Suddenly Working from Home? Here’s How to Stay Secure and Sane

In light of the many changes embraced in the name of health and safety due to COVID-19, Tetra Defense has encouraged remote work for all employees. Cindy Murphy, President of Tetra Defense, shares her insights on this transition.  

Returning Home

Like hundreds of thousands of other people around the US and millions around the world, I suddenly found myself preparing to work from home late last week due to the coronavirus pandemic. While I’ve worked and taught in the computer security industry for many years, I have always worked in an office or classroom where someone else secured the environment. With COVID-19 predicted to affect us potentially through the end of the summer or longer, I anticipate that my new home office set up will be here for a while.

Luckily, I am surrounded (now at a safe distance) by smart, talented, and knowledgeable computer security folks here at Tetra Defense, some of whom have a lot of experience with this whole WFH (Work From Home) thing. So, when I decided to move my workspace home to protect my 80+ year-old mother’s health and my own, I started researching and asking Tetra employees what I needed to know about working from home safely, securely, and sanely.

Securing Your Home Office Setup

One of the first things I learned is that there is no need to reinvent the wheel. Remote workforces are nothing new — there are just going to be a whole lot more of us working this way in short order. As someone who taught for the SANS Institute for many years, they were one of the first places I turned for information. SANS has provided a great toolkit and guidance for organizations of all sizes. For individuals, their advice falls into five main topic areas:

  • Humans are nearly always the weakest link in network security. Being smart about how we react in a crisis (such as the one we find ourselves in now) is critical. Being on the alert for social engineering tricks and lazy password habits is as essential for remote work as it is in the office.
  • Home Network. Secure your home network, and for goodness sake, change the default password on your router. Only allow trusted people to connect to your home network. Use strong passwords or passphrases to secure your router, and don’t use a password that you have used elsewhere.
    *My Tetra co-workers had some more specific advice on this point that I will go into below.
  • Use unique and strong passwords or passphrases (a combination of words such as “blue banjo lovely sky” or a sentence of your choice) for each online account or system you access. Use a passcode manager like LastPass or KeePass to help your memory if you can’t remember all of those words and phrases. Tetra Defense also strongly recommends that you enable multifactor authentication anytime it’s available. A few seconds of inconvenience can save a ton of headaches later if your credentials are ever compromised.
  • Make sure your computer operating systems, mobile device operating systems, apps, and programs are all patched and up to date. Turn on automatic updates, and don’t dismiss notifications for updates out of inconvenience.
    *My Tetra co-workers had some additional advice in this category as well, which follows below.
  • Kids and Guests. Let them know that your work computer is for work, and don’t let them use it for other purposes. Your work data could be at risk, and they could accidentally infect your work device with malware.

Additional Advice About Working Securely from Home

In addition to the wise advice from SANS, Nathan Little, Vice President of Digital Forensics and Incident Response for Tetra, advises:

“Whether you’re using a personal computer, or one provided by your workplace, be sure to use endpoint protection of some kind and scan the computer for malware before connecting to your workplace network. We’ve seen quite a few cases where an infected personal computer is the root cause machine in a network intrusion and becomes the jumping-off point for a full- blown ransomware attack. For example, we have seen many companies roll out a VPN (Virtual Private Network) solution to their employees to allow access on the office network while at home. VPN combined with multifactor authentication is a great solution, but the problems arise when workers that typically aren’t remote start working from home on personal laptops. The second someone VPNs into work from a personal laptop, you are putting that laptop, along with any malware it contains, onto your network.”

Tetra employee Don Reece told me “It’s worth noting that some VPN clients such as AnyConnect, FortiClient, and Checkpoint can enforce antivirus compliance on a device before allowing it to connect to the network.”

Nathan Little also told me, “People should update their home routers. I would bet that 99% of people ‘set it and forget it’ and haven’t patched their router in years. Unpatched hardware can have numerous vulnerabilities ripe to for exploitation.”

Tetra Defense team members Drew Hjelm and Aric Asti both recommended the use of a VLAN (Virtual Local Area Network) at home. Drew suggests, “If you have the technology and the skill (or can enlist the assistance of someone who does), separate your work and home networks with segmentation such as a VLAN and separate wireless networks.” Aric told me, “I would highly encourage people to set up a segregated VLAN on their home network to be used exclusively for their work equipment.”

Remote Desktop Protocol is another way many remote workers commonly connect to their workplace network. However, we see the use of compromised RDP sessions used to launch ransomware attacks all the time. When asked about use of RDP for connection from home to work, Tetra team member William Cordio said, “I would highlight that use of RDP (Remote Desktop Protocol) is discouraged, but if someone absolutely needs to use it, they should be sure to use MFA (Multifactor Authentication).”

