8 Security Spring Cleaning Tips for the Home Office
Use these ideas to sharpen up your home office machine against potential intruders.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt0ce5641cd90cc59d/64f0d6de6f55090aa52bcb3e/Slide-1CoverArt.jpg?width=700&auto=webp&quality=80&disable=upscale)
Officially, it became spring early last week, although people in the snowbound Northeast are anxiously awaiting the arrival of the actual spring weather that brings flowers, green grass, and baseball season.
So wherever you live, if you run and manage a home office, now’s a good a time to do some spring cleaning so your devices are less vulnerable to malware and potential threats. While this may seem to affect only a small percentage of workers, it’s really not the case anymore. A Gallup survey from last year found that 43% of employed Americans work from home at least some of the time.
T. Frank Downs, director of SME cybersecurity practices at ISACA, says home workers have to conduct themselves just as they would in the office.
"People have to be aware of their surroundings