At the moment, many of us are in the same boat, more precisely: in Home Office. Some of us have worked from home before Corona but are now surrounded by other family members in the same state of emergency. Others have now been thrown into uncharted waters with office communications that have hardly been digital before.
In addition to the different challenges of the Home Office, there are also concerns about the health of family and friends as well as your own. Not to forget the general political and economic situation - how long is this going to last for?
And now you need to deal with Cybersecurity on top of all this?
Hackers surely aren't going to attack me, now are they? Not now when we're all at our most vulnerable? Without the protection of the company IT department, in a more or less improvised working environment with children and partners, everything being moved online from one day to the next?
As you have correctly noticed, these are rhetorical questions: Despite or because of Corona, you should also think a little more about your digital "hygiene" and protection against computer viruses.
The following simple rules and tips will help you to transform your Home Office into a safe working environment:
1. Infrastructure / Network
- Check whether there are updates for the hardware you’re using and install them - routers, for example, often have security gaps that are often exploited. Unfortunately, everyone in Home Office is their own IT administrator!
- The firewall in the router should be activated by default. However, the so-called "Universal Plug and Play" (UPnP) is usually activated in the home router, as it is necessary for some online games. However, this is a security risk, as it penetrates the router’s firewall and thus allows access from outside.
2. Lock the Screen
- It is not about distrusting your family members – any more than your colleagues in the office!
- Internal company data must be protected in all environments.
- Prevent that Home Office colleagues (i.e. family members) accidentally delete/change/transmit documents or emails because they "want to look up something quickly on the computer" or have accidentally pressed the (wrong) keys.
- Tip: Locking the screen is very easy with "Windows key + L" - just do it every time you get up!
3. Secure Passwords and Password Storage
- Not only in Home Office are strong passwords the basis of computer security. This applies both to the password of the home WLANs and to all accounts of online services. By the way, the length of a password really matters: A password under 10 characters should not be taken seriously.
- Tip 1: Use a password manager such as KeePass to create and store secure (meaning long) passwords.
- Tip 2: Use several words to remember long passwords (e.g. "Freedom.instead-Quarantine").
4. Observe Company Guidelines / Secure Document Exchange
- Certain company policies (e.g. prohibiting the use of Dropbox as a document exchange platform) are enforced in the office by network rules. In Home Office, the same policies apply, of course, but can no longer be enforced by the company network administrator.
- Tip: Document exchange in wealthpilot is simple and secure: upload encrypted, store encrypted in a central location, secure transmission to clients - it's central, easy to find, and securely archived.
5. Installing Updates
- Regular updates close potential security gaps! Depending on the IT infrastructure, the company IT may not be able to import updates centrally if the computer is not in the company network. Update by yourself or join the company network regularly (via VPN)!
6. Have a Healthy Distrust, Think and Be Aware of the Dangers!
- Is the email from a colleague with the document "Latest_Financialtrends.docx" real or is it more contagious than an après-ski beer?• Attackers are currently playing on people's fears and the difficulty of communication within the company.
- Tip 1: Ask the sender whether the document is really genuine.
- Tip 2: If in doubt, open the email/document on an iPad/iPhone. There are hardly any viruses for Apple environments and therefore this option is considered safe.
7. Secure Communication Channels
- Only encrypted communication channels should be used for really confidential calls/data: encrypted emails (but difficult in practice) or secure applications for telephone calls or data exchange. The Signal App is recommended for this.
- Zoom is currently very popular for video conferences. However, the video communication is not encrypted end-to-end and could therefore be viewed on the Zoom servers. However, in order to achieve at least a minimum level of security and prevent the so-called "Zoom-bombing", a password should be set for each video conference.
8. Do Not Forget the Backups!
- How is data backed up when in Home Office?
- Do you have to take care of it yourself or can the central IT continue to do it?
- Tip: When using central services like wealthpilot, data backups are automatically created in the DATEV data vault.
9. Last, but not least:
- If a Cyber-attack occurs, despite all precautions, you should not be afraid to seek professional help from your own IT department or other professionals. Quick reaction is essential to preventing greater damages!
Working from home can be a challenge in itself that's why defense against cyber attackers shouldn't be an additional burden on you. A few simple rules already provide effective protection against most attack scenarios.
In addition, using a central online service can not only simplify the daily workflow, but also provide added security: here, professionals take care of the security of important (customer) data around the clock.
A few relevant websites on the topic:
- Recommendations from the German Federal Office for Information Security (BSI) about Home Office (DE).
- "How Cybercriminals are using the Corona Crisis" (DE) – ZDFheute.
- Test the security of your passwords: https://howsecureismypassword.... - Yes: Your healthy distrust rightly tells you not to enter real passwords here, even if the user input supposedly never leaves your browser!
- Has my email address and possibly the corresponding password ever been published in a hack? https://haveibeenpwned.com gives you the answer.
- Heise Security has just published an article about the vulnerability of "older DSL modem routers" that are no longer receiving updates. Exciting, often very technical reading about cybersecurity.
If you have any questions about how wealthpilot can help you to make your (Home) Office life easier and manage your data securely, please contact us at firstname.lastname@example.org or, for security questions, contact our wealthpilot data security expert Christof Dallermassl at email@example.com.