Information Security Information Technology Company

What are the cyber security risks around working from home?

Answered by:
David Gillam from Gillam Data Services

David Gillam

Premium
Highly recommended
Gillam Data Services
11 Questions answered
Answered on May 11th, 2020

While all of the already-offered advice is good, some is more practical than others.  Recent security research has shown, for instance, that forcing people to change passwords on a frequent basis actually results in less-secure passwords, as people will tend to either publish (write somewhere they can get to, which inevitably others will also) good passphrases because they cannot remember them until just before it's time to change them again, or make bad ones so they can remember them from one iteration to the next (eg: mypassword1, mypassword2, etc.).  A better approach, the research found, is to use a secure password management system (LastPass, KeePass, etc) coupled with a complex pass phrase (eg: Kdsf173$#,tG458!#*kHOsWgb) and only change it infrequently--like only when a special event occurs.

For wifi, make use of separate guest networks for more-friendly passwords and IoT devices--keep your important computer data systems internal and separate from the guest networks, and preferably on hard-wired connections instead of wifi.

As previously stated, use MFA (multi factor authentication) wherever possible.  This alone can turn a bad password into a good one.  The preference here is an MFA app such as Google Authenticator, Duo, or others.  SMS text messages for a 6-digit code to be retyped into the MFA field is not as secure as these special-purpose tools.

If your employer offers VPN access, use it.  Keep business physically separate from home computing activity--use an employer-provided laptop, for instance).  If a true VPN is not offered, and the employer agrees, a point-to-point VPN to remotely control your office desktop can be used.  Again, do not use your personal computer to do this, but rather a company-provided one.  Outside of VPN, and in general, only visit secure websites (https:// instead of http://).  Always enable secure connections (SSL, TLS, StartTLS) for email and other purposes.

Ensure your computers and IoT devices are kept updated for security and other reasons.  Monitor your firewall and router logs for unusual traffic.  As these requirements are of a more technical nature, make use of a Managed Services Provider (MSP) to stay on top of these requirements.  We can help.

Gillam Data Services
https://www.davegillam.com
[email address]
xxx-xxx-xxxx


See all 133 answers
More answers from David

Minimum Wage Hike: Will It Help Or Hurt?

Should quotes be submitted to the prospect before meeting with them to give a presentation?

I'm looking to advertise companies or music artists on my radio show. Anyone interested?

See more >

Gillam Data Services's Services and Events
Proactive Desktop & Server Security by Gillam Data Services

Proactive Desktop & Se...

Let us help you with proactive services to keep you runni...
Backups & Data Recovery by Gillam Data Services

Backups & Data Recovery

Call us for help with solid backup and recovery services!...
Sharepoint & Azure by Gillam Data Services

Sharepoint & Azure

Have an Azure project you need help with? Call us!

See all >