The trusted home has also become an office, not least because of the pandemic. To the delight of cybercriminals. Fortunately, there are a few countermeasures that help at least minimize an attack on the home office. […]
The prescribed measures to combat the Covid-19 pandemic have brought about an unparalleled home office boom in Germany and worldwide. Companies, large or small, were forced to provide remote access for employees. For example, small and medium – sized enterprises (SMEs) faced a wave of home and teleworking. After an average of 10 percent of employees worked primarily from home at the beginning of 2020, almost four times as many did during the lockdown.
Although the numbers fell again after the lockdown, with 16 percent of employees in the home office, the proportion has increased by 60 percent compared to the beginning of 2020. A study by the market research institute GFS-Zurich came to this conclusion at the end of 2020.
Home office boom enlarges target
With such a rush to telecommuting, not only the infrastructure is in demand. It also opens up completely new and enlarged attack areas for cybercriminals.
And the risks associated with home office operations are underestimated by many, as the SME survey by JRC also shows. This is despite the fact that a quarter of Swiss SMEs have already been victims of a serious cyber attack. Such an attack can have serious consequences: Of the approximately 38,250 SMEs attacked throughout Switzerland, around one third (12,930 SMEs) suffered financial damage and one in ten attacks resulted in reputational damage and/or loss of customer data.
In view of these figures, preventive measures are taken too rarely: despite the frequent cyber attacks, only one in two SMEs has an emergency plan for ensuring business continuity and around two thirds do not carry out regular employee training or have implemented a security concept in the company.
Finally, the study shows that too little attention is paid to the topic of” human risk factor”. just under half (47 percent) of CEOs said they were well informed about security-related topics. Even more drastic is the lack of awareness of becoming a victim of a cyber attack: Only just 11 percent consider the risk of being incapacitated for a day by a cyber attack to be great.
In terms of safety at home, there is therefore a lot to do. With a few basic security measures, the danger can not be completely eliminated, but limited. From the many precautions that official bodies and IT security companies propagate (see box at the end), we have compiled the most important and powerful measures-both for end users and for companies.
Only separating food: Whenever possible, separate devices for business and personal use should be used. Meanwhile, many companies have equipped their employees with mobile PCs. At least this proves the real notebook boom last year. If separate devices are not available, a separate user account should be set up on the device, at least for private and business purposes. This is the only way to prevent delicate material from changing sides. In addition, the separation of the two areas of life is also recommended for maintaining a healthy work-life balance.
Use VPN: Access to company resources – but of course also private surfing on the web – should be via a virtual private network (VPN). An encrypted “communication tunnel” is created between the terminal and the company network or web services. Larger companies usually operate the VPN on the server side and provide the employees with client software. If not, there are a number of VPN providers. Critically, one should consider free services in this regard. These offers usually have a catch: In the best case, they offer the free variant with insufficient bandwidth, in the worst case, the users are literally spied on by the service provider, for example by recording the surfing behavior.
Multiple Authentication: The login only with username and password carries many risks, especially since in many places the simplest and sometimes repetitive passwords are still used. Such combinations hackers can usually crack in seconds. Therefore, whenever possible, two-factor authentication (2FA) should be used, which is often referred to as multi-factor authentication (MFA). The underlying principle: In addition to the user name and password, a one-time code is required to log in to the company or web service. This one-time code can be sent via SMS, generated in a corresponding app on the user’s smartphone or sent as a push message with a yes/no query. In addition, authentication hardware that is connected to the computer via USB can also be used.
Encrypt: Not only should the company data be encrypted when connecting to the outside, the locally stored files should also be stored in encrypted form. For Windows computers, the included program BitLocker can be used, for Macs the application FileVault fulfills the same purpose.
Update: What applies to the private computer is even more important for the business PC used in the home office: The operating system and all programs used should always be provided with the latest updates. By the way, this process can be automated both with the OS and with most of the programs used, such as the browser, so that the system components are usually up to date.
Regular backups: Especially in times of rampant ransomware attacks, it is all the more important that the data is regularly stored on other data carriers both on the part of the employee and at the company. End users can also use cloud storage services, which usually have the option of synchronizing the files between the computer and the data cloud. But even then, regular backups to a USB stick or an external hard drive are recommended. Care should be taken to ensure that the data carrier is disconnected from the system after the backup process. In most cases, ransomware encrypts all storage media accessible from the system.
Stay alert: In the home office you are at home. Nevertheless, care should also be taken here that no company data and information is disclosed. Thus, when setting up the workplace, care should be taken to ensure that the screen can not be viewed by neighbors or passers-by. If this is not possible, it is advisable to use a special screen film that protects its contents from foreign (side)views. This is also helpful if you are often traveling by public transport.
In addition, the screen should also be locked in the home office when leaving the workplace. Even documents and printouts should not be lying around, if you want to avoid that they do not accidentally disappear in the child’s school desk. Finally, vigilance is also called for during telephone calls and video conferences. No one should be able to listen to this, be it a family member or the curious neighbor.
It can also work safely in the home office. At least with a few simple tricks you can increase the security level so much that hackers prefer to pre-button someone else who also works in the home office and has taken fewer security precautions.