The National Cyber Security Centre SK-CERT gives recommendations to employees how to work safely from home office

30. March 2020

The model of working from home, so-called “Home-office” or teleworking is in the current situation of quarantine measures due to the spread of COVID-19, a frequently used way for a large part of society and institutions to separate their employees and reduce the risk of transmitting the disease.

At the same time, some of the employees will have to work from home for the first time. In addition to problems they have to deal with at work (potential productivity decline, difficult adaptation to the new work environment), they must undoubtedly meet the security of the data and information they work with outside the secure office environment.

Therefore, the National Cyber Security Center SK-CERT prepared several recommendations for employees how to better manage their home office, how to behave safely and how to secure their devices:

How to better manage your home office

If possible, create such a home space that you will only use for working, so called “Office environment”.
Treat it like real work. Try to arrange your office environment in a room with as much natural light as possible. Of course, it is not good if you work from a sofa. Have a good chair. And do not forget small things, such as headphones to eliminate home noise.
Schedule daily or regular information meetings with your supervisor. The key is clear communication with your manager and knowledge of what is expected of you. If we work from home, it could result in lack of communication. Communication failure is even more likely to occur if your workplace has not been prepared for teleworking yet. For example, your manager may not be used to virtual management of people, or your company may not have a set of ready-to-use tools for remote workers such as “chat” and video conferencing applications. Ensuring this form of “richer” communication with the entire team helps to work more efficiently and resembles as much as possible face-to-face communication.
Set up a regular daily system and copy your normal working mode. Try to keep your original routines before you started working from home. If you were supposed to be at work at 8:00, don’t wake up at 7:59. Take some time before you wake up, have coffee, have breakfast. This is especially important for those who are not early types and need to have the “feeling” that they have to go to work. Wear comfortable work clothes – not pajamas. The fact that you can work in your pajamas doesn’t mean you should actually do it. It is part of the mental trick to set up the brain for a better understanding of distinguishing our mental functioning between work and the rest of life in the same environment. It is important for men not to miss their daily shaving habit.
Avoid personal meetings only to absolutely necessary cases. You must be available during whole business hours. If you are not on vacation, sick leave or if you do not care for a family member, the same rules apply as if you were in the office.
communicate regularly with your clients remotely, be open and understanding. Think about what is around you – how you are dressed and what a client sees in your space. The best teleworkers regularly connect with their clients using various tools. When making virtual calls, always make sure who you are inviting and what information you are sharing at the moment.
Communicate with other team members not only about how your work progresses, but also about the life around you. Learn about each other’s daily activities. Social distancing is not easy, especially if you are used to a busy office. It’s a good idea to make sure you call someone at least once a day. Since decompression during lunch with coworkers is now ruled out, this does not mean that your lunch break must be lonely. Although unusual, it is nice for colleagues who live alone to connect with people outside their “office” and just talk. It is advisable for smaller groups of two to three people to spend “lunch” together in this way. Social isolation is a natural phenomenon in the home office environment.

How to behave safely

There is no need to loosen your alertness when you are working from home. Attempts to compromise your sensitive data and your employer’s important data is increased at this time.
Therefore, it is more important than ever to respect the basic principles of cyber hygiene:
- Always verify the sender of an email, phone call or other message (SMS, social network, other online services, etc.) – for example, in person or by phone. If the mail came from an official institution or authority, check that the email address or person of the sender even exists and is the official address or person representing the institution
- Be aware if the message you are reading contains grammar errors – this can be an automated translation that is often used by attackers
- In a case of a phone call, ask the basic questions – who is calling, from which institution, what credentials he has, why he asks you for details, what they will be used for, and so on. Under no circumstances should you tell the caller of the system login, credit card or personal information.
- Do not open messages from unverified or completely unknown senders that contain a suspicious message subject
- Do not open or download suspicious attachments or links in emails
- Turn off the Attachment Preview feature in your email client
- Please do not reply to the following messages and forward them immediately to the security officer of your organization:
  - messages asking you for sensitive information – login information, personal information, credit card information, and so on
  - messages prompting you to act now – provide your personal or other sensitive information, click a link, download an attachment, and so on
- Communicate regularly with your employer and the person in charge of cyber and information security in your organization. Report suspicious events or security incidents, such as phishing mails, suspicious phone calls, SMS messages, abnormal behavior on your computer, and so on.
- Follow your employer’s security instructions.

How to secure your equipment

If you use your home network for your work, make sure you reduce the risk of compromising your home network device. On your WiFi router or access point:
- Change preset admin passwords to strong and unique, since preset passwords are easily traceable to attackers, for example through publicly available user guides
- Disable ssh and telnet connections to the device or secure these communication protocols with a strong password
- Secure the connection to the device with a strong password. Use WPA2 or WPA3 for security
- Do not share your device passwords with anyone outside your home.
Use strong passwords and use different passwords for each device you use and for each service. Use 2-factor authentication wherever possible – but avoid 2-factor authentication via SMS.
Keep updated your computer and all the devices you connect to the Internet with.
Also, regularly update the software products you have on your devices – preferably those you use for your work,
Use updated antivirus software
Back up data only to employer-approved storage
Restrict others to access the devices you use to work – to avoid knowing or accidentally compromising or deleting important data. Also, limit the use of work equipment for gaming and online activity.