Working safely at home | safety awareness in the home office

Working safely at home | safety awareness in the home office

Many authorities and organizations, but also companies, are currently in a kind of fast-paced digitalization process, because their employees and they themselves are now working from home - a situation for which only very few have been sufficiently prepared. A number of paper processes need to be digitized, and home office, BYOD and cloud applications offer enormous opportunities.

For everyone, however, this unfamiliar situation also means stress and change, as processes, technologies and behavior patterns are not yet established. In addition, this unusual situation will probably continue to exist.

This article will therefore attempt to provide an overview of how to make teleworking safe and use time and resources in the best possible way to guard against cyberthreats and poorer (broad) perimeter protection.

Now is the time to position yourself strategically and process-wise appropriately in order to be resilient to increased attack scenarios through decentralized working.

A small tip for handling:

If necessary, put a yes – done, a commotion – still open or a "not possible" at the end of each list item to get an overview and thus gain control and self-determination.

1. As bureaucratic as it sounds, binding and clear regulations concerning IT security and data security should be communicated in writing to all persons concerned in organizations at the latest now.

2. Clarify responsibilities and contact persons in the event of any loss of components and reporting channels. These communication channels should be known to all employees – and should be verifiable by them.

3. Employees should be encouraged to take certain safety measures themselves, even while working from home. These include physically securing the workplace against access, i.e. locking doors and locking screens. It is also advisable to cover the webcam on the computer or laptop and to position screens to prevent any outside view.

Decentralized working provides an ideal basis for various attack scenarios, from outdated technical infrastructure that is not secured by the company network, to unsecured routers and WLAN connections to unencrypted data media, to CEO fraud, ransomware and classic phishing mails. Employees have an increased need for information - at the same time; organizations must promote their security awareness.

4. Secure your home WLAN by changing the default administrator password, enabling WPA2 encryption and using a strong password. Instructions on strong passwords follow below.

5. Protect against attacks that aim to obtain information and data that contain references to passwords, bank accounts or access to systems and applications. Especially point out CEO Fraud.

Social engineering is one of the biggest risks in the home office, especially in times of dramatic change.

Attackers deceive and cheat in order to encourage employees to behave incorrectly. Email phishing is a partial aspect, but it is also important to be especially careful with phone calls, SMS, social media content and fake messages distributed via Messenger in corporate applications used for collaboration.

6. Use secure communication channels to access corporate resources. Use so-called Virtual Private Networks (VPN), which act as "intermediaries" to establish connections between the end device and the company network via a "secure tunnel".

7. Secure passwords additionally protect applications from unauthorized access. Establish complex and unique passwords and additionally use multi-factor authentication (MFA or 2FA).

Passphrases are good passwords because they are as long and complex as possible and use random words or phrases. We encrypt data media! or no cells-in-exel-connection are examples for this.

Both are strong, with many characters, easy to remember and type, but difficult to crack. Supplement them with symbols, numbers or capital letters. If a unique password is required for each of your required applications, a password manager is highly recommended, i.e. a program that stores passwords in a kind of safe and retrieves them automatically when needed - and unique passwords are always recommended.

Otherwise, an attacker will only need to successfully compromise one website you use to get all passwords, including yours, and then simply log on to all other accounts successfully. At haveibeenpwned.com you can quickly check whether this has already happened.

If you are using a password manager, it is best to protect it with a strong passphrase and a two-step verification.

8. Updated operating systems, web applications and apps: Make sure that the technologies you use are up to date and that updates carried out regularly. Employees should always work with the latest system version.

Recommended, further information

  • The Federal Office for Information Security (BSI) has made measures available for download as PDF files.
  • Alexei Balaganski, Lead Analyst at KuppingerCole, has summarized current developments under the title "Ransomware during the pandemic crisis".

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

我同意通过以下方式接收罗德与施瓦茨提供的信息:

推广许可

这意味着什么?

我同意,在网站Imprint中提到的Rohde & Schwarz GmbH & Co. KG和罗德与施瓦茨实体及分支机构 可出于营销和广告之目的(例如提供特价优惠和折扣促销信息)而通过选定渠道(电子邮件或邮政信件)与我联系并提供相关信息,包括但不限于测试与测量、安全通信、监测与网络测试、广播电视与媒体以及网络安全领域的产品和解决方案相关信息

您的权利

您可以随时发送电子邮件至 news@rohde-schwarz.com 撤销此同意声明,邮件主题注明“Unsubscribe”即可。此外,我们发送给您的每一封电子邮件中都含有电子邮件取消订阅链接。有关个人数据使用和撤销程序的详情,请参阅“隐私声明”

你的申请已提交,我们稍后会联系您。
An error is occurred, please try it again later.