Security tips for your new home office

Full-time remote workers are increasingly common and a staggering 70% of global employees work remotely at least once per week which necessitates additional cybersecurity measures to secure data.
The coronavirus pandemic and resulting lockdown of many countries means that many organizations and their employees are now in the unfamiliar territory of full-time working from home (WFH). 
Business continuity planning means that we now need to find ways to protect our customer’s sensitive data while allowing for location flexibility. There is a lot that can be done at an infrastructure level and an individual level to keep customer data secure, but the truth is your company’s confidential information is only as secure as the weakest link. 

Security tips for employees working from home

Secure your home office

Physical security shouldn’t go out the window when you’re working from home. Just as you lock up the office when you leave for the day, do the same when working from home.  
Laptops can be stolen from your backyard, living room or home office. Take your laptop inside when you go and make lunch, and lock the door to your home office. Keep your home workspace as secure as you keep your normal office. 

Secure your home router

Cybercriminals look to exploit default passwords on home routers because not many people bother to change them, leaving their home network vulnerable. 
Changing your router’s password from the default to something unique is a simple step you can take to protect your home network. 

Separate work and personal devices

It might be easier said than done, but it’s important to carve out boundaries between your work life and home life, especially while working from home. 
While it may seem cumbersome to constantly switch between devices to simply pay a bill or online shop, do your best to keep your work and home computer separate. You never know if one has been compromised. If possible, do the same with your mobile devices. 
This can help reduce the amount of sensitive data exposed if your personal device or work device has been compromised.

Encrypt your devices

If your employer hasn’t already turned on encryption for you, you should turn it on as it plays an important part in reducing the security risk of lost or stolen devices, as it prevents strangers from accessing the contents of your device without the password, PIN, or biometrics. 
For reference, encryption is the process of encoding information so only authorized parties can access it. While it doesn’t prevent interference, it does deny intelligible content to the interceptor. 
How you turn on encryption will depend on your device:

• Windows: Turn on BitLocker.
• macOS: Turn on FileVault.
• Linux: Use dm-crypt or similar.
• Android: Enabled by default since Android 6.
• iOS: Enabled by default since iOS 8.

Use a supported operating systems

New vulnerabilities and exploits are posted to CVE on a daily basis and they can often impact old versions of operating systems that are no longer supported by their developers. In general, operating system developers only support the last few major versions, as supporting all versions is costly and the majority of users do the right thing and upgrade. 
Unsupported versions no longer receive security patches as vulnerabilities putting your device and sensitive data at risk.
In short, always use a supported operated system, and if your device allows it, the latest version. 
Here’s how to check if your operating system is still supported:

• Windows: Check the Windows lifecycle fact sheet
• macOS: Apple has no official policy for macOS. That said, Apple consistently supports the last three versions of macOS. So assuming Apple releases a new version of macOS each year, each release of macOS should be supported for roughly three years.
• Linux: Most active distributions are well supported.
• Android: Security updates target the current and last two major versions but you may need to check that your manufacturer/carrier is sending the security patches to your device. You can read more about Android security here. 
• iOS: Like macOS, Apple has no official policy for iOS but security updates generally target the most recent major version and the three prior. 

It’s not always easy to determine if your operating system is supported, which is why its best to use the latest version as long as your device can handle it. 

Enable automatic locking 

If you walk away from your device at your home office, coworking space, or a coffee shop, you should lock it. The issue is as humans, we forget. When we do, automatic locking is there to protect our unattended devices. 
Make sure to configure an amount of time that while convenient is not unreasonably long, such as 30 seconds for mobile devices and five minutes for laptops. 
Automatic locking is enabled by default on most modern devices.

Use a strong PIN/password on your device

All of the above doesn’t matter if you don’t use a strong password. Make sure to avoid anything that’s easy to try, such as repeating numbers (e.g. 000000), sequences (e.g. 123456), or common passwords. 
Additionally, don’t use anything that is related to you, such as your date of birth, license plate, address, etc. A good pin/password should look random to anyone that’s not you.

Use an antivirus

Antivirus software can help protect your computer from viruses, spyware, ransomware, rootkits, trojans, and other types of malware. 
An antivirus software, as the name indicates, is a program that works against a virus. It detects or recognizes the virus, and then after detecting the presence of the virus, it works on removing it from the computer system. Antivirus software works as a prophylactic so that it not only eliminates a virus but also prevents any potential virus from infecting your computer in the future.

Invest in a password manager

If your company doesn’t provide you with a password manager, consider investing in one. They help you create strong passwords and remember them, as well as share them with family members, employees, or friends securely. 
They also make it easy to use a unique password for each website you use.
Most password managers will also allow you to store secure notes, credit card details, and other types of sensitive information. 
Some even ease the adoption of two-factor or multi-factor authentication.  

Enable find my device and remote wipe

Being able to find and ideally remote your device is a crucial part of ensuring information security when a device is lost or stolen. Securely wiping a device makes it much harder to access your data, no matter how much time or determination an attacker has.  
Here’s how to enable find my device:

• Windows: Enable in Settings > Update & Security & Find my device.
• macOS: Setup iCloud on your device by going to Settings > Your Name > iCloud > Find My Mac.
• Linux: Not built into the operating system and requires a third-party app
• Android: Set up a Google account on the device and it will be enabled by default.
• iOS: Setup iCloud on your device by going to Settings > Your Name > iCloud > Find My iPhone/iPad.

Wipe any devices before you share, sell or dispose of

When lending, giving, selling, just throwing out an old device, make sure to return it to factory settings. This will prevent your data from being accessed after you no longer have control over your device, temporarily or permanently. 
Before doing this, remember to back up or transfer any important information on the device. 
Here’s how to return your device to factory settings:

• Windows: Follow this guide from Microsoft and when asked click remove everything. 
• MacOS: Follow Apple’s guide.
• Linux: Follow Arch’s guide then reinstall your distro. 
• Android: Go to Settings > System > Reset options > Erase all data (factory reset).
• iOS: Follow Apple’s guide.