A checklist with the most important requirements for working safely from home
The coronavirus (COVID-19) arrived in Switzerland a couple of weeks ago. To protect employees, many companies request that they work from home if possible.
The majority of the companies was or is limited to home office – keyword infrastructures, processes, etc. Organizations of all sizes and sectors. They are therefore easily vulnerable targets for cyber criminals.
What is necessary for the health of employees can therefore pose a threat without the appropriate precautionary measures for the IT infrastructure, systems and information of the company.
But who wants a system lockdown in addition to corona lockdown?
Hackers and criminals are inspired by such tragic events and often try to profit from them. The following examples have shown this even in times of COVID-19:
• Fake emails on behalf of the Federal Office of Public Health (FOPH) https://www.melani.admin.ch/melani/de/home/dokumentation/newsletter/ fake-emails-on-behalf-of-the-bag.html
• Phishing emails based on COVID-19
• Malware infections based on information about COVID-19; especially by spreading a popular map application that is said to show where new corona cases have surfaced.
• The U.S. Department of Health fell victim to a cyber attack when the government tried to respond to COVID-19.
PRECAUTIONS FOR EMPLOYEES
The design of the workspace in the home office
- Select the screen position so that nobody – neither family members nor strangers (e.g. the neighbor through the window front) – can view information unhindered.
- If necessary, use a privacy filter. (Also recommended for working on the go.)
- Company devices (desktop, laptop and cell phone) should not be made accessible to children or other family members (NDAs also apply in the home office!).
- Make sure your private Wi-Fi connection is secure. Most Wi-Fi connections are properly secured; however, older installations, in particular, can have vulnerabilities, which means that nearby people may be able to spy on the traffic.
Behavior in home office
- Activate the screen lock every time the device is exited.
- Do not send sensitive data unencrypted or unprotected via email.
- Do not send business information through private email accounts.
- Do not leave any information lying around in the home office, e.g. printed documents. Any data / information should be protected from family members.
Telephone / video conference from the home office
- Mute the microphone when not in use.
- Only use a headset, headphones or a smartphone to make calls. Do not use the loudspeaker in the laptop.
- Camera deactivated by default and, if possible, always covered. This not only conserves bandwidth, but also prevents sensitive information from being viewed.
- Do not leave the workplace during an active telephone / video conference.
- No conversations – no matter whether conference or telephone – have an open air (balcony / public).
- Be careful with screen sharing. Pay attention to what content you make visible to other participants.
Security awareness! Data protection also applies in the home office (data privacy).
- Particularly important at the moment: warn employees about the dangers of phishing, because various phishing emails are circulating in connection with the corona virus.
- Access data may not be shared.
- Devices of the employer are reserved for activities in the home office.
- Private surfing on the Internet or streaming music and films are prohibited. (Risk of malware infection and unnecessary waste of bandwidth)
- Malware infections must be reported to IT support immediately.
- Make sure virus protection is installed, enabled, and fully updated.
- Set a backup strategy and don’t forget the following: All important files should be backed up regularly. Imagine that you are the victim of a ransomware attack and all of your files are encrypted. Should you pay the ransom note or not? Without (offline) backup a difficult question.
- Make sure that you use a secure connection to your work environment, e.g. VPN or VDI with MFA.
INFORMATION FOR MANAGEMENT
Especially for employees who often work in the home office, the management has to be present from a distance. Of course, the same applies even more in exceptional situations such as the current corona virus. The following tips will help:
- 1. Communicate regularly with employees:
a. About the status quo / news
b. About the measures that are / have been taken
c. About the proper handling of problems
d. Inform about emergency procedures, opening times and reporting channels
- Clear the build of SECURE remote access solutions (Remote access solutions) an appropriate priority for home office. Employers should at least provide MFA and secure access (essentially encryption).
- Provide virtual solutions, e.g. the use of electronic signatures and virtual approval workflows to to ensure continuous functionality.
- Ensure adequate support in the event of problems. Special rotation / shift plans for the personnel may have to be drawn up for this.
- Define a clear procedure to be followed in a security incident.
- Consider limiting access to sensitive systems where this is reasonable and possible.
The BAG recommends that employees in the current situation avoid direct collaboration or the shared use of rooms. Social distancing is extremely important to slow the spread of the virus! Help protect your employees.
Thank you Uwe Sujata from Lebens-Energie for the detailed information