Work Securely from Home Office or en-route

Working from home, en-route on a train, or even in a cafe can easily become a gateway for cyber criminals. The responsibility for corporate data and IT security lies equally with the company’s IT department as well as with its employees.

Data Safety. Photo: Shutterstock/WK1003mike

Home office and work en-route pose major risks to data security.  Photo: Shutterstock/WK1003mike

“The presentation is once again too large for email, here’s the link to the PPT in my Dropbox.” Let’s be honest: If this email is sent from the address of a colleague, who would resist the impulse to click on the link? If it turns out to be a disguised attack by a cyber criminal, the damage has already been done.

Especially work done from home, which has been advanced by corona, but also any other occasion for work outside of the company’s secured IT infrastructure, poses great dangers for IT security. Information technology departments are currently working at full speed to safeguard their employees’ laptops even when they’re working at their kitchen- or coffee table at home and connect to the Internet via their home WiFi. Especially at home, the temptation is often great to mix company systems and privately used solutions. “Employees should be careful to use only the approved computer and only the approved access points,” advises Ingo Legler, Manager for Information Security at DEKRA, and warns: “Even if something else works and is much simpler – it’s also much easier for hackers.”

Sensitizing Employees

For employees working from home, compliance with minimum standards of IT security is essential. Even the home office itself can prove problematic. The coffee table, where the rest of the family plays or watches TV, not only lacks the basic ergonomic requirements – but also those for IT security. “At the very least, home office users should categorically get into the habit of locking their computer when they leave it,” advises IT expert Legler. The Windows key plus L or the “three-finger salute” CTRL+ALT+DEL serve this purpose.

Ingo Legler, DEKRA IT expert. Photo: DEKRA/Daniel Hoffknecht

Ingo Legler has a whole range of other security tips that employees should take to heart in their home- or mobile office (see box). But his advice goes even further because threats to IT security don’t just have a technical level. “When it comes to data security, people are the biggest gateway for cyber criminals, and not even technology can reliably seal it off,” says the manager. He addresses the danger of so-called social engineering. It has long been one of the most successful attack techniques used by cyber criminals to circumvent security mechanisms by exploiting human weaknesses and collegial helpfulness. The previously mentioned email text is an example of such an approach. Another: How would you react to the following call? “Hello, this is Smith from the IT department. Due to home office regulations, we’re switching to stronger passwords. I’ll set that up for you. I need your current password, with which I’ll generate a new one to give to you.” Security-conscious users can guess: Revealing your current password turns the worst-case security scenario into reality. While the decoy keeps the employee busy on the phone for a few more minutes, his accomplice can dial into the company network from one desk away.

“People are the greatest gateway – but they can also be the greatest bulwark. If they’re attentive and know what they’re doing,” sums up DEKRA security expert Ingo Legler. This is why, especially in the current situation, it’s crucial that companies not only issue guidelines and technical security measures but also sensitize their employees to the risks and refresh their IT security training. “Beware of new acquaintances who show great interest in your work,” says Ingo Legler, emphasizing important content of such training courses. “The longer ago the training was held, the more the employees’ awareness of IT security rapidly decreases,” Legler knows. “Employers must therefore educate, educate, educate. Awareness is the be-all and end-all.”

Security Tips For Home Office Users

  • Have a healthy skepticism – towards emails but also towards calls from supposed colleagues that you don’t know personally and don’t recognize on the phone.
  • Leave everything as set by company support and make changes only after consulting IT support – even if you “know how to do it”.
  • Never transport data on unauthorized media (such as USB drives, HDD, SSD) or cloud services (Dropbox, OneDrive, Amazon Drive, iCloud). Do not connect USB drives of unknown origin, for example ones that are available at conferences, to the computer without checking them.
  • Passwords must be kept secure – preferably in your head. If you suspect that it has been hacked, change it (or have it changed) immediately in consultation with IT support.
  • Be careful with emails of unknown origin. Especially with unusual emails, always ask yourself: Am I a customer there? Did I buy something or have contact with them recently? What could the sender do with my data? If in doubt: Better get help from IT support.
  • It’s most secure to display email in plain text – i.e. in raw text format. That’s not very colorful, but it shows telltale links or planted HTML codes that lead to a dangerous page in the background or circumvent security mechanisms.
  • When checking Internet addresses, always read them from right to left: the web address https://amazon.payments.invoice.billig.panzerknacker.en doesn’t refer to an Amazon page, but to a (fictional) page of the Beagle Boys in Duckburg.
Related articles
 
Magazine Topics
 
Newsletter