For many employees, home office is no longer just prescribed, but also desired. Using your own PC safely for yourself and your company is already practiced and routine. But many users have several IoT devices in use at home. Therefore, as part of the European Cyber Security Month ECSM, Sophos provides a few basic rules for securely organizing and managing the turmoil in your own network.
Seven questions should be asked about devices in and about the general settings of the network when dealing with the topic of IT security in the home office.
1. Does every device in the house have to be online?
If this question can be answered in the negative, then the corresponding devices should be removed from the network while working in the home office. It should also be considered whether a device has to be constantly listening in or whether it has to be permanently activated. If not, it is useful to switch it off while this function is not required.
2. Do I know how to update the device?
If you are unaware, further training via the manufacturer helps: if his statements do not reassure you, a change to another device with a meaningful update function can provide more security.
3. Can I configure the device?
A lot can be read in the security settings of tablets, refrigerators and vacuum cleaner robots, including their security updates. If you want to leave a device in the network, you have to deal with its configurations.
4. Have I changed risky default settings?
Many IoT devices have remote-controlled troubleshooting functions activated at the factory. Fraudsters could take advantage of this, as well as predefined standard passwords. The following applies here: Check and, if necessary, change, before the device is integrated into the network.
5. How much do I share?
If the device is connected to an online service, you should check how much data and how often the device shares it. A “maximum” in these areas should be reconsidered.
6. Am I in control of my network?
Some home routers allow the Wi-Fi to be split into two networks that can be managed separately. This is a very useful feature when working from home. This is because the work devices can be used in one network segment and the private devices in the other.
7. Who do I contact if I have problems?
If the employer has its own IT department or offers access to technical support, then you should get in touch with the contact person so that you can report any suspicions to the correct address. Here it is helpful to agree on what information the IT colleagues need in order to tackle processes as quickly and effectively as possible. For the IT department that looks after the home workers, however, the following also applies: Make it easier for less technically trained colleagues to ask for expert advice. The attitude "There are no stupid questions" in contact with worried and insecure employees in the home office, who would rather show one abnormality too much than too little, can contribute to a trusting, collegial relationship - and this is particularly important in times when you works alone at home and needs support.
More on this at Tenable.com [starboxid=15]