Working From Home Security Checklist

If you’re like me then you’ve probably spent most (all) of the last year working from home. The UK Government stance went from “Work from home if you can” to “go back to the office” then back to the original advice. I think most people however just stayed WFH.

Working from home can be a very positive experience – no more commuting, no more interruptions when you’re trying to get work done, wearing your onesie all day. Your work’s IT department however has a bit of a nightmare on their hands as they can’t exactly control all of your internet traffic like they can when you’re behind the work firewall.

If you’re not provided with a work laptop then you’re going to have to use your personal computer and you’ll be responsible for its security. So here’s some general security advice which you should be applying when stuck in your home office:

Be wary of phishing campaigns

You need to know how to identify if an e-mail or a text message has come from a legitimate source. E-mails and SMS are the two most common avenues that hackers will look to exploit to ‘phish’ you.

Phishing involves an element of social engineering, tricking you into revealing login credentials, personal information, or payment details.

If you’re unsure about the sender of an e-mail – perhaps you got an e-mail that looks like it came from your employer but you’re not quite convinced – then always check with the supposed person. Don’t click on any links in the e-mail. Get them on the phone or get them on a Teams/Zoom/FaceTime/other call, and ask them “Did you send me this e-mail?” – it could just save you your job, your savings, and your privacy.

You need to check the ‘From’ address and make sure you know the domain that the e-mail was sent from. This is a high-level tip, many more detailed guides exist online.

If you don’t recognise the phone number of a text message, or worse, it contains a link too, never tap on any links.

Verify, verify, verify.

Windows/macOS Updates

Ensure that your operating system has all of the latest updates installed. The vendors (Microsoft, Apple, etc.) regularly release security patches for OS vulnerabilities, and Microsoft uses Windows Update to download the latest virus/malware definition files for Microsoft Defender.

Antivirus

Windows has a decent firewall and antivirus installed by the name of Microsoft Defender (formerly Windows Defender).

Make sure these settings are all enabled

These Microsoft Defender settings should be enabled by default. If they’re not, turn them on. If you can’t turn them on, you may have an issue. Contact your company’s IT Support team.

macOS is not immune to viruses and other malware but macOS is a much smaller target. macOS has a built-in system called Xprotect which works silently in the background to protect. Make sure you keep macOS up-to-date. If you would like to install a third-party antivirus for peace of mind then I recommend BitDefender.

Browser Updates

There were some recent major vulnerabilities found in browsers like Google Chrome. Google were relatively quick to release an update and patch those problems.

Most people use Chrome (63% as of November 2020) so it’s a big deal when vulnerabilities are found. However Chrome is great at notifying you when the browser is out of date. You’ll get a prompt at the top right of the browser windows when you need to install an update. If you want to check the browser version then click the ‘three dots’ icon, point to Help, and click About.

Version 87 and below have major vulnerabilities

You should also install updates for Microsoft Edge, Mozilla Firefox etc. as soon as they become available.

If you want to ask some general security questions about your home office setup I have created a little community on Facebook where you’ll be welcomed.

Stay safe,

James.

Published by James

ZeroInfoSec CEO. Family man, hacker, football fan, BMW enthusiast.

Leave a Reply

Your email address will not be published.

%d bloggers like this: