Many home offices are merely a corporate tentacle complete with a virtual private network (VPN), remotely managed workstations with IT experts at the corporate offices doing the heavy lifting. But others lack virtually any kind of IT super-sleuth to sort things out and that means that the end-user is the IT staff, like it or not. If this is you, do not worry. Here are five things you can do to help better secure your home office without an advanced degree in cybersecurity or an extensive security budget.
Start with the router
These days, the router that you use for internet access does far more than you might think. It has a firewall, some security options, wireless connectivity, and a host of other options. If you pay around $50 extra and get a business-class router, it will come stuffed with extra security options like stateful packet inspection firewall, Denial-of-Service (DoS) protection, content filtering, and others. You don’t have to be an expert in some of the crazier security features, but business routers are usually more secure out-of-the-box and have good support to tell you what to enable. Some come with threat feeds built-in, so they keep up with blocking the latest badness. Also, remember to check for updated firmware when installing the router, and periodically check with the manufacturer say, once a month — for updates.
Not sure where to start? Firewalla makes a terrific line of home and small business firewall routers. Having first reviewed the Firewalla Blue back in 2019 I am even more enthused by their product offerings today. No recurring costs and terrific out-of-the-box security functionality usability make this product my top recommendation for any home office.
Stick to basics
Use security software that includes multiple layers of protection; today’s security suites tend to have stacks of security and are not just “one-dimensional antiviruses” anymore. Also, keep your operating system and applications updated, ideally automatically as the updates matter because they often include patches for critical vulnerabilities. If you haven’t already, now is the time to implement full-disk encryption even if working from home, you may have “off-site” meetings that you take your laptop to, and the risk of physical theft is never zero. Speaking of which, it’s hard to overstate the importance of regular backups. Did I mention back your files up? Back them up locally and back them up to the cloud, redundancy is your friend.
You may not worry about having your device stolen by your relatives or housemates, and yet they may cause some trouble for you or your employer, even if unintentionally. Make sure you have a dedicated secure workstation you use for work and protect access to data stored on it by a strong password or passphrase that you don’t share with anybody else. Put bluntly, if everyone has the password, it’s not really a password. By extension, your family shouldn’t really use the device for things like chatting with friends or streaming movies. Also, set short timeout intervals so that the device locks itself automatically when not in use. And perhaps your virtual friend, such as Alexa or Siri, could do with some time off when you have calls or video meetings involving sensitive data.
Fraudsters of all ilk didn’t take long to catch onto the then-new reality, using the virus as a cover story in a barrage of COVID-19-themed scams and spam. The virus is now firmly entrenched in our minds and cybercriminals have by no means let up on their efforts to siphon off business funds or hold organizations’ data for ransom including by exploiting the remote work trend and the physical separation between co-workers. Business Email Compromise (BEC) fraud, for example, has for long been a major money-maker, and the losses are only expected to climb further amid the pandemic. To counter that, scrutinize all email messages and avoid clicking on any links or attachments especially in unsolicited emails, since they may be attempts to part you from your account credentials or to download malware onto the device. Be highly suspicious of urgent requests and verify them through an alternative communication channel before sending money or data.
It’s amazing what you can learn from down-to-earth podcasts or videos on security. There’s also an endless number of free or low-priced courses that will give you a solid grounding in any imaginable aspect of security. Don’t pick one that’s written high above your head, though; instead, find some you can easily understand that take you through the basics a step at a time. We’ve previously compiled a list of free online courses about security, which also might be worth reviewing. Put bluntly, blissful ignorance should not be an option.
Stay Safe, Stay Healthy
While we all have new worries these days, the old worries and cyberthreats haven’t gone anywhere; quite the contrary, in fact. You may still be relatively new to remote work and may still be trying to get a handle on the new reality. That said, the current troubled times may require some change in mindset thinking of your remote office like your “real” office and being acutely aware of the myriad online threats that may hit particularly “close to home”.