The COVID-19 pandemic has forced organizations to rapidly develop processes to allow their employees to work remotely.
As time has passed and those processes have been honed to increase their efficiency, companies able to operate effectively using a remote workforce have begun to realize cost savings and to consider making the change permanent. Employees working remotely are reaping the benefits as well, saving the costs of the daily commute, childcare, and more. Now, however, these remote workers need to begin thinking of their home networks as extensions of their employers’ cyber infrastructure and adopt security practices to protect company assets, thereby protecting their own jobs.
Securing your home network
Securing your network begins at your access point which, for most, is a wireless router. For this section, you may need to find your router’s user manual. If you don’t have a paper copy, you should be able to find it by searching online using your router’s make and model information.
First, determine whether the router is using outdated security protocols. If it is, you may need to get a new router. If the router is supplied by your Internet service provider, they may replace it at little or no cost if you explain to them that it is outdated and is a security risk. Log into your router’s interface (see the user manual for help) and look for information about the wireless encryption protocol the router is using. Make sure that it is the WPA2 or WPA3 standard. Disable WPA or WEP standards if those are also enabled.
Verify that your router is not using its default password. If it is, change it to a strong password containing at least 12 upper and lower case letters, numbers, and special characters.
Your router’s service set identifier (SSID) is the name that it broadcasts. That name should not be the default name of the router, nor should it contain the device’s make and model information. This could give a hacker enough information to research and exploit known vulnerabilities in that particular router model. The SSID also should not include your name or address. If you really want to increase security, change your router’s settings so that it does not broadcast the SSID at all. Make sure only those who require access to your network have your Wi-Fi login credentials. You may want to set up a guest account with restricted access if others need to use your Internet connection. Follow the instructions in your router’s manual to do this.
Applying your organization’s security policies at home
Hopefully, your employer has written cybersecurity policies and practices for teleworking and for protecting sensitive data. Follow those policies and ask questions about anything you do not understand. Hopefully, your organization furnishes you with a company computer or virtual desktop along with a secure virtual private network (VPN) connection to protect data in transit between your home and the office. If you are required to use your personal devices when teleworking, make sure your applications, operating systems, and malware protection on all devices are updated regularly and security patches are applied as soon as possible. Enabling automatic updates where available is recommended. All of your devices and accounts should also be protected by complex passwords as described above.
Increase your threat awareness
Effectively, you, as a teleworker, are running a branch office connected to your organization’s cyber infrastructure. If you enjoy the benefits of working remotely, you may want to stay familiar with current threats and best security practices. A successful breach of your home network may also impact your employer and could prompt undesirable changes in remote work policies. Searching a phrase like “current information security threats” will return pages of articles regarding past, present, and emerging threats including phishing scams, ransomware attacks, vulnerabilities in applications you may be using, and phone scams, to name just a few. You don’t need to become a security expert, just stay aware of what threats are out there that may apply to your situation.
Communicate with your employer
Now that you know what to look for based on your increased level of threat awareness, follow your organization’s procedures for reporting any suspicious activity to the information security department or support desk.
Both you and your employer may be realizing multiple benefits resulting from teleworking, but whether this becomes the new norm may depend on you and your fellow remote workers. Securing your home network and devices, becoming familiar with and implementing your company’s security policies and procedures, increasing your level of threat awareness, and reporting suspicious activity will not only protect your resources, but those of your employer as well. Your employer should certainly appreciate your efforts.