With the recent outbreak of novel coronavirus infection, many companies in Hong Kong have arranged their staff to work from home to reduce the risk of spreading the disease in the community. This arrangement presents a new challenge for both the companies and their employees. While advancements in mobile and cloud technologies have made remote office possible, their increased application will certainly lead to more network interfaces and larger flow of data over untrusted networks, with their potential vulnerabilities creating new cyber security risks. To address the issue, the Hong Kong Productivity Council’s Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) has summarized some security tips for companies and those employees working at home to refer to and implement:
1. Never Share the Work Device’s Account with Others
Many people would share the use of network devices at home with their family members, especially computers. But when using these devices to perform office work, the user should create a new account together with another set of password in order to ensure the files in that account cannot be accessed by other users. This will not only improve the system security, but also prevent important files from being arbitrarily read or accidentally deleted by others. Remember to sign out upon the completion of the work.
2. Ensure Privacy in the Working Environment
It is very common for people to ignore what is happening around them when focusing on their own tasks. It is therefore recommended to work in a closed area with no other people in the vicinity, especially when entering passwords or viewing confidential documents, and use a privacy screen filter. They must also stay vigilant.
3. Ensure Security of Working Environment
Before starting to use a personal computer for work, the following security preparation needs to be undertaken:
i. Install firewall to avoid direct Internet connection. If not available, a home broadband router is minimal;
ii. Install anti-malware software and perform a comprehensive security scan; and
iii. Perform regular system updates and install patches.
4. Ensure Wi-Fi Connection is Secured
The security of home Wi-Fi network is also important. Those working at home should take the following measures to ensure its secure use:
i. Change the default login name and password of the router;
ii. Upgrade the firmware to the latest version;
iii. Check the status of the currently connected devices and confirm there is no suspicious device; and
iv. Use the latest security protocol WPA3. If the router does not support it, the more common WPA2 can be used.
If required to work away from home, try to avoid connecting to public Wi-Fi, and use the hotspot sharing function of the mobile phone for Internet access instead.
5. Protect Data
Employees should back up data to company servers or cloud storage provided by the company for central backup purpose. If the data have to be stored in personal computers, employees should ensure those sensitive data are encrypted and backed up to prevent information leakages.
6. Strictly Comply with Company Information Security Guidelines
Employees should obtain the company’s information security guidelines and follow them strictly. If any suspicious activity is spotted on the computer, employees should disconnect from company network immediately, report to the IT administrator and ask for assistance.
In addition to the above suggestions, HKCERT has also published the "Best Practices for Remote Desktop Connection (for Enterprise System Administrators)". For more details, please refer to the following link: https://www.hkcert.org/my_url/en/guideline/18120501