Staying Sane — and Productive — While Working from Home

Aside from all of this great technical advice, I got some additional pointers from Tetra’s team members with remote work experience about how to stay sane, connected, and productive while working remotely. Those tips included:

Separation

Separate your work and living environment as much as possible. If you can have a separate office, that’s great.

Reduce Distractions

Reduce distractions where possible. If you have kids and pets, in order to reduce constant distractions, set up your office in a room with a door if possible, and keep the door closed when you’re working. Tetra team member Rahil Aftab tells me, “My number one tip for working from home: if you have kids, keep your door locked.  Otherwise, my son always asks me to take a break and play.” As for me, I’m noticing that my Brittany Spaniels sure “need” to go out more now that I’m working from home.

Routine

Make sure to get ready every day like you’re going to an office. Tetra employee Don Reece recommends “Setting a schedule is a must. Treat it like a “real” commute. Get up, shower, get dressed for work, etc. It might be fun to wear your pajamas to work for a while, but it can become harder to take your work seriously.” (I’ll admit it – on this point, I’ve been wearing sweatpants a whole lot more than usual and have become an official member of the “comfy club.”)

Take Breaks

Take Breaks. Get up and go outside. Eat Lunch. Tetra team member Patrick Johns advises “Breathe the fresh air and take in the natural things.” “Try to follow the 20/20/20 Rule. Every 20 minutes look 20 feet away for 20 seconds to give your eyes a break from staring at the screen,” says Tetra employee Don Reece.

Nicole Long, Director of Recruiting for Tetra Defense says, “For those work-a-holics out there, block off time for lunch! It’s easy to get sucked into a project, eat in front of your computer, or forget to eat lunch altogether. I keep my phone and computer in the office while I go into the kitchen to enjoy my lunch, stretch my legs and wake up my body with a short walk, and overall just give my eyes & brain a rest. Self-care and work-life balance are key WFH tips!”

Stay Connected

Tetra team member Ben Hartwick says “Attempt to attend as many conference calls as you can with video turned on. Video meetings allow people to see each other’s reactions and to understand each other better. It also helps me to feel more like part of the team.”

Nicole Long echoed this point “Maintaining a sense of camaraderie is super important. When you can’t pop over to someone’s cubicle or chat in a break room, it is easy to feel like you’re alone on an island. I am lucky and grateful for the Tetra culture. I LOVE our Slack chats that keep me connected to what’s going on with other teams, but also the non-work-related messages that make me chuckle. Beyond that, I often have teammates reach out individually to check in and see how things are going. It’s something that takes very little time but is incredibly thoughtful and appreciated. Especially during a time when social distancing is the norm, I think it’s important to check in on one another.”

Stay Healthy

Patrick Johns says, “One more thing. If my wife and children go out and do things while I am here working, I ask them to please wash their hands thoroughly when they come home, for all of our safety.”

Let’s Cut Everyone a Little Slack

Face it. These are hard times, and things are going to get harder whether we’re working at home, in the office, or on the streets as many public servants do. Let’s not just give each other the 10 to 15 feet of physical, social-distancing space recommended to prevent the spread of COVID-19. Let’s also give each other the virtual space and support we all need to start processing and coping with the new reality in which we find ourselves.

Take the time to reach out and help someone around you if you can. One heartwarming thing I’ve witnessed since the start of this scary new world we’ve all found ourselves in is how supportive my Tetra team has been to each other and those around them. This LinkedIn post from David Kruse, Director of Business Development for Tetra recently brought me to tears (edited for length, but the full content is linked above):

During these unusual times, we need to listen before we speak, to hear before we ask to be heard. We need to care for the whole person (the persons around us, and our own person). So, I’m instituting Office Hours via Zoom Meeting. Book a time here: https://lnkd.in/e9ZjjG

Nervous and want to talk about coronavirus? Let’s chat.

Prefer to talk business to keep your mind off things? Sounds great.

Are you an entrepreneur and need to practice an elevator pitch? I’m all ears.

Are we old friends/colleagues and haven’t spoken in a while? Let’s catch up!

Have we never met, but you’re interested in getting to know one another? You know how to get a hold of me.

Have you got questions about information security, cybersecurity, ransomware, CMMC, or cyber insurance? Now’s a great time to ask!

Sick of hearing about coronavirus and want to have a (virtual) beer together? Let’s do it.

Not a beer drinker? Let’s do coffee or tea. You get the idea.

Captain Pabst & I are ready for you! Take care, David.

Taking Care

The shift from shared public office spaces to remote home offices needs to happen quickly for public health reasons. But a quick move shouldn’t mean a half hazard and insecure move that leaves us feeling even more frazzled and disconnected than we do already amid the current coronavirus crisis. Hopefully, the work-at-home advice will be as helpful to you as it has been to me so far.

Check out some related content on our blog: