Here at Tripwire, we, like many others, recently surpassed the one-year anniversary of working from home due to the COVID-19 pandemic. Since March of 2020, we have converted kitchens, spare bedrooms and garages into office spaces. Our pets and children have become our coworkers, and companies are reporting a sudden increase in shirt sales as opposed to pant sales.
This unique transition has required flexibility to adapt to a new environment, and with that new environment has come a different set of security practices. Although many of us have finally established a rhythm when it comes to working from home, it is worth reminding ourselves of some important security practices every remote employee should be implementing.
Lock your devices
Be sure to lock devices when you step away from the desk. It is important to keep sensitive information hidden from children, partners, roommates and visitors. On most devices, this can be done via a quick keyboard shortcut. If you are diligent about doing this, it can become habit, and you no longer have to think twice about locking your screen as you get up from the chair. This shortcut is Command + Control + Q on a Mac and Windows + L (for "lock"!) on a Windows machine. Give it a try!
Secure your router's password
Many of us were not the ones to manually set up our home's router, so what you may not know is that your router, just like your wireless access, can be logged into. Once you've logged in via a username and password, you can make changes to network settings. As with any other piece of software, this can be problematic if an unwanted user gains access. Routers are often set up with very basic passwords by default, such as "admin" or "12345." This should be changed and hardened like any other password should be. Bonus points for keeping this password in your password manager!
Personal devices vs. work devices
Do what you can to keep personal devices separate from your work devices. Because your personal devices likely are not being monitored by your IT department for software updates and vulnerabilities, avoid using your personal laptop and mobile phone for things that can be done on work laptops and mobile phones. Although it may seem like a hassle to use an entirely separate device to pay a bill, message a friend or send a personal email, make every effort to do so anyway. This can also increase your ability to separate your work life from your personal life at home, an extremely important skill when it comes to prioritizing your mental health and thriving in the midst of a global pandemic.
The latest security news
Keep up with security news and share your findings with your coworkers. Dedicate some time on a regular basis to read up on the latest security news to stay in the know about recent vulnerabilities, attacks and breaches. Consider subscribing to news sites that send out weekly digests to reduce the cognitive load of searching for the latest news manually. It is especially important to keep an eye on third-party software you and/or your company uses. If third-party software is compromised, there is the possibility for a man-in-the-middle attack, a threat which can in turn negatively affect you and your company. By staying up to date, you will consistently be reminded about some of the most frequent and dangerous kinds of attacks, such as phishing scams, that continue to be detrimental to organizations of all kinds.
Use a VPN and avoid public Wi-Fi networks
As we head into spring, where the weather begins to improve and public spaces begin to open up safely, the thought of working somewhere outside of your home office, such as a local coffee shop or neighborhood park, is tempting. However, working in a public space can usher in a myriad of security problems. Passersby can look over your shoulder onto your laptop screen or eavesdrop on your phone conversations, WiFi networks can be insecure, and the chance of leaving a device in a place where it might easily be stolen increases. Take these risks into consideration as you take advantage of the flexibility of working from home. If you feel the need to get outside or step away from the office, consider going on a walk over your lunch break or finding a more secure outdoor office space such as an enclosed backyard.
Prioritize your mental health
If you happen to find yourself worn out or exhausted from working at home, consider taking a mental health day or two to get out of the "office" and recharge. It can be all too easy to forego important security practices when we feel exhausted from performing our jobs and even more so remotely. Do yourself (and your company!) a favor by taking the utmost care of you and your workspace.
Working from home has certainly been a unique challenge that many of us were not prepared for. Whether our future contains safely returning back to the office, remaining in a work-from-home setting or a combination of the two, these basic security practices are applicable to wherever you take your work. They even apply to your home environment, work from home or not! Remember, security is everyone’s responsibility.