How to Work From Home and Stay Safe

Start X — Fri, 27 Mar 2020 16:15:43 +0300

In recent weeks, many of us have had to readjust our work styles to a new format: to work at home or outside the office.

While our security departments are busy preparing secure communication channels and other infrastructure, no one is helping answer simple but important questions:

1. How can we work safely in these new conditions?
2. What are the main safety rules we need to know and follow?
3. What do we need to know to work efficiently, and not to not become a scam victim of scammers?

In this article, we identify ten key recommendations that will help you, your colleagues, and loved ones work remotely, out of the office, and stay safe.

Sergey Voldohin
author

Andrey Zharkevich
editor

— It’s obvious!

Our tips may seem obvious for advanced users and security professionals.

If you are responsible for security processes, take a look at the end of the article to learn how to set up a regular security awareness process for your employees.

1. Your computer and workplace

1.1 Ideally, if you have a corporate laptop: only use this laptop. If you have to use a personal device, make sure that only you will use it for the entire period if you choose working remotely.

1.2 Lock your computer every time you leave your workplace, even if this place is your room.

1.3 Do not plug in someone else’s flash drives or other USB device to your computer, even if you’re really curious. Curiosity killed the cat, you know.

1.4 If you have to work in a public place, check your surroundings. This is especially important when working with confidential information or entering a password. Do not let strangers stand behind you.

2. Passwords and access

2.1 Learn to choose and set a strong password, even on your personal computer.

2.2 Use different passwords for different services/applications. To help you manage your passwords use a password manager.

2.3 Enable two-factor authentication on all services/applications that you use.

3. Secure Internet access

3.1 Do not connect to unfamiliar wireless networks: it’s better to use your mobile phone as a hotspot and connect to the internet that way Internet.

3.2 Use your corporate VPN whenever possible.

4. Software updates

4.1 Check that your antivirus, operating system, browser, and other applications are updated regularly.

4.2 Protect your browser.

4.3 Do not download or run suspicious files from the Internet, even if they look like updates.

5. Updating mobile devices

Check and enable automatic updates on your mobile devices.

6. Applications and messengers

6.1 Do not install suspicious applications.

6.2 Do not click unknown links on your smartphone.

7. Suspicious situations

7.1 Check with your security team who you can call or write to if you suspect something suspicious or an incident.

7.2 Inform your security team of everything that seems suspicious. If you see something, say something.

8. Countering fraudsters

8.1 Learn to recognize the emotions that scammers try to evoke: fear, greed, curiosity, and others.

8.2 Remember that these emotions turn off critical thinking. As a result, you can perform an action that you would not normally perform.

8.3 Report to your security department/service everything that seems suspicious.
Read the article: What you need to know about phishing.

9. Safe website browsing

9.1 The address of any website where you enter a password should begin with HTTPS.

9.2 If you see an HTTPS error or something suspicious, do not enter your username or password on such a website.

10. Safe use of email, links, and files

10.1 Fraudsters can impersonate your colleagues, partners, and managers. Feel free to call back those people from whom an email or even a message in your messenger supposedly came. When working remotely, you cannot approach a colleague in person, however, you must make sure that it is he or she who writes to you.

10.2 Learn to distinguish fraudulent emails from real ones.

10.3 Learn to check links and attached files in emails, on websites, and messaging apps.

Read the article: How to distinguish a phishing email.

To security teams

To organize regular remote learning for your employees, as well as the process of employee security awareness training—fill out the form on the website or write to us and start the process within the next business day.

Блог Start X: заметки с тегом awareness