Editor's Note: We're republishing this article because we've added an update below, featuring more information from a live webinar we held on April 3, 2020. In this addendum, you'll also find a link to additional content on another top-of-mind security subject in the current landscape: the use of Zoom video conferencing software.
As whole teams move from collocated offices to remote work arrangements in the midst of the COVID-19 crisis, maintaining continuity in security best practices cannot fall by the wayside.
Keeping sensitive data protected when you and your colleagues are no longer using the same network to access it requires vigilance and teamwork. However, securing at-home networks—which can be implemented by any individual, not just the experts—can support your commitment to safeguarding that data on an ongoing basis.
Calder7, Relativity’s security team, has put together a list of these tactics to help members of our community build a fortress around their most sensitive data, even as it’s being accessed by widespread employees.
Take a look at the full list here, and please share it with your colleagues to encourage broad adoption of these precautions. In the meantime, here’s a shortlist of things to consider as you get started.
1. Configure Your Devices
The tools you use to access sensitive data need to be thoughtfully maintained. That includes documenting which devices you use for work, keeping all software updated with the latest defenses, and sticking to basic best practices around concepts like password hygiene and leveraging biometrics where possible.
Any device that’s connected to the internet is vulnerable to attack by bad actors. Do not make those attacks easier by taking a relaxed approach to device security. Working in physical isolation doesn’t make your devices any safer. If one of your devices may have been compromised, be sure to double—even triple—check that it’s clean before you reconnect it to the internet. Run multiple scans and ask for help to ensure the best defenses are in place.
2. Configure Your Network
At the office, your company’s IT team are the experts in setting up your network defensively and ensuring it remains as impenetrable as possible. At home, that task falls to you.
Precautionary steps in this area can be extremely simple (giving your WiFi network a non-default name and password or ensuring your router has a proper encryption protocol in place come to mind). They can also be more complex—for example, you might want to set up your work devices to connect to a different network than any personal or Internet of Things devices you’ve got at home. Your wireless network can also be configured to allow only authorized access to your home internet at all. And you may need to consider the use of VPNs.
3. Configure Your Behavior
Out of the mindset of going to the office every day, and feeling comfortable in your home environment, you may find yourself falling out of the habit of working with a security mindset. Beware of this complacency. It can be damaging.
Remain vigilant about keeping your devices locked, using caution while browsing the internet and clicking links, and accessing business data with your personal devices while you’re working from home. Without the safety net of your IT team’s closely guarded network to catch you if you make a misstep, your everyday choices require more caution than ever.
Don’t Be an Island
In addition to working with security in mind, you shouldn’t allow your physical isolation to separate you from the resources at your company’s disposal. Right now can feel we have built walls—“A fortress deep and mighty.” Instead, I encourage us to keep in touch with our teams’ IT and security experts to ensure we’re implementing the best practices they recommend. You should also alert those teams immediately if you think your data or devices have been compromised. Time is of the essence when it comes to warding off or resolving a potential breach.
Don’t forget to share our tips with your in-house experts and your other colleagues.
Update as of April 9, 2020
We held a live conversation on April 3, focused on this subject and what first steps you should take toward securing your home network as you work remotely during the current crisis and beyond. Please visit this link to watch a recording of that conversation.
Here are a few of the top questions we received, as well as their answers:
Should I be configuring my router if I rent it from my internet provider, or can I assume they're implementing these security practices for me?
I would not assume anyone else is doing this on your behalf, even if your equipment is leased from your internet provider. Get comfortable configuring these settings on your own (though you may need to review your contract to be sure doing so is within the terms of your rental).
Do you recommend using a password management tool?
Absolutely; I use one myself. It can be a secure way not just to prevent you from forgetting your passwords, but also to generate more secure passwords for different websites you visit.
How can I make sure others in my household are on board with these precautions?
It may not be easy to tell everyone in your house that you're changing the WiFi password (again), or that certain devices are being set up not to talk to each other. But spreading awareness and sharing why these steps are the smarter way of operating can help. Make sure you're presenting these new "rules" consistently, and try to make it fun in small ways (trivia, anyone?).
You may also be hearing a lot of news about security and privacy concerns surrounding the use of Zoom, a popular video conferencing software. At Relativity, we use Zoom on a daily basis. We are vigilant about ensuring we are using the most current version of the application, as well as applying additional security controls that help protect our customers, employees, and company from cyber threats.
Please take a look at this article on the Relativity Community site for more information on this subject, including advice on how to use this application more securely.
Amanda Fennell is chief security officer at Relativity. In her role, Amanda is responsible for championing and directing security strategy in risk management and compliance practices. She has a master’s degree in forensic science and more than a decade of experience in forensics and cybersecurity.