Business as Usual under COVID-19 with Sound “Work from Home” Cyber Security
With the COVID-19 pandemic worsening again, many companies have arranged their staff to work from home (WFH) to reduce the risk of spreading the disease in the community. In light of this development, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) would use this opportunity again to offer some security tips on WFH for companies and their employees:
- Never Share the Work Device’s Account with Others
Many people would share the use of network devices at home with their family members, especially computers. But when using these devices to perform office work, the user should create a new account together with another set of passwords in order to ensure the files in that account cannot be accessed by other users. This will not only improve the system security, but also prevent important files from being arbitrarily read or accidentally deleted by others. Remember to sign out upon the completion of the work.
Besides, users should activate the Two-factor Authentication (2FA) / Multiple-factor Authentication (MFA) features for accounts and do not use the same password among work and personal accounts (e.g. company’s systems, email, social media platforms, etc.) to reduce the risk of account compromise.
- Ensure Privacy in the Working Environment and Information Security
It is very common for people to ignore what is happening around them when focusing on their own tasks. Therefore, it would be the best for them to work in a closed area alone, especially when entering passwords or viewing confidential documents, and use a privacy screen filter. They must also stay vigilant.
Before starting to use a personal computer for work, the following security preparation needs to be undertaken:
- Install firewall to avoid direct Internet connection. If not available, a home broadband router is minimal;
- Install anti-malware software and perform a comprehensive security scan; and
- Perform regular system updates and install patches.
Additionally, proper security measures should be in place for online meetings.
- Ensure Wi-Fi Connection is Secured
The security of home Wi-Fi network is also important. Those working at home should take the following measures to ensure its secure use:
- Change the default login name and password of the router;
- Upgrade the firmware to the latest version;
- Check the status of the currently connected devices and confirm there is no suspicious device; and
- Use the latest security protocol WPA3. If the router does not support it, the more common WPA2 can be used; and
- Disable the auto-connect function of the Wi-Fi network and ensure the workstations are linked to the correct network.
If required to work away from home, try to avoid connecting to public Wi-Fi, and use the hotspot sharing function of the mobile phone for Internet access instead.
- Protect Data
Employees should back up data to company servers or cloud storage provided by the company for central backup purpose. If the data have to be stored in personal computers, employees should ensure those sensitive data are encrypted and backed up to prevent information leakages.
- Increase Awareness against Cyber Attacks
In general, home network is less secure than company one. Hackers will send phishing emails, websites, SMS, etc, pretending to be officials to deliver fake business email or epidemic information, in order to lure users to download malwares or provide sensitive information. Users should always stay vigilant.
- Strictly Comply with Company Information Security Guidelines
Employees should obtain the company’s information security guidelines and follow them strictly. If any suspicious activity is spotted on the computer, employees should disconnect from company network immediately, report to the IT administrator and ask for assistance.
- Update and Monitor Systems
IT administrators should:
- Update all system software in a timely manner to prevent hackers from intruding through system vulnerabilities; and
- Develop log monitoring and alert mechanism to monitor any irregularities or suspicious activities.
- Adopt secure authentication methods
Systems (especially for those supporting remote access service) should adopt the secure authentication methods and follow the least user privilege principle:
- Set up 2FA/MFA as user authentication method. Avoid using remote access tool which does not support this kind of security feature;
- Ensure each employee can only access the necessary systems assigned. Review the user accounts of the system to check whether the account is obsolete and excessive privilege is removed; and
- Log all user logon activities, including event of logon failure, logon in non-office hour and from suspicious region (e.g. overseas IP address), etc.
- Review Information Security Policy
Regularly review and update the organisation’s information security policies to guide the employees to deal with the latest cyber threats; and
- Provision of mobile work devices
Resources permitting, provide mobile work devices with appropriate security measures for WFH employees.
Please click here for detailed WFH-related cyber security guides.