While the flexibility to work from anywhere is appealing, especially during weather events, it also opens a Pandora’s box of cybersecurity risks.  Your company should provide regular cybersecurity awareness training.  This is an instrumental step in improving your cybersecurity defenses and reducing the risk of a breach.  If they don’t provide this ask your employer about adding it and if necessary, seek your own.  Organizations like sans.org and others have cybersecurity trainings you can utilize.  Here are some other key insights on maintaining a secure remote working environment:

🔒 Secure Your Network: We often think of our office and home environments are safe, but while your company may (hopefully) employ experienced IT resources and protections, your home doesn’t have the same benefits.  The false sense of security when at home can easily leave you vulnerable to cyberthreats.  Your home Wi-Fi might be more in your control, but many of the same concerns exist.  Is your Wi-Fi security using current standards?  Is it encrypted using a strong password?  It is isolated from personal, family, guest and IoT devices?  Do your children use the same Wi-Fi network, perhaps gaming with friend and unknown others, exposing your home network to threats?  Use WPA3 encryption, set a strong password, and consider a VPN to shield your activities from prying eyes (hopefully your company has a VPN or similar solution in place).

🚀 Update Regularly: Keep your router’s firmware and all devices updated. These updates often contain critical security patches.  IoT devices and anything connected to your network poses a risk, but unlike computers, these devices aren’t always updated automatically or frequently.  Closesly monitor your device manufacturer’s for updates.  If possible, isolate these devices (you may need to consult a professional for this).  Whenever possible, replace devices that can’t be updated or no longer receive security patches.  Threats to your computer, work or personal, don’t have to come form another computer – any network connected device can be the launchpad of threats on your network.

👁️ Be Watchful: Public Wi-Fi is convenient when on the move, but dangerous.  Control is never complete, but what you have no control over is the most dangerous risk.  Public Wi-Fi may not be encrypted and when it is, may not use optimal security.  It’s also easily faked, tricking you into connecting you to a hotspot you think is safe, but actually captures all you type and view, potentially even infecting your computer with malware.  Public Wi-Fi is a hacker’s playground. If you must use it, avoid accessing sensitive information and always use a VPN or similar solution.

💼 Work vs. Personal: Separate your work and personal devices.  Even as a business owner, this is important.  This simple step can significantly reduce the risk of cross-contamination.  Your business devices likely (remember, there are no guarantees) have more protections, but that doesn’t make them free of risk

We’ve compiled a few common frequently asked questions below.

Q: What are the key steps I should take to work from home securely?

A: To ensure you’re working from home securely, you should:

  1. Consult your company’s IT resource (if you don’t have one, chec with company management).  You may want to contact an IT professional to assist with your home network/technology as well.
  2. Use a VPN or similar technology to secure your internet connection (check with your IT resource for advice).
  3. Enable strong Wi-Fi encryption and use a robust password.
  4. Separate your family wireless network from your work network and from guests.  If possible, isolate your children’s devices from the wireless network you use.
  5. Keep all your software and operating system up to date.  Keep your other network device firmware up to date.  Isolate IoT devices if possible.
  6. Implement multi-factor authentication for accessing all accounts.  Remember, some sites and apps offer MFA, but don’t enforce it – check your security options and always enble MFA.
  7. Be cautious with emails to avoid phishing attacks.  Phishing attacks and poor password hygiene are the leading methods of cyber attacks.

Q: Should I be worried about my home Wi-Fi security?

A: Yes, home Wi-Fi networks can be vulnerable. Use WPA3 encryption (some devices may not support this, so you may need a separate WPA2 network for them), set a strong and unique password, and ensure that your router’s firmware is updated regularly. Whenever possible, enter the password yourself to connect devices instead of sharing the password to others.  Additionally, consider setting up a guest network for other household devices to keep your work devices on a separate network.

Q: Can I use my personal computer for work?

A: Your company should have a policy on this (and preventative measures), but as a general rule, no – do not use personal computers to access business data and systems.  Use a “standard” user account on your personal computer as you should do at work and a separate admin account for admin tasks only when necessary.  Likewise, your personal computer should be not be used or connected in the office (use the office guest wireless if this is needed, and preferrably check with your IT resource).

Q: What do I do if I suspect a security breach on my home network or work device?

A:  Your company should have a policy on this, but a general rule is to immediately disconnect from the internet and report the breach to your company’s IT department. They will guide you on the next steps, which may include a security audit of your devices.  If this is a personal device, consult an IT resource and don’t use the suspect device until you are confident it is safe.  If you suspect a password has been stolen or compromised, change it from a trusted computer.  Use a password manager for securely creating and storing passwords which should never be duplicated.  Monitor the dark web for stolen passwords and change them and always enable Two Factor Authentication (2FA) also known as Multi-Factor Authentication (MFA) or Two-Step Verification.

Let’s not let the comfort of our homes lull us into a false sense of security.  Stay vigilant, stay updated, and let’s keep our data as secure as our front doors.