Securing Your Devices While You Work From Home

Securing Your Devices While You Work From Home

John Montaña

Now that you’re working from home, let’s take a look at your equipment to see if there’s anything else you need to do to secure your devices. It needs to be sufficient for your working requirements, and you need to ensure that you’re not exposing yourself and your company to a data breach.

Has your employer provided you with a new laptop? Most likely you’re using a Windows device. You don’t require a ton of RAM and a big processor unless you need remote access to your organization’s systems or do a lot of computationally intensive work like solving for the millionth digit of pi. For primarily word processing and spreadsheets, you can get by pretty cheaply, particularly if you get a big external monitor for huge spreadsheets—screen size is a big cost factor for laptops.

Securing an Old Computer

Could be you’re working on an old desktop with an outdated operating system that the kids have been using for homework and games. And maybe there’s no antivirus software on it, or some very old version that hasn’t been updated in ages.

Old versions of Windows are riddled with security flaws, so if you haven’t updated yours recently and kept up with all the patches, it’s a major security risk. Any sensitive work information is just hanging out there waiting to be compromised. If you’re using this computer to remotely access your company’s systems, it’s a risk for those systems as well—a bad actor could easily place malware on your computer and use it as a gateway into your employer’s system. This happens regularly (the infamous Target data breach occurred because of credentials stolen from the computer of an HVAC contractor).

If the kids have been surfing the internet on your home computer, it’s a sure bet that it’s loaded with all sorts of spyware and viruses and who knows what else. If it’s running slowly, malware is very likely the cause. So if you haven’t done so yet, resolve the many security issues immediately so you’re not putting yourself and your company at additional risk.

If a new computer is not in the picture, then you’ll need to spend some time, and at least some money, getting the old one in shape. Even if you know what you’re doing, it could easily take a day or two to clean and install up-to-date software. And you’d be mortified by what you’d find: I used to run a program called Spybot Search and Destroy (still available and still free) on my kids’ machine every few weeks, and it would routinely detect and remove several thousand instances of malware that had accumulated in that period of time.

[inline-cta post_id=27067]

Defining the Essentials

There are some things you absolutely must have on the device you are using for work. At a bare minimum, this means:

  • The latest version of whatever operating system you use, including all updates, patches and fixes that have been issued for it. Even if it’s new, you will have to check for updates and patches for the installed version.
  • At least one, and preferably more than one, anti-malware solution. If you do use multiple tools, you’ll discover that each catches things the other doesn’t because each is working off of a library of known threat signatures, and the libraries aren’t quite the same.
  • Complete, knowledgeable configuration of all of the security features on the device: firewalls, cookie control, program download and install controls, hard drive encryption, passwords and other login security, and so on.
  • If the device will be used by more than one person, separate password-controlled accounts must be set up for each user, so others have no access to your sensitive work information.
  • Up-to-date versions of whatever word processing or other productivity software you use. If not, you’ll discover that your ancient copy of Excel may not be able to reliably open attachments sent to you by others.
  • Some sort of backup—and preferably offsite backup—for any documents and data that you are creating and storing at home. Do not fail to do this! Far too many people get lazy about backups and learn the hard way what happens when a hard disk crashes or malware damages their data. If you can’t use whatever your organization is using on premise, there are several inexpensive remote backup programs available.

If you are not absolutely, 100% positive that you know how to do all of the above completely and correctly, get an expert to do it for you—this is not the time to become a self-taught IT security specialist. If your organization doesn’t have one, you’ll need to find and engage an outside expert to assist you here. They’re plentiful, so you should have no trouble finding one.

What About Your Phone?

If you’re like most people, you’re using a smart phone, which is just another computer that is subject to all of the issues above. And yes, you may have a version of Excel or Word or PowerPoint on your phone, which is accumulating work data that requires the same treatment as the data on your main device. Make sure that, as long as the IT expert is setting up your computer, your phone gets the same treatment.

Look at it this way: once you go through all these tedious and perhaps expensive but absolutely critical steps, you’ll be all set for whatever emergency arises next. Even if you just use a home computer for the occasional work-related e-mail, you must have proper security in place. Securing your devices is a key component of securing the information for which you are responsible.

Get more tips on how to secure your data from John’s white paper: The Role of Information Governance in Data Security