Secure work from home

With an increasing number of users working from home, there will be an increase in IT attacks targeting home users. The intention of this site is to provide simple, understandable, best practices for regular people working from home - temporarily or permanently. Some steps might not apply to you.

All information is provided "as is".
Liability disclaimer.

Your workplace most certainly have an IT policy. You should follow that policy at all times. If you find yourself in a situation you don't how to handle, reach out to your IT department. If any steps outlined in this guide contradicts that policy, follow the policy of your organisation.

If your organisation provide a VPN solution, use it at all times when working from home. It might be slow or block your favourite cute kitten page, but it’s definitely more secure.

Keep your computer updated - don’t postpone updates when prompted, install them as soon as possible. Your employer want you to install them even if it affects your productivity for half an hour. Get a cup of coffee while you wait.

Keep your personal computer updated as well.

Make sure you have a Wi-Fi password consisting of both letters and numbers. Change your routers default login credentials, and install the latest updates for your router. Click here to learn more.

Set up a guest Wi-Fi network and use that for your work computer. Most fairly modern routers have support for a second WiFi network for guests. Guests can not communicate with other devices in your home, and your home devices can not communicate with them. This protects your work computer from potentially infected devices in your home. Here's instructions on how to set up a guest network.

Check both your work and personal email for known password leaks and update your passwords. Don’t use the same password for different services. Use a password manager like 1password (paid) or the free, open source Keepass.

Keep your work related passwords and private passwords separated. Ask your organisations IT department about company guidelines regarding passwords and password managers.

Use Two-factor authentication (2FA) whenever a service provides it.

Keep yourself up to date with your organisation. Communicate with your colleagues daily. You might not need them but they might need you.

Be extra careful before you open any files and links emailed to you. If you get a suspicious email from a known contact, reach out to them either by phone or by creating a new email (do not respond on the one you received) and ask them if they sent the email and what it is.

Watch out for spear phishing! Spear phishing is highly sophisticated attacks which target you. Spear phishing occur by email, social media, phone and regular mail. Spear phishing attacks often try to make you act out of stress. Read, breathe and think before acting! Your employer puts their trust in you. Don’t be an easy target.

Don’t use your work computer for private matters. Reading the news is one thing, while logging in to social networks and other services opens up for potential attack vectors. Follow your organisations IT guidelines.

Don’t use your personal computer for work unless you're working at a bring-your-own-device (BYOD) workplace. If you really, really need to print just one work document using your personal computer, you still do not do it. Do not use USB memory sticks or USB hard drives unless instructed to by your IT department.

It might seem like a good idea to let your kids watch Netflix or browse the internet on your work computer at times. However, this puts your company's data at risk. Lock your computer when you leave the room.

Don’t print out sensitive information unless you really need to, even if you are allowed to. Keep your work related assets in one place and don’t scatter it around your home.

Troy Hunt, who created haveibeenpwned.com, have a great collection of security related links here.