Working safely at home | safety awareness in the home office

Working safely at home | safety awareness in the home office

Many authorities and organizations, but also companies, are currently in a kind of fast-paced digitalization process, because their employees and they themselves are now working from home - a situation for which only very few have been sufficiently prepared. A number of paper processes need to be digitized, and home office, BYOD and cloud applications offer enormous opportunities.

For everyone, however, this unfamiliar situation also means stress and change, as processes, technologies and behavior patterns are not yet established. In addition, this unusual situation will probably continue to exist.

This article will therefore attempt to provide an overview of how to make teleworking safe and use time and resources in the best possible way to guard against cyberthreats and poorer (broad) perimeter protection.

Now is the time to position yourself strategically and process-wise appropriately in order to be resilient to increased attack scenarios through decentralized working.

A small tip for handling:

If necessary, put a yes – done, a commotion – still open or a "not possible" at the end of each list item to get an overview and thus gain control and self-determination.

1. As bureaucratic as it sounds, binding and clear regulations concerning IT security and data security should be communicated in writing to all persons concerned in organizations at the latest now.

2. Clarify responsibilities and contact persons in the event of any loss of components and reporting channels. These communication channels should be known to all employees – and should be verifiable by them.

3. Employees should be encouraged to take certain safety measures themselves, even while working from home. These include physically securing the workplace against access, i.e. locking doors and locking screens. It is also advisable to cover the webcam on the computer or laptop and to position screens to prevent any outside view.

Decentralized working provides an ideal basis for various attack scenarios, from outdated technical infrastructure that is not secured by the company network, to unsecured routers and WLAN connections to unencrypted data media, to CEO fraud, ransomware and classic phishing mails. Employees have an increased need for information - at the same time; organizations must promote their security awareness.

4. Secure your home WLAN by changing the default administrator password, enabling WPA2 encryption and using a strong password. Instructions on strong passwords follow below.

5. Protect against attacks that aim to obtain information and data that contain references to passwords, bank accounts or access to systems and applications. Especially point out CEO Fraud.

Social engineering is one of the biggest risks in the home office, especially in times of dramatic change.

Attackers deceive and cheat in order to encourage employees to behave incorrectly. Email phishing is a partial aspect, but it is also important to be especially careful with phone calls, SMS, social media content and fake messages distributed via Messenger in corporate applications used for collaboration.

6. Use secure communication channels to access corporate resources. Use so-called Virtual Private Networks (VPN), which act as "intermediaries" to establish connections between the end device and the company network via a "secure tunnel".

7. Secure passwords additionally protect applications from unauthorized access. Establish complex and unique passwords and additionally use multi-factor authentication (MFA or 2FA).

Passphrases are good passwords because they are as long and complex as possible and use random words or phrases. We encrypt data media! or no cells-in-exel-connection are examples for this.

Both are strong, with many characters, easy to remember and type, but difficult to crack. Supplement them with symbols, numbers or capital letters. If a unique password is required for each of your required applications, a password manager is highly recommended, i.e. a program that stores passwords in a kind of safe and retrieves them automatically when needed - and unique passwords are always recommended.

Otherwise, an attacker will only need to successfully compromise one website you use to get all passwords, including yours, and then simply log on to all other accounts successfully. At haveibeenpwned.com you can quickly check whether this has already happened.

If you are using a password manager, it is best to protect it with a strong passphrase and a two-step verification.

8. Updated operating systems, web applications and apps: Make sure that the technologies you use are up to date and that updates carried out regularly. Employees should always work with the latest system version.

Recommended, further information

  • The Federal Office for Information Security (BSI) has made measures available for download as PDF files.
  • Alexei Balaganski, Lead Analyst at KuppingerCole, has summarized current developments under the title "Ransomware during the pandemic crisis".

Запросить информацию

У вас есть вопросы или вам нужна дополнительная информация? Просто заполните эту форму, и мы свяжемся с вами в ближайшее время..

Я хочу получать информацию от Rohde & Schwarz по

Согласие на получение маркетинговых материалов

Что именно это означает?

Я соглашаюсь с тем, что ROHDE & SCHWARZ GmbH & Co. KG и предприятие ROHDE & SCHWARZ или его дочерняя компания, указанная на данном Веб-сайте, может обращаться ко мне выбранным способом (по электронной или обычной почте) с целью маркетинга и рекламы (например, сообщения о специальных предложениях и скидках), относящейся в числе прочего к продуктам и решениям в области контрольно-измерительной техники, защищенной связи, мониторинга и тестирования сети, вещания и средств массовой информации, а также кибербезопасности.

Ваши права

Настоящее заявление о согласии может быть в любое время отозвано путем отправки электронного письма с темой «Unsubscribe» (отказ от подписки на рассылку) по адресу: news@rohde-schwarz.com.Кроме этого, в каждом отправляемом вам письме имеется ссылка на отказ от подписки на рассылку будущих рекламных материалов.Дополнительная информация об использовании персональных данных и процедуре отказа от их использования содержится в Положении о конфиденциальности.

Обязательное поле Предоставляя свои персональные данные, я подтверждаю их достоверность и свое согласие на их обработку Обществом с ограниченной ответственностью «РОДЕ и ШВАРЦ РУС» (ОГРН 1047796710389, ИНН 7710557825, находящемуся по адресу: Москва, Нахимовский проспект, 58) в следующем объеме и следующими способами: обработку с использованием средств автоматизации и без таковых, сбор, систематизацию, классификацию, накопление, хранение, уточнение, обновление, изменение, шифрование с помощью любых средств защиты, включая криптографическую, запись на электронные носители, составление и переработку перечней и информационных систем, включающих мои персональные данные, маркировку, раскрытие, трансграничную передачу моих персональных данных, том числе, на территории стран всего мира, передачу с использованием средств электронной почты и/или эцп, в том числе, передачу с использованием интернет-ресурсов, а также обезличивание, блокирование, уничтожение, передачу в государственные органы в случаях, предусмотренных законодательством, использование иными способами, необходимыми для обработки, но не поименованными выше до момента ликвидации / реорганизации Компании либо до моего отзыва настоящего согласия.

Ваш запрос отправлен. Мы свяжемся с вами в ближайшее время.
An error is occurred, please try it again later.