TABLE 6. Security Guidelines for Users Working From Home.
| Tips | Reasons |
|---|---|
| Increase your awareness related to cyberattacks | Extensive information is available to equip individuals, whether new or technical computer users, with the necessary and basic cybersecurity knowledge. Such information as creating strong passwords, identifying vulnerable malware links, and using social media wisely, can help users mitigate numerous cyberattacks. A few of the related popular guidelines are available on 1, 2, 3. |
| Update installed anti-virus and anti-malware products through original vendors | Given that attacks evolve over time, anti-malware products should be updated to quarantine/counter the effects of new attacks. Different strategies to update anti-virus products are provided by 4. |
| Be cautious to e-mails from unfamiliar sources and the following categories: promotional/special offers, surveys or announcements of any kind, charity-based, bank-related and employers. | These malicious e-mails crafted by scammers encourage users to provide personal information by clicking on links and downloading attachments, and lure users through lucrative offers, such as free entertainment subscriptions, lottery tickets, and cash rewards. The intention is either to damage the system or steal money. |
| Consistently back-up data | In worst-case scenario of data being compromised, corrupted, or stolen, backing up your data to external devices, such as USBs and hard disks, is recommended. |
| Do not provide bank/personal details via phone/email for any of the system maintenance services | In the majority of cases, new computer users are tricked by scammers through telephone calls or e-mails. They pretend to update the host system remotely with the intention of hacking it and stealing bank account details. |
| Be vigilant while clicking online meeting platform links, such as Zoom, Google Meets, and Microsoft Teams | Attackers can impersonate such links as well. A recent example in which a victim pretending it to be from Microsoft teams clicked the following link 5 and ended up downloading malware. There are also fake Google Meets domains, such as ”Googelmeetscom.” Further guidelines to mitigate this attack is provided by 6. |
| Use virtual private network (VPN) | VPN provides a private tunnel for users, in which information is encrypted and cannot be accessed by hackers. Hence, organizations can secure the home networks of employees using VPN. |
| Consistently shutdown laptop or home computer | Some software updates, such as firewall settings and Windows-patch updates, require system restart to be effective. Moreover, system shutdown flashes temporary and unimportant data and stops memory leaks. |
| Change passwords frequently | A good practice for employees is to frequently change their passwords while accessing online services from their homes. This practice can substantially reduce the impact of passive attacks. |
| Avoid public WiFi spots | Never use public WiFi spots to access information of your organization or any banking related transactions owing to unencrypted network traffic and legitimacy of these spots. |
| Strictly follow bring-your-own-device (BYOD) policy | Organizations that allow employers to use their own devices for work provide BYOD policies. These policies include certain security guidelines that aid employees secure their respective devices. Further general guidelines on protecting information while working from home can be found at 7. |
4
https://www.us-cert.gov/sites/default/files/recommended_practices/Recommended Practice Updating Antivirus in an Industrial Control System_S508C.pdf