IT Brief Asia logo
Technology news for Asia's largest enterprises
Story image

How to work from home securely

By Contributor
Fri 29 May 2020
FYI, this story is more than a year old

Article by DDLS Australia.

The very rapid and extensive uptake of remote working precipitated by the COVID-19 pandemic has presented enormous challenges to organisations and their employees.

Simply getting the technology in place to make remote working possible has taken considerable resources. Ensuring this technology is secure, and keeping it that way, will require a vigilant approach by IT staff and employees alike.

Every employee-owned device and every third-party network employees use to work remotely becomes a new avenue of attack that can be exploited by cybercriminals.
Remote working greatly increases an organisation’s attack surface, which can become difficult for IT staff to monitor and control. 

Here’s what you need to do to make your home working environment and systems secure, and protect yourself and your employer.

Lock down your device

If you are using a home PC that is shared among family members, make sure you have your own dedicated password-protected account that no-one else can access. Furthermore, make sure your password is strong and that none of your children has admin accounts.

Keep your device up to date

Corporate IT departments are religious in applying patches to software on corporate devices and installing software upgrades. Many patches are designed specifically to counter newly discovered vulnerabilities before hackers can exploit them. Corporate IT can’t do this for your home PC, so you must. In particular, keep the operating system and your antivirus software up to date.

Secure your network

Have a strong password for your WiFi network, and make sure you are using WPA2 encryption, as the older versions of WPA and WEP are comparatively very insecure.

Make sure you change the admin password on your broadband modem/WiFi router. Many of these come with ‘user’ and ‘admin’ as the default settings and don’t advise you to change them.

Furthermore, if you have home security systems and other devices such as baby alarms, cameras and remote lighting controls, put these on a separate WiFi network (most WiFi routers have the option of a guest network) so they cannot be exploited by hackers to access your computer, and subsequently your employer’s network. Many of these devices have minimal security settings and use default passwords which make them prime targets for hackers. 

Be alert for phishing attacks

‘Phishing’ refers to emails that persuade the recipient to either access a URL that installs malware or to enter their username and password credentials into fake websites that mimic legitimate sites. This is one of the most common ways in which corporate email systems are breached. 

Be very suspicious of any email that gives you a link to enter your username and password. Many of these phishing emails masquerade as coming from reputable organisations. In the current climate, organisations like the Center for Disease Control and the World Health Organization are especially popular with criminals.

Be especially aware of any emails pertaining to Coronavirus. Cybercriminals have seized on the fear, uncertainty, doubt and general thirst for information about the virus. Since the beginning of March, registrations for Coronavirus/COVID-19 related domain names have skyrocketed from 1000 to 6000 every day – and you can be sure most of those are not genuine.

Practice good passwording
The rules are quite simple: never use the same password on multiple sites; always use a mix of upper and lower case characters, numbers and symbols; and make sure all passwords are at least eight characters long.

Here’s why - if you do all this, a hacker would need 57 days to crack your password. Drop just the numbers and symbols and they could crack your eight-digit password in just three hours.

While these requirements make remembering passwords very difficult, there are plenty of password manager programs available to fix this problem (some of which are even free). If you use your password on multiple sites, it only takes one password to be compromised to give the criminals access to your other accounts.

Use a virtual private network (VPN)

A VPN encrypts the data coming in and going out of your PC. If you use your employer’s VPN then your data is encrypted all the way from your computer to your company’s IT systems, but if you use one of the many publicly available VPNs, all your corporate communications pass through their systems where it is decrypted before being sent to its destination, thus leaving it open to compromise.

However, a VPN can sometimes create a false sense of security. If you’ve fallen for a phishing exercise and clicked on a link that has installed malware on your computer, that malware can use the corporate VPN to gain access to corporate systems and data.

Don’t download corporate data

Working from home will give you access to all sorts of company data, but don’t be tempted to download any of this to your home PC, even if that’s possible. Doing this could expose the data to hackers and could well put you, and your employer, in breach of rules to protect personal data, such as the notifiable data breach rules in Australia’s Privacy Act.

Access to such data should be strictly limited to those who need it, but many companies fail to do this. A recent global survey by IT security company Varonis found 53% of companies had more than 1000 sensitive files accessible by all employees.

Keep your devices close

If you work in public places such as cafes and trains, make sure you keep your devices close at all times, and be aware of anyone watching you. Shoulder surfing - someone looking over your shoulder to read the screen of your device - can reveal sensitive information.

Get ready for the new order

As COVID-19 restrictions ease, there will be a return to working on-premises but it’s widely expected that the pandemic will produce a permanent increase in home and remote working. Every employee will have a role and responsibility in ensuring their set-up is secure.

To ensure corporate data is kept safe from attackers, every employee should have basic cybersecurity training. Courses such as RESILIA Frontline provide simple, practical guidance they need to make the right decisions at the right time in the face of sustained cyber-attacks and digital exploitation.

To find out more about cybersecurity awareness training, visit this website.

Related stories
Top stories
Story image
Delinea’s Joseph Carson recognised with OnCon Icon Award
Delinea chief security scientist and advisory CISO Joseph Carson has been recognised as a Top 50 Information Security Professional in the 2022 OnCon Icon Awards.
Story image
Artificial Intelligence
Dynatrace extends automatic release validation capabilities
Dynatrace has extended its platform release validation capabilities to improve user experience at every stage of the software development lifecycle.
Story image
Artificial Intelligence
Eight top DevSecOps trends to support IT innovation in 2022
The use of DevSecOps practices is growing, as it is increasingly seen as the best way to produce high-quality and secure code. So what are the current trends?
Story image
Multi Cloud
Cloud is a tool, not a destination
For many years, “cloud” has been thought of as a destination which has led to a misguided strategy that sees an enterprise trying to shift all its applications to a single cloud provider – regardless of the specific needs and nuances of each individual workload.
Story image
SNP unveils next generation of CrystalBridge software platform
Data is a key pillar of every customer-centric organisation, as it relies on agile decisions to become increasingly sustainable and intelligent.
Story image
Oracle Cloud Infrastructure expands distributed cloud services
“Distributed cloud is the next evolution of cloud computing, and provides customers with more flexibility and control in how they deploy cloud resources."
Story image
Robotic Process Automation / RPA
Salesforce announces latest generation of MuleSoft
Salesforce has introduced the next generation of MuleSoft, a unified solution for automation, integration and APIs to automate any workflow.
Story image
Ivanti puts spotlight on power of employee digital experiences
The report revealed that 49% of employees are frustrated by the tech and tools their organisation provides and 64% believe this impacts morale.
Story image
Artificial Intelligence
Accenture shares the benefits of supply chain visibility
It's clear that gaining better visibility into the supply chain will help organisations avoid excess costs, inefficiencies, and complexity to ultimately improve their bottom line.
Find out how you and your business can prevent being caught out by everything from ransomware to cryptojacking.
Link image
Story image
Motorola Solutions
Motorola Solutions deploys communication system to 5th Japanese airport
Motorola Solutions with its partner, Nippon Airport Radio Services deployed the mission critical communication system to Kansai.
Story image
Mergers and Acquisitions
SAS acquires Kamakura to propel risk technology innovation
Underscoring SAS growth in the domain-specific solutions space, the acquisition will enable SAS to greatly enhance the breadth of its risk solutions portfolio. 
Story image
New study reveals 51% of employees using unauthorised apps
The research shows that 92% of employees and managers in large enterprises want full control over applications, but they don't have it.
Story image
NEC expands Open RAN ecosystem with Aspire Tech acquisition
With its agreement to acquire Aspire Technology, NEC Corporation has further increased its capacity to deliver End-to-End Open RAN ecosystems.
Story image
Email threats spike 101%, remains a top attack vector
"Each year we see innovation in the threat landscape, but each year email remains a major threat to organisations."
Story image
Cloud Security
Palo Alto Networks bolsters cloud native security offerings
Latest Prisma Cloud platform updates help organisations continuously monitor and secure web applications with maximum flexibility.
Story image
Hybrid Cloud
Advent One acquires Layer 8 Networks, complements hybrid cloud offering
The acquisition comes at a time of surging demand in hybrid cloud, network virtualisation and network security.
Story image
SAS wins Microsoft ISV 2022 Partner of the Year award
"We formed the SAS and Microsoft strategic partnership with a shared goal of making it easier for customers to drive better decisions in the cloud."
Story image
Zero trust security adoption rises 27% in just two years
A survey of WAN managers has revealed that multi-factor authentication and single sign-on are the top zero trust features implemented.
Story image
How to achieve your monthly recurring revenue goals
Monthly recurring revenue (MRR) is the ultimate goal, the most important issue on which anyone in the IT channel should focus.
Story image
Tech and data’s role in the changing face of compliance
Accenture's study found that 93% of respondents agree or strongly agree new technologies such as AI and cloud make compliance easier.
Story image
Vulnerable APIs costing businesses billions every year
Large companies are particularly vulnerable to the security risks associated with exposed or unprotected APIs as they accelerate digital transformation.  
Story image
Oracle Cloud
Commvault, Oracle to deliver Metallic Data Management as a Service
"We are excited to partner with Commvault and enable our customers to restore and recover their most mission-critical cloud data."
Story image
Public Cloud
Public cloud services revenues top $400 billion in 2021
"For the next several years, leading cloud providers will play a critical role in helping enterprises navigate the current storms of disruption."
Story image
Industry-first comprehensive risk-based API security enhances protection
Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.
Story image
New VMware offerings improve cloud infrastructure management
VMware has unveiled VMware vSphere+ and VMware vSAN+ to help organisations bring benefits of the cloud to existing on-prem infrastructure.
Story image
Cloudian, Vertica to deliver on-premise data warehouse platform
"We’re enabling our customers to capitalise on a leading object storage platform and maximise the value of their digital assets.”
Story image
Vertiv releases updates on ESG initiatives, sets sights on future
Vertiv has released its inaugural environmental, social and governance (ESG) report, the company’s first public report of its ESG activities.
Story image
SentinelOne integrates with Torq to empower security teams
"With Torq, security teams can extend the power of SentinelOne to systems across the organisation to benefit from a proactive security posture.”
Story image
Internet of Things
ManageEngine wins big in IDC MarketScape assessment
ManageEngine's Endpoint Central service has been recognised as a leader by IDC MarketScape in several categories including Internet of Things device deployments and UEM software for SMEs.
Story image
Martech experts reveal the “buzz” on personalisation
In the digital age, innovative technology must be leveraged to power an efficient and effective relationship marketing strategy.
Story image
Forescout reveals top vulnerabilities impacting OT vendors
Forescout’s Vedere Labs has disclosed OT: ICEFALL, naming 56 vulnerabilities affecting devices from 10 operational technology vendors.
Story image
Robust digital warehouse management crucial in Asia-Pacific
Thanks to a network of “cloud” stores, grocery and food delivery providers such as Foodpanda can arrange for these commonly requested items to get packed up and sent over in almost no time.
Story image
How Airwallex helps businesses achieve globalisation success
As markets continue to shift, businesses need to be able to provide the same quality of service for customers regardless of where they are located around the world.
Story image
Stock security features inadequate in face of rising risk
"Organisations must proactively find ways of identifying unseen vulnerabilities and should take a diligent, holistic approach to cybersecurity."
Story image
Data ownership
Brands must reclaim trust by empowering data ownership
According to Twilio's new State of Personalisation Report 2022, 62% of consumers expect personalisation from brands, and yet only 40% trust brands to use their data responsibly and keep it safe.
Story image
Hybrid workforce
Why hybrid working is here to stay and how to ace it
Citrix's new report reveals hybrid workers are more productive and engaged at work than their office and completely remote counterparts.
Story image
Digital Transformation
What CISOs think about cyber security, visibility and cloud
Seeking to uncover the minds of CISOs and CIOs across Asia Pacific, my company recently asked Frost & Sullivan to take a snapshot of cloud adoption behaviour in the region.
Story image
Preparing for the digital decade with the right workforce strategies
For a decade that started under the pall of the pandemic, the 2020s is poised to end with a bang with the digital economy swelling to a high across the world.
Story image
NOWPayments launches new service to analyse cryptocurrency fees
NOWPayments has launched a new network fee optimisation solution that analyses current network fees and picks the most profitable option out of the client's payout wallets.
Story image
FIDO Alliance releases guidelines for optimising UX with FIDO Security Keys
The new guidelines aim to accelerate multi-factor authentication deployment and adoption with FIDO security keys.
Story image
Voice recognition
Renesas and Cyberon expand services with voice recognition
“We are honoured to collaborate with Renesas to simplify the development of embedded voice recognition functions."
Story image
Zscaler launches co-located data centres in Canberra and Auckland
The investment will offer public and private sector enterprises greater resilience in support of their zero trust cybersecurity posture.
Story image
Tech job moves
Tech job moves - Bitdefender, Cohesity, Fortinet & MODIFI
We round up all job appointments from June 27-30, 2022, in one place to keep you updated with the latest from across the tech industries.