IT Security while working from home

it-sikkerhed ved hjemmearbejde

7 IT Security Tips For Working from Home

  1. Use a VPN connection
  2. Make sure to lock your computer when leaving it. A set of cat paws or some baby fingers can easily press something wrong
  3. Update your programs
  4. Have strong passwords and change them regularly
  5. Make safety calls if you are asked via email to install a program or transfer money to ensure that it is not a hacker pretending to be someone they are not – even if the emails, at first sight, appears to come from your boss or the IT department
  6. Do not click on emails that look suspicious  
  7. Do not open attached files from unknown senders

Maintaining the IT security when working from home is something you must take seriously. Just like at work, it is important that the employees also have good routines for maintaining good IT security when they are working from home. Maybe your employees think that IT security isn’t as important to be aware of while being at home – because what can happen at home? It is very natural that we as people forget the good safety routines when we are at home and are not reminded to be cyber aware. But, as you probably know, no more than one click is necessary to create fatal consequences.

The Consequences of Lacking IT Security

Malicious hackers can gain access to your systems and install malware and ransomware, which requires valuable time to get removed. Not to forget the financial consequences that often follow attacks like these because they prevent business-critical tasks from being solved. A cyber attack can easily become an expensive affair and can cost millions to fix again.

If unauthorized people gain access to the organisation’s data, it can have fatal consequences. Therefore, your employees must be aware of how to protect the organisation’s data in the best way – also whilst working from home.

It is important to have clear guidelines for how to react if you experience something suspicious or receive phishing emails. 

More IT managers answered in a survey that they experienced an increased amount of cyber attack attempts during the Covid-19 pandemic. In situations like these, where many people work from home, it is important that everyone has good IT security habits. 

1. Use A VNP Connection

When you use a VPN connection (Virtual Private Network) your web traffic will be encrypted and you will protect your personal data.

The encryption takes place between your device and the VPN server your device is connected to. Once you have connected to a VPN server, all traffic from your device runs through the extern server (and thus the virtual private network) before reaching the internet. 

2. Make Sure to Lock Your Computer When Leaving It

Even if you just need a bathroom break or want to make a cup of coffee, it is important to lock your computer when you leave it – also when working from home. 

3. Keep Your Programs Updated

Make sure to keep your programs, e.g. Microsoft 365, updated. Microsoft Teams use Advanced Threat Protection (ATP), which protects against cyber-attacks and blocks unsafe attached files or links. 

4. Have Strong Passwords and Change Them Regularly

Your passwords must be unique and strong so it isn’t possible for unauthorized people to access your computer and your programs. 

Password Spray Attacks 

Some hackers attack systems by trying popular passwords, such as ‘qwerty’, ‘password’ or ‘123456’, on all accounts in a large organisation hoping to find a match. The hackers are well aware that there is only a certain amount of attempts on each account, so they adjust the number of attempts along the way. 

Did You Know?

According to the Center for Cyber Security, the typical password behaviour is:

  • If the website requires a password of minimum 8 characters, the password created is typically only 8 characters. 
  • If the password must contain one capital letter, the capital letter is typically placed as the first letter in the password. 
  • If the password must contain numbers, these are typically placed at the end of the password. The numbers are often between 00-99 or written like a date. It is also common to replace letters with numbers that resemble the letter or is placed close to the letter on the keyboard: “3” as “e”, “0” as “o”, etc. 
  • The requirement to use special symbols is often solved by only using one. Some symbols are more popular than others. The at-sign (@) and the exclamation point (!) are amongst the most popular symbols. 
  • If the password must be changed regularly, people often use cyclic words such as seasons, quarters, months, etc. 
  • Some words or numbers are very popular and appear in many passwords. Amongst the most used passwords are ”123456”, ”password”, and lines of letters such as ”qwerty”, that follow the letters’ placements on the keyboard. 
  • The password is the same as or part of the user name.
  • The password consists of the names of family, friends, pets etc. 

Do you recognize this behaviour? 

A good tip to creating passwords is to use the first letters in a sentence or add numbers and special symbols, such as: 

Egrtaleakvabdfbies/8

Awareness And Training

As mentioned by the Center for Cyber Security as tip #4 in this guide, awareness and training in IT security is a good way to inform about the hackers’ attack methods and a good way to give advice on e.g. strong passwords. The benefit of our IT Security awareness training is, that your employees can access the course on all devices, around the clock!

5. Make Safety Calls If You are Asked via Email to Install a Program or Transfer Money

Even if the email, at first sight, appears to be from your manager or the IT department, it could easily be a hacker pretending to be someone they are not. 

Imagine this: You receive an email, that looks like it is sent from your manager’s email address, asking you to pay an invoice as soon as possible. This should set off an alarm clock in your mind and you should call your manager to confirm that the email was sent by them. 

6. Do Not Click on Emails That Look Suspicious

If you receive an email saying you’ve won a prize or that want you must confirm your credit card information, you should be very cautious before clicking on the link. 

7. Do Not Open Attached Files from Unknown Senders

You must be critical of files you receive from unknown senders. 

Many HR-departments receive files, that resemble innocent résumés, but this is for some hackers a way to gain access to the organisation’s systems. It can help to have a program that scans the attached documents, e.g. résumés, before they are opened. 

The Center for Cyber Security

The Center for Cyber Security works to maintain the cybersecurity in Denmark and estimates the danger of current cyber threats. During the 2020 corona pandemic, where many people have worked from home, the threat has been assessed to be very high.

IT Security Policy

We know that it can be tough getting your employees to read the IT security policy. It is often not of interest or a priority to them. We offer a solution where your employees must sign that they have read the IT security policy along with the e-learning course. 

Employees who have completed our e-learning about IT security knows the good safety routines, are more cyber aware and react quicker when experiencing something suspicious. 

Read more about cybersecurity on the Center for Cyber Security’s website. 

Do you want help making your employees more cyber aware? Then contact us and start the dialogue today!

Phishing is when you receive false e-mails with infected links and attachments. Phishing emails are often sent out in large quantities in the hope that someone “bites the hook” and clicks the infected emails or attachments. 

The sender will often resemble someone you already know, and because of this, you must be extra cautious, for instance by hovering the mouse over the sender’s name. 

Spear phishing is a specific sort of phishing where the attack is targeted at one particular person or organisation. The purpose is to make the targeted person click on an infected link or open an attached file, so the cybercriminal can access the person’s computer and data. In spear phishing, techniques from social engineering are often used; the hacker pretends to be someone you know e.g. your manager or a colleague.

Most hackers often attempt at attacks during the holiday seasons, so you should be extra cautious in times like these. 

Smishing is when you receive false text messages that encourage you to click on infected links. Because of this, you must be cautious when receiving text messages from an unknown sender. Always be critical when receiving mails or text messages with a link or a file from an unknown sender.

Leave a Reply

You must be logged in to post a comment.