Our Insights

Working from home: Are you secure?

April 15, 2020

By Jeff Pack, Senior Project Engineer

In the face of COVID-19, POWER has implemented work-from-home programs. As we put in place our own procedures to keep client and customer information safe, you might be wondering: what can I do to increase my own cybersecurity preparedness? Here are some tips to be safe and secure while you are working from the confines of your home.

Stay Current

Now that you are set up and working from home, what about your home network? When was the last time you updated the firmware on your home wireless router? Do all your devices connected at home have passwords on them? When were they last updated? Get all your devices up to date on passwords, patches and firmware.

Is your spouse or significant other working from home also? Make sure they are current on patches. Don’t forget the kids – update their computers, game consoles, tablets and phones. Malware doesn’t care – it goes wherever it can, including everything that is vulnerable on your home network.

Speaking of patches, when your IT department wants to update your computer, take a break and let them do their thing. Take a short walk or grab a beverage and wait a few minutes for the updates to finish. They are trying to protect the company’s information assets, but now they must do all that work remotely, so be patient.

Stay Vigilant

As with any worldwide response to an unusual event, the scam artists and digital fraudsters have already flooded people with phishing attempts to download a “work-from-home” kit or install the “Corona Antivirus” to add additional security to your new working environment. We all need to heighten our awareness of the increased threat to our computers and information that working from home brings to the environment.  Here are a few more examples to watch for:

The nation-states that perform much of the electronic espionage in the world are also taking advantage of the COVID-19 distraction. Attempted attacks have surged since January, and a targeted attack on North Korea used no fewer than five zero-day exploits in their quest to break in. We all need to stay vigilant against potential attacks against POWER or our clients.

Finally, you may have to monitor your bandwidth usage. Make sure you check your monthly limit or be prepared to upgrade or pay for extra bandwidth. If you stream video for the family, they may need to schedule around your work hours, watch some Blu-Ray disks or DVDs or play some offline games for a few hours while you finish that report or conference call.

Stay Aware

Treat our clients’ information just like you would at work – don’t print documents and leave them out. Save them and bring them back to the office for proper disposal. Documents that contain information subject to NERC CIP requirements will be tracked – check with the project manager before taking such documents home.

When working with large documents at home over the internet, the chances of having our normal work processes be interrupted by network disruption are much higher than in the office. Many times, that means working on local copies exported from ProjectWise (as we use at POWER) or a shared server. If you are working with several people on a report, make sure you coordinate so all changes are incorporated as intended.

Since we in the energy business are considered an essential business, our employees may need to visit client sites to perform work – you might, too. Due to the extra attention that travelers will receive with fewer people on the road, maintain your situational awareness when traveling for work. Lock all electronic devices in the room safe (if you have one) or the trunk of the rental car while not in use to avoid extra attention.

Summary

There are several advantages to working from home – you can practice social distancing and reduce the potential of COVID-19 spreading further. You can spend more time with your family and save the commute time (and energy) for essential trips. Finally, the ability to have a more flexible schedule for accomplishing your work is a nice benefit.

But we need to consider the elevated risk associated with a distributed workforce. Your ability to focus and determine what types of communications are valid or not is very important for keeping information safe – customer information as well as your company’s information.

We should utilize this opportunity to learn new ways to collaborate with our customers and co-workers. But we also need to maintain our situational awareness when working at home. Stay safe and wash those hands!

Bibliography

https://www.tripwire.com/state-of-security/security-data-protection/working-home-covid-organization-consider/

https://www.sans.org/security-awareness-training/sans-security-awareness-work-home-deployment-kit

https://www.wired.com/story/high-stakes-security-set-ups-making-remote-work-impossible/