10 rules – how to work from home safely?

by Adam Wódz

19 March 2020

In the last few weeks we have all faced an unprecedented challenge of transforming the way we perform our professional duties. Whoever can work remotely, should do so but do we really know how to do it well?

If the IT department has successfully dealt with numerous problems connected with quick setup of the system for remote use, and if you already have a laptop at home with VPN set up, you are good to go. But do it wisely. First and foremost, you must be aware of the fact that company data which you work on will now also be outside the company’s secured IT infrastructure and you become one of the persons responsible for the data safety. Here are 10 rules which can help you step up to that challenge.

1. Use only the company hardware

If you have been provided with company hardware (laptop, smartphone, tablet), use only those devices for work. They have been appropriately set up by the IT department and they will enable you the easiest safest access to data. They are also constantly monitored in terms of operating system updates or antivirus protection. In case of technical problems, the IT team will be able to help you better if they can connect to your company computer remotely.

2. Use only safe network connection

If, in addition to the laptop, your company gave you also an additional device to connect to the Internet, or added a sim card to your laptop, use only such Internet access in your work. Especially if your home network is shared with other users (e.g. from the same block of flats or the housing estate). Do not connect to any other open/free Wi-Fi networks. If for some reason company Internet access does not work, the safest option is to use the Internet network from your phone (use your mobile phone as hotspot).

3. Ensure data safety during transfer

Remember to always encrypt sensitive data when sending them. If you send valuable data to someone in an e-mail attachment, remember to additionally secure such a file with a password. If the software that you use has no such option, you can always e.g. zip the file and protect it with a password and attach it to the e-mail in such a form. It would be best if you sent the password to the recipient in a different way, e.g. by a text message. And – most importantly – before sending the e-mail make sure that you have entered the correct e-mail address of the recipient. Do not “cut corners” when sending the files, that is never send them from your private e-mail account or through other channels omitting the company e-mail account. If your company has shared a dedicated file exchange platform, use only that channel and do not send any files by e-mail.

4. Do not leave VPN during work

You need to know that VPN not only encrypts your connection with the company network, but it also provides you with additional protection against security threats lurking in the Internet, e.g. against websites attacked by malware. That is why, when you work remotely, do not disable the VPN, even if you want to check something that is not exactly related to you job.

5. Keep passwords safe

Remote work often requires additional access rights to different systems. Therefore, you can have more and more logins and passwords so make sure that you use them safely. Allowing the software that you use remember them (for example in an Internet browser or in VPN connection) is dangerous for two reasons. Firstly, if someone unauthorised gains access to your computer (directly or remotely, e.g. by hacking into the system), they will automatically gain access to the systems that you use. Secondly, passwords e.g. in Internet browsers are, unfortunately, most often stored unencrypted and it will take the hacker just a few moments to crack them. The best idea is to use free password storage software (such as KeePass or PasswordSafe). It is easy to use and guarantees the appropriate safety level – in particular in comparison with passwords noted down in a notebook that you have at home or on your smartphone.

6. Lock the computer when you do not use it

It is obvious that you trust your family members but an unlocked computer is very attractive to children. Or pets. If do not want anything uncontrolled to happen when you are away from the computer – even if it is for just a few minutes – make sure to lock it before you leave it unattended.

7. Do not make too many copies of data

Remote work, and in particular the need to often send files between users who work on them together generates the need to make “your own” copies of data. Try to be reasonable in this respect. Making too many duplicate copies of files in different locations does not increase work efficiency and often leads to confusion as to who, when and what changes has made to the file. An additional problem, however, is caused by the fact that we often forget to delete such “temporary” files from our devices. As a result, they may be disclosed by mistake, e.g. due to sharing the folder with other users.

8. Do not ignore threat alerts

As you are working outside the company’s environment, perhaps using your home Internet network, this may cause changes to the features of the working environment of the security applications operating on your laptop or on the other end of the VPN connection. This may trigger more messages about potential threats. Do not ignore the alerts and try to clarify each of them with the IT department. The alerts can indicate a real risk which may not only jeopardise your computer, but maybe also pose a threat to the entire company infrastructure.

9. Watch out for social engineering attacks

All changes in our lives – and the coronavirus pandemic is definitely one of them – encourage hackers and Internet scammers. Therefore, pay special attention to the e-mails that you receive at that time. Check if the sender’s address is correct or at least seems legit. Think twice before you open an attachment or click on the link provided in the e-mail. In the case of unusual requests, e.g. to change your password or to send a data file, it is best to confirm them over the phone. Even if they are sent from an e-mail address that you know. Also, beware of phone calls from strangers who try to convince you that e.g. they work in a technical support department of your company and need to set up your laptop remotely (or using your hands).

10. Work only from home

When you already prepare yourself for a safe work from home, it would be best if you did not change the location of your home office. Do not work from a coworking space, a playground, a park or other public places. In particular, do not use public hotspots. Every change of location may bring new threats so there is no point in increasing that risk. And, above all, stay home for your health.