Work from home (WFH) is the new normal. The covid19 pandemic, has thrown everyone, across the world into a struggle (and challenge) for survival. While we stand up to the challenge, we have to set our rules for WFH, with cybersecurity safeguards.
11. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
7 Months Later
• We (workers) are not so happy
with WFH because
• Long and uncontrolled work
hours
• Domestic issues
• Work environment may not be
friendly… etc
• We, (Employers) are happy
because
• Situation has shown WFH works
and employees work
• Business model is being re-
designed for BIG financial saving
• Productivity levels and unlimited
availability of workforce… etc
12. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
The Present Situation
• All employers were FORCED to send employees home and ask them
to work from home
• All Employees rejoiced ! Now they have finally got what they had
been asking for! For a long time !! (But… it was against company
policy or only for senior management)
• Working from home is being called the new normal … to make
everyone happy !
• From the information security standpoint – the threat surface has
increased, new risks have cropped up, the responsibility for secure
working is greater
13. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
Crackers
(Malicious
Hackers), Cyber
criminals are
happy
• Plenty of targets
• Weak defenses
• Thousands of paths
• Multiple points at home
• Users not in controlled environment
• Social engineering will work taking
advantage of loneliness and
psychological weaknesses
• Easy spear phishing / whaling
• Exploit corona virus FUD factor,
fake news, information overload
14. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
Cyber criminals are opportunistic
and will look to exploit fears, and
this has undoubtedly been the case
with the Coronavirus outbreak
15. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
A Target
Without
Boundaries
Stay Safe… Don’t Become One
16. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
Target
Without
Boundaries
Stay Safe… Don’t Become One
17. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
Securing
Yourself – Your
Workspace &
Workplace
18. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
Secure Yourself – Your Workspace (place)
• Hide the wall, shelves, utensils behind you with a backdrop
• Light up the desk and shut down from behind you. Poorly lit video
calls are not good
19. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
Secure Yourself – YOU & YOUR NEW NORMAL
• Obtain and keep a list of names, phone numbers, email
and WhatsApp, so you have the correct contact
coordinates for HoD, TL’s and team members from your
department, and the following:
• Stay alert for out-of-the ordinary events when browsing,
working on your computer, phone calls etc
• If you fall victim report it to your IT / IS support
immediately
• IT
• IS
• BC/DR
• HR
• Admin
• Finance
• HelpDesk
• Legal
• Police
• Fire
• Courier
• Taxi
20. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
Secure Yourself – Your Workspace (place)
• Keep a workspace / place which is quiet and private
• If not possible, keep your self on mute always!
• Clear and clean desk … de-clutter
• Consider addition of a monitor and UPS to your home office
• Secure your wifi (whitelist all devices, set a strong pwd)
• For your official computer - set a password and lockout screen
• Get a good ergonomic chair – you are going to be sitting in a
chair much more than you ever sat in office!
21. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
Secure Yourself – Your Workspace (place)
• Wear a decent shirt always before starting your work day
• Keep a glass of water nearby
• Educating family members about life in the new normal !
• Discuss and share the rules of working with all family
members
• Tell them what your employer expects and request their
help
• Keep children, adults, water and food away from your
workspace
• Do not have your meals at your workstation and do not eat
when on a call
22. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
Securing
Yourself – Your
Devices
23. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
Secure Yourself – Your Device(s)
• Your ant-virus, system updates should happen automatically (if
configured so by your IT team) do not stop the process
• Do not install any software (crack, freeware, unlicensed), pirated
movies, or download pirated books, images
• Stay away from torrents, dark web, ecomm and free download sites
• So not click any links in emails (or website) – Stop, Read, Verify, Click
• Make sure your device is configured securely by the IT team and has
all the authorized applications
• Do not plug in any other devices or USB into your official device
• Keep access to yourself and do not use for any domestic work
24. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
Securing
Yourself –
Communication
Channels
25. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
Secure Yourself – Communication Channels
• Get a good mic and headset … test it to see it works good with your
video conferencing application
• Try to get a noise cancelling headset (does not matter whether it is
children playing around, there are a bit too many noises in or
environment)
• Consider purchasing a webcam and a bright table lamp so that your
video quality is good
26. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
Secure Yourself – Communication Channels
• Upgrade your broadband
connection
• Subscribe to a good data plan –
keep this as a backup to your
broadband connection
• Walk around your home to see
where you get the best
cellphone signal so you know
where you should be if you are
on a phone call
• Do not trust emails with links
claiming to have important
updates (bogus links may lead to
devices being infected)
• Do not share company
information with anyone who
calls you or connects on social
media
• Remember email, phone
numbers, voice can be spoofed
• When asked for such
information, hang up and call
back (use the phone numbers in
your Comm list)
28. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
Secure Yourself – Your Work
• Make sure your anti virus is working and updated
• Allow your system update to happen, do not postpone
• Save your work with passwords
• Save to your official cloud space
• If you are an independent person working from home, back up to
an external device periodically (weekly?)
• Change settings on your office applications to save your work in real
time or every 5 minutes (or less)
• Be extra vigilant – do not open attachments from unknown sources,
forward to IT/IS team
29. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
Securing
Yourself –
Mind Body & Soul
30. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
• Take a break from your chair
• Live by the clock (does 9 to 5
work? Make it work, draw the
line)
• Meditate, pray, paint, sing,
chores, play music, carrom,
scrabble.. whatever … keep
your life intact
• Exercise, walk, cycle, climb
stairs
• Meals with family
• Go slow on TV shows, movies
Secure Yourself – Your Body, Mind & Soul
32. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
Employer Support Obligations
• Set work timings and dissuade
late evening meetings
• Provide video conferencing
account
• Communication protocol – ask
the person to call back (do not
feel offended if the person does
not share information and insists
on calling back)
• Personalized Communication
Directory with names etc
• WFH code of conduct and Policy
• Acceptable Use policy and
procedure for WFH assets, VPN
• BCP and DR procedure for WFH
• Advisories, Awareness training
• Employee inclusion programs
• Company announcements, and
new successes … etc
Provide Policies and Procedures that include
34. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
ABOUT ME
MY CONTACT
INFORMATION
Information Security professional
working hard to stay abreast of
technology, risks, threats,
opportunities and looks forward
to the excitement of the future..
E dinesh@opensecurityalliance.org
@bizsprite
L: linkedin.com/in/dineshbareja
+91.9769890505
dineshobareja
dineshobareja
opensecurityalliance.org
dineshbareja.com
36. WFH Cybersecurity Basics For Employees and Employers
04 Nov 2020
This document has been created by IndiaWatch., Open Security Alliance., Dinesh O Bareja, EzRisk and
released in the public domain under Creative Commons License (Attribution- Noncommercial 2.5 India)
http://creativecommons.org/licenses/by-nc-sa/2.5/in/
Disclaimer and Copyright
The information and practices listed in this document are provided as is and for guidance purposes only and should not be construed
to be a standard (unless mentioned otherwise). Readers are urged to make informed decisions before adopting the information given
in this document.
The author(s) may not be held responsible, or liable, in any event and for any issues arising out of the use of the information and / or
guidelines included in this document. Further, we do not give any warranty on accuracy, completeness, functionality, usefulness or
other assurances as to the content in the document. We disclaim all responsibility for any losses, damage caused or attributed, directly
or indirectly, from reliance on and the use of such information.
Readers are welcome to provide feedback to the authors using the contact information provided in this document. This document has
been prepared for general public distribution so all animations have been converted to static images.
Graphics and images are usually obtained from the internet with every effort being made to ensure they are from royalty-free sources;
other images are usually acknowledged by us. Errors may be expected in this practice, however, this is not intentional. - we respect
creative rights and request owner(s) to inform us of any inadvertent omission. Trademarks or companies may be displayed, or
mentioned, with the purpose of establishing a point or for better understanding and we do not claim any exclusivity or relationship
with their respective owners.