The Coronavirus is not bad for everyone. VPN providers and products, internet service providers, SaaS video-conferencing and two-factor providers and products companies must be booming currently.
And for many adults, working at home some of the time is a dream, but for the foreseeable future - with the potential of homeschooling children at the same time - the novelty will soon wear off.
Remote working has its cyber security dangers, so here are some useful tips to keep you secure remotely at this time.
1. VPN capacity
Virtual private networks and video-conferencing are in hot demand and this demand will only increase. As we saw in the news, Microsoft Teams and Cisco’s WebEx, to name a few, struggled last week.
Make sure your VPN or UTM (unified threat management) device has enough capacity in two parts:
-
enough CPU/RAM (model size), and
-
concurrent licenses.
2. Internet lines
Internet service providers are struggling and will continue to struggle, and Netflix already released a press release saying they are going to reduce streaming quality by 25%.
If you have a 10, 100 or 1000 MBPS line, you may wish to increase it - and get a second line from another provider in case the main one fails.
3. Two-factor authentication
With so many people at home outside of the working environment, some may switch off and stop questioning rogue calls or emails. Coronavirus-themed phishing emails have already started doing the rounds.
Ensure 2FA is set up on all internet-facing services. Further still, increase antiphishing, antispoofing and antimalware capabilities.
4. Clean-desk policy
Your kitchen table, lounge or home office is now the equivalent of your real office and it should be treated the same. Family or friends (assuming you let people into your house) or flatmates can wander around and see what you’re working on.
Lock your screen when stepping away from your desk for a minute. Power off the laptop and put it back in its bag, a safe or locked cabinet when you're done. The same goes for papers, which should be shredded or burnt once finished with.
5. Is the dog or cat security cleared?
Even without national or global problems, dogs and cats (especially) have a habit of wandering next to PC screens, laptops or sitting on keyboards! This begs an important question: does the pet have suitable vetting or clearance?
Jokes aside, does your boyfriend, girlfriend, wife, husband, family member or child? Be aware who can hear your sensitive calls.
6. Home Wi-Fi
If attackers normally go for Wi-Fi networks or devices, then there is little point an attacker hovering around the office with no or few staff.
Advise your staff members and colleagues to change their SSID (the network name in plain English) and select a decent Pre-Shared Key (password). Setting five random words is easier and more secure than a 10-character password.
7. Use a VPN
Traffic is no longer traversing the internal network which is not visible or attackable (easily) from the outside world. Internet traffic can be intercepted or recorded in many zones.
Do not rely on TLS (that is the padlock on web pages) to protect your endpoint (user) to server traffic. Run a VPN that creates a tunnel-encrypted bubble over your remote traffic.
8. Patch VPN servers
Your VPN box or server is now mission critical and likely stressed. It needs all the help it can get to secure it and keep it stable.
As you would a server or endpoint, patch your VPN server or device to ensure bugs are fixed. Bugs can be stability or security related.
9. Encryption at rest
We all remember constant stories like Ealing and Hounslow councils fined after losing unencrypted laptops or Council loses USB stick used to store security codes.
Now everyone is at home, criminals know there are extra laptops, tablets and smartphones to steal. Make sure all devices have full disc encryption enabled.
10. Policies
The Covid-19 pandemic is the first time people have been sent home to work for long periods in recent years. This means there are unknowns for both employer and employee.
AUP (acceptable usage policy) has existed for years. Companies should now be writing and distributing remote working policies. Run training sessions too.
11. Control your data
The days of data living within the four walls died years ago with cloud computing, and this further kills the concept of perimeters.
Organisations need to issue company devices, yet it is surprising how many places still have USB ports open and allow Office365 email and OneDrive to be accessed from non-work devices. Do not allow data to leave company-issued kit – once it has left, there is zero control.

Graeme Batsman
Graeme joined QA in 2017 and has worked in security on and off for 15 years. His last role was as a Senior Technical Security consultant at Capgemini covering the public and private sector.
From the age of 17, he was running investigations into online scams and phishing. Today he teaches and/or has written: CEH, OSINT, CTF (conventional or OSINT), CyberFirst, practical encryption and Security+. Graeme is an avid writer with 130+ articles to his name and a chapter in a published book.
He loves thinking like a hacker to review and tweak settings with a fine-tooth comb.
More articles by Graeme
Shadow IT during Covid-19: Do not let your employees decide which apps and tools to use
If you don't take control, your remote-working teams may be putting your IT infrastructure at risk of hacking or loss of data…
29 May 2020Hostile reconnaissance: What is it and how do we stay safe?
Shhh! Cyber attackers often use hostile reconnaissance in the physical world to find a way into an organisation. So what is h…
29 January 2020My partner is a landscape gardener – who would want to hack me?
You may think your small business would not be interesting to global cyber crooks. But you may have a client or supplier who…
29 January 20207 cybersecurity tips for wedding photographers – or anyone, really
QA Cyber Security Technical Consultant Graeme Batsman looks at why cybersecurity is important for photographers, especially t…
29 January 2020Cyber Security for everyone - what we all should know
In May the security of the official Sussex’s wedding photographers was breached, and private photos were released. This highl…
05 September 2019Cyber Attacks - Most of them are not as high-tech as you'd think
Hackers have a reputation for using complex technical means to gain unauthorised access to digital systems. However, low-tech…
05 September 2019Cyber risks are too often ignored by management
Project Managers and top management need a better security understanding to allocate resources and to sign off technical risk…
14 November 2017Rise and Fall of Bitcoin
With the popularity and value of crypto currencies growing, so do the security and anonymity concerns.
01 February 2018Endpoint and network firewalling needs to change
QA Cyber Security Trainer, Graeme Batsman, discusses how you need to focus on outbound as much as (or more than) inbound rule…
03 April 2018The perils of single-factor authentication
QA Cyber Security Trainer, Graeme Batsman, offers a first-hand opinion on single-factor authentication and the exposure of co…
18 April 2018