Call Us
Recommendations for working from home
With COVID-19 pandemic, organizations across the world are restricting their employees to work from home as part of social distancing to decrease the outbreak.
On the other hand, remote work increases the risks of cyberthreats like never before. Here we provide a list of actions that should be considered by any organization that wishes to enable remote access to its employees.
Actions for the organization
1. Deploy a VPN server so that employees can connect from their home to the organization's network using a secure, encrypted communication channel. The VPN functionality is standard in a modern UTM appliance. This way the organization can configure the secure access of remote users only to the parts of the internal network that they need to. Access though VPN eliminates the need to open ports (eg Remote Desktop) to the Internet which in the not so distant past was used by malicious agents to spread ransomware.
2. Use two-factor authentication. This adds an extra layer in the authentication process of employees to the VPN. The user must provide a one-time password which is generated from another device (eg smartphone or OTP token). This feature protects the organization from credential theft and weak passwords of the accounts of remote users.
3.Managed file transfer
While VPN is an integral part of any work-from-home scheme, file transfers can be really challenging. Home Internet connections are not always reliable and timeouts can result in failed transfers. To add insult to injury, there is no control in the content of transferred files, which can hold confidential information, thus raising the DLP risk. Therefore, the organization should employ a solution to ensure availability of files but also checking that no sensitive information is leaked.
Actions for the remote user
1. Network Security
- Use wired connection to the home router. It is faster and considered more secure than wireless. If this is not possible, here are a few steps to strengthen the security posture of the wireless connection.
- Change the SSID of home WiFi
- Disable WPS because it can be exploited to gain access to gain access to the home WiFi
- Use WPA2 or WPA3 instead of WEP which is unsecure
- Use a strong password to secure access to network
Other network security precautions for home
- Change the default IP range of home network in the router settings
- Change home router's admin password
- Turn off DHCP and manually assign IP addresses to home devices
2. Computer Security
Protect from malware. If the PC does not already have one, an antimalware product must be installed. An infection to a remote endpoint can be propagated to the organization's network. The antimalware software must have at least the following features:
- Realtime protection from viruses, trojans, adware, keyloggers, spyware, and other malware
- Protection against threats from infected websites
- Advanced protection from ransomware
- Advanced safeguards when connecting to "sensitive" websites (like web banking) to protect from credential theft
Use a software firewall. Even in the home network a firewall must be enabled in the PC used for work. Windows firewall is a solid solution that protects from attacks originating from compromised network devices.
Software updates for the operating system and other applications (eg browsers) are really important. They often include fixes for security vulnerabilities that have been uncovered since the last version of the software was released. Malware works by exploiting these vulnerabilities, therefore updates must not be overlooked.
Though outmost care was taken to prepare this short guide, readers are encouraged to lookup to the documentation of their home devices before making any changes, because inability to correctly configure them might lead to loss of connectivity.