IT security when working from home: How to protect sensitive data reliably

Working from home is something many of us – employees and workers – have dreamed about. However, it’s something that hackers and digital miscreants dream about, too. As comfortable as it might be to work at your own computer dressed however you prefer, the issue of IT security raises some critical questions. The following blog post will highlight the risks and explain how you can make the most of working remotely while at the same time keeping safe.

Your smart business suit is hanging in the closet, that tiresome commute is no longer necessary, and you have the coffee machine all to yourself. At first glance, working from home has many advantages. And even at second glance, you can see that telecommuting has great potential – even after the coronavirus pandemic and forced lockdowns are a thing of the past.

Work productivity increases by 13% thanks to remote working

A study from Stanford has shown that working remotely increases employees’ performance by 13%. And a survey from IT specialist Buffer with 2,500 participants found the following: 99% of all respondents appreciate the opportunity to work from home, with flexible time management cited as the greatest benefit. The findings so far seem to indicate that working from a home office leads to a classic win-win situation – both for companies and for employees. But hopefully not for cybercriminals.

If you have a door, you also need a lock

This is, after all, the greatest difference between working from home and at the office. People who work at home are no doubt working in a safe environment with the actual doors locked, but the state of their computer is usually quite different. There are many doors open there, and what is well encrypted within a company setting – such as digital infrastructure and various access options – usually has inadequate security within your own four walls. Some readers may give a shrug at this point, since not every mundane e-mail attracts the attention of predatory online criminals.

Nevertheless, based on our company’s own translation work, we know that we deal with “confidential documents” on almost a daily basis: important stock market information, translations of patents or detailed operating instructions for sensitive goods. And the same goes for these documents as for the majority of information. Everything must be absolutely secure! Or, to put it another way, if you have a door, you also need a lock. It’s not any different in the digital world than in your own home.

Security 101: 3 tips for working remotely from home

The good news is that it is possible to set up adequate IT security in your home office, and some measures are easy to implement. Herbert Spettel from CSF Computer Solutions Facility AG stated the following when addressing the subject of data security: “The human element remains the greatest risk to IT security. This means it is crucial to sensitize employees to this topic and familiarise them with the right tools for ensuring data security.” According to the IT expert from CSF, when it comes down to it, installing locks is smart – but only if they are actually used. The following blog will introduce you to the three key ways you can increase IT security at your home workplace.

Tip 1: A clean desk policy

Start simple. This applies to your digital home office as well, so our first tip can be implemented by anyone and is based on a clean desk policy. More specifically, this means that you: – Ensure that your screen is not visible from outside. – Do not leave important documents simply lying in the printer tray, and never dispose of them without shredding them first. – Always secure electronic devices with a password – even when taking a short break or heading to the loo. – Lock important documents, USB sticks and hard drives in a drawer or cabinet. And don’t forget to remove the key! Otherwise all your efforts are in vain.

• Ensure that your screen is not visible from outside.
• Do not leave important documents simply lying in the printer tray, and never dispose of them without shredding them first.
• Always secure electronic devices with a password – even when taking a short break or heading to the loo.
• – Lock important documents, USB sticks and hard drives in a drawer or cabinet. And don’t forget to remove the key! Otherwise all your efforts are in vain.

Tip 2: Keep an eye out for phishers

Malware and phishing attacks are always a problem, but such criminal activity has increased significantly during the coronavirus crisis. However, you can protect yourself against phishing attempts in particular with the following tips, for example:

• Never open any attachments or links in e-mails from unknown senders.
• Do not open any private e-mails while using a company computer. Otherwise, malware can be downloaded into the company network despite a VPN.
• Before opening e-mails, always check the sender’s domain – especially when the subject line refers to the coronavirus.
• Be careful when answering phone calls. Social engineering attacks are very popular in times of crisis – even ones pretending to be on behalf of your CEO or board of directors. Therefore, never give out your banking information, personal details or passwords over the telephone.
• Use a cable (LAN) to access the internet, if possible, because WLAN connections are not only much less secure, but in many cases can also be slower and more susceptible to interruptions.
• Always have the latest virus protection activated on your computer, and ensure that your operating system has the latest updates at all times.

Tip 3: Invest in professional IT infrastructure

Tips 1 and 2 are easily implemented and very user-oriented. However, IT security becomes even more relevant with regard to digital infrastructure for companies. The following list shows what this infrastructure can look like, although we are certainly aware that sustainable, future-proof identity and access management cannot be covered with a few bullet points, but rather requires in-depth technological expertise.

• Set up VPN networks (Virtual Private Network) and password-protected terminal servers.
• Instead of relying on one-time passwords, implement two-factor authentication, which requires a second identifying feature (such as an mTAN code or a fingerprint on a smartphone).
• Install high-performing firewalls that protect the company network as well as individual computers.
• Rely on strong encryption. This should safeguard your hard drives as well as secure your back-ups. The advantage is that it is very difficult for ransomware to gain access to encrypted systems.
• Make your employees aware of the vulnerabilities of Zoom, Skype and Co. because providers of online meeting software are able to evaluate your data, which is why confidential meetings should only be conducted via your company’s own infrastructure.
• And last but not least, set clear guidelines for your employees and provide appropriate training beforehand. Employees should also know whom they can contact in your IT department if they encounter problems.

In summary, working from home is the way of the future – if you’re careful!

Always having all your employees in one place was how work was conducted in the past. However, what was once the rule is completely different today. Smartphones have evolved into a common work tool, our teams are spread all over the world, and anyone who wants to lock up digital natives in brick-and-mortar offices would probably have to threaten young employees with coercive measures or brandish instruments of torture.

Conversely, this means that telecommuting is a tremendous opportunity because it increases productivity, raises employee satisfaction and has a positive effect on the environment, as demonstrated so clearly during the spring of 2020. Nevertheless, opportunity and risk always go hand in hand. The security risks can be well managed, however, by using our tips above, for example, or by contacting our partner CSF for further assistance. These IT experts from Basel are not only specialists for secured workplaces at SMEs, but are also responsible for the IT security of our own language services. Furthermore, they are ISO/IEC 27001 certified and thus adhere to the highest security requirements – an advantage that many of our clients value most particularly during these uncertain times.