Welcome to our new website!

We hope you find our new website helpful and easier to navigate. 

Working from Home

As we adjust to working and teaching remotely, cybersecurity has become more important than ever. Taking our work home with us also brings our home into the work -- so we need to take the proper steps to protect our homes from malicious actors, who never seem to sleep, even during a pandemic.

Here are a few key information security tips to follow as we continue this Work from Home (WFH) journey:

The first so-obvious-it’s-not-obvious tip is to make sure your work devices are physically safe, and that you avoid offering unauthorized views of confidential information. Your kitchen table, living room or home office is now the equivalent of your real office and it should be treated the same. Family, friends or roommates can wander around and see what you’re working on.

Here are a few ways to shore up physical security while WFH:

  • If you live with a roommate or young children, be sure to lock your computer even when you step away for just a bit. Don’t tempt your roommates or family members by leaving your work open. This is true even for the workplace, so it is imperative for WFH.
  • Keep your workspace clean. Do not leave documents unattended or in view of unauthorized people. 
  • If you need to leave your home for supplies or other reasons, make sure your work devices are either shut down or locked—including any mobile phones you might use to check email or make work phone calls.
  • When participating in phone conversations or digital meetings, make sure confidential conversations cannot be heard.
  • If you can’t carve out a separate work space in your home, be sure to collect your devices at the end of your workday and store them someplace out of sight. This will not only keep them from being accidentally opened or stolen, but will also help separating your work life from your home life.
  • The same goes for papers, which should be shredded once finished with.

  • Access to your computer’s desktop should at least be password protected, and the password should be a strong one. If the system is stolen, this will keep the thief from easily accessing company information.
  • Consider using a password manager. It will be much more secure than a written list of passwords left on your desk. A password manager is a specialised program that securely stores all your passwords in an encrypted format (and has lots of other great features, too!).
  • If you’re connecting your work computer to your home network, make sure you don’t make it visible to other computers in the network.

Easier said than done, we know. Still, just as it’s important to carve out boundaries between work life and home life while WFH, the same is true of devices. Do you have a child being homeschooled now and turning in digital assignments? Are you ordering groceries and food online to avoid stores? Best not to cross those lines with work.

While it may seem cumbersome to constantly switch back and forth between the two, do your best to at least keep your main work computer and your main home computer separate (if you have more than one such device). If you can do the same for your mobile devices—even better. The more programs and software you install, the more potential vulnerabilities you introduce.

  • Don’t pay your home bills on the same computer you compile work spreadsheets. You can not only create confusion for yourself, but also end up compromising your personal information when a cybercriminal was looking to breach your company.
  • Don’t send work-related emails from your private email address and vice versa. Not only does it look unprofessional, but you are weaving a web that might be hard to untangle once the normal office routine resumes.
  • Speaking of homeschooling, it’s especially important to keep your child’s digital curriculum separate from your work device. Both are huge targets for threat actors. Imagine their delight when they find they can not only plunder an organization’s network through an unsecured remote worker, but they can also collect highly valuable Personally Identifiable Information (PII) on young students, which garners a big pay day on the dark web.

Make sure each of your computers, mobile devices, programs and apps are running the latest version of its software. Cyber attackers are constantly looking for new vulnerabilities in the software your devices use. When they discover vulnerabilities, they use special programs to exploit them and hack into the devices you are using. Meanwhile, the companies that created the software for these devices are hard at work fixing them by releasing updates. By ensuring your computers and mobile devices install these updates promptly, you make it much harder for someone to hack you.

  • To stay current, simply enable automatic updating whenever possible. This rule applies to almost any technology connected to a network, including not only your work devices but Internet-connected TV’s, baby monitors, security cameras, home routers, gaming consoles or even your car
  • Antivirus / Anti-malware should be installed and be fully updated.

  • Avoid storing data on your personal devices.
  • Avoid the use of USB sticks.
  • Store your data on Board provided cloud storage.  Use Google Drive, Office 365 (OneDrive, Sharepoint, Teams).
  • Do not download sensitive or confidential work documents to your home computer.
  • Do not share the virtual meeting URLs on social media or other public channels. (Unauthorized 3rd parties could access private meetings in this way.

Almost every home network starts with a wireless (often called Wi-Fi) network. This is what enables all of your devices to connect to the Internet. Most home wireless networks are controlled by your Internet router or a separate, dedicated wireless access point. Both work in the same way: by broadcasting wireless signals to which home devices connect. This means securing your wireless network is a key part of protecting your home. We recommend the following steps to secure it:

  • Change the default administrator password of the device controlling your wireless network. The administrator account is what allows you to configure the settings for your wireless network.Connect to the internet via secure networks. Most wifi systems at home these days are correctly secured, but some older installations might not be. With an insecure connection, people in the near vicinity can snoop your traffic (more technical people might be able to hijack the connection).
  • Ensure that only people you trust can connect to your wireless network. Do this by enabling strong security.
  • By enabling this, a password is required for people to connect to your wireless network, and once connected their online activities are encrypted.
  • Make sure the password people use to connect to your wireless network is a strong password and that it is different from the administrator password. Remember you only need to enter the password once for each of your devices, as they store and remember the password.
  • Not sure how to do these steps? Ask your Internet Service Provider, check their website, check the documentation that came with your wireless access point, or refer to the vendor’s website.
  • Avoid open/free/public networks.

Attackers are exploiting the situation, so look out for phishing emails and scams. In the current situation, one should be suspicious of any emails asking to check or renew your credentials even if it seems to come from a trusted source. Please try to verify the authenticity of the request through other means, do not click on suspicious links or open any suspicious attachments.

  • Be very suspicious of mails from people you don't know- especially if they ask to connect to links or open files (if in doubt phone I.T.).
  • Mails that create an image of urgency or severe consequences are key candidates for phishing - in these cases always verify via an external channel before complying.
  • Mails sent from people you know, but asking for unusual things are also suspect - verify by phone if possible.
  • There will be many emails going around trying to capitalize on fear related to the coronavirus, questions about isolation and its psychological impacts, or even pretending to offer advice or health information. Scan those emails with a sharp eye and do not open attachments unless they’re from a known, trusted source.
  • Related to phishing: I’m pretty sure we can expect to see a rise in Business Email Compromise (BEC) fraud. Your organization may be sending you many emails and missives about new workflows, processes, or reassurances to employees. Watch out for those disguising themselves as high-ranking employees and pay close attention to the actual email address of senders.