at that time. Coffee helps to stay alert, but I always time some off screen to relax my eyes.”
For a quick read on time management, he recommends Brian Tracy’s Eat that frog first.