Home Office Security – Never Too Late to Evaluate
We are past the point of whether or not working remotely, or from home, is something we are unsure of. It is likely our permanent setup, or at the very least, a long term one that we need to move forward with and in confidence. These recommendations should be for readers who find themselves in this situation as well as any IT provider that oversees clients and their cybersecurity.
While you might still use the dining room or coffee table as a desk, the physical setup is not as important as the setup of things not easily seen at first sight. Cybersecurity needs to be top-notch and if you haven’t addressed it yet, now is the time.
There are obvious things that should be mentioned and not assumed, such as the physical security of your devices. This means your laptop, or desktop, and mobile phone. If you have to leave these unattended for any time, make sure that that they are set to lock or better yet, shut down. This is obviously more important if you have roommates or small children around, but not to be overlooked if you live alone. While theft isn’t something you plan on, it can occur. If you are working in a shared space of the house, move the devices at the end of the day to a location that is safe and out of sight.
The access that your device provides also should be reviewed. If you are using a personal device, this is even more important. Are your passwords shared across accounts? If yes, change them. If you do not have access to a single sign-on, consider using a password manager. Ensure that file sharing is turned off if you are on the home network and that encryption and multi-factor authentication are turned on when given as an option.
A VPN with encryption is something that should be setup. This, like all cybersecurity practices, does not need to be fully understood by the end-user to be implemented. Additional layers of security that apply to your home Wi-Fi should be set up, and never leave the default password for any device!
If you are an IT support specialist or MSP, speak with your clients and allow them to ask questions; allow them to NOT understand without judgment. We are all learning new ways of working that are unfamiliar and it is overwhelming. If you are an employee that feels uncertain and afraid to ask, get over that quickly. It is much harder to undo this type of damage than it is to deal with it upfront and before a breach or identity theft occurs.
It is ok to not have all of the answers. It is ok to feel overwhelmed by all of the things that need to be done. It is not ok to just turn a blind eye and pretend like strong cybersecurity isn’t necessary right now. Take small bites daily and eventually, you will have tackled the biggest challenges you face. Start with a security risk assessment to uncover the gaps in your program -or your clients and their setup. Not sure how to move ahead? We can help.