Stay secure during Home Office
Almost overnight, most companies had to severely limit physical access to their offices all over Europe. As more and more employees start working from home, connecting to their company network infrastructure, security becomes an immediate concern. Keeping IT systems up and running has never been more important than in this critical time, but increased home office activity will inevitably open new vulnerabilities and potential fallacies that might destabilize the entire network.
To support the European Cybersecurity ecosystem and in light of CONCORDIA’s vision of a more secure digital Europe, we have compiled our home office recommendations for employees and for organizations for keeping their IT infrastructure secure and available:
Top Tips for Employees
Collaboration and communication with colleagues are key when working from distributed locations. We highly suggest using a central communication tool. Regular meetings should be held to coordinate workflows and identify problems.
Only employees should be able to make use of the company equipment.
Children or other persons living in the household should not be permitted to use the company-owned devices. Be sure to make of screen locks when leaving the devices to avoid unwanted incidents.
Take care when handling devices that are connected to the company device.
USB sticks, SD cards, other external devices should only be connected to the company device if their origin is trustworthy. Such devices might contain malware even if the owner is unaware.
Make use of the company remote access solutions (VPN, Remote Desktop Services).
It is recommended to use the company provided VPN or remote desktop services for all activities (including Internet surfing in the business context). The company VPN provides security – even if the underlying network is not properly configured.
Use trustworthy download locations for business related applications.
Applications and mobile apps should only be downloaded from trusted sources. Make use of the software store provided by your company IT department. Applications from untrustworthy sources might include unwanted adware or malicious content (e.g. trojans, ransomware).
Make sure the private WIFI is sufficiently protected.
Especially if no company VPN is available, the security of the private WIFI network is essential. Only an encrypted WIFI (WPA2) with a self-selected password (no default password) containing at least 12 characters should be used. Further security measures include up to date firmware for the router and changing the administrator password on the router.
Top Tips For Organizations
Ensure a secure connection to the company network.
Provide a state-of-the-art remote access solution for home office users to access the company’s internal network. Ensure the same level of security measures do apply no matter if r the employees are on site or in the home office environment.
Prioritize business critical functions within the organization.
Remote access by employees who perform business critical tasks should be prioritized in terms of quality of service. Additionally, ensure there are documented and well-known company policies regarding the handling of classified information.
Provide company-owned devices for home office wherever possible.
Best practices dictate, that company data should not be stored or processed on private devices. Many company security measures are primarily enforced on company-owned assets. Ensure the device local firewall is enabled, shielding the company device from private devices in the same WIFI. Furthermore, ensure the local hard drives are encrypted. The home office lacks the physical protection of the office environment.
Multifactor authentication for remote access.
Multifactor authentication provides enhanced security for externally accessible company services where user logins are required.
Provide remote desktop services for employees without a company device.
If not enough company-owned devices are available, provide remote desktop services (also known as terminal server) for your employees.
Beware of online fraudsters.
Strengthen the awareness of all employees on the topic of phishing. Security experts expect increased phishing activities, taking advantage of the general uncertainty and enticing people to risky behavior. Due to reduced communication with colleagues, the detection of phishing attacks might be delayed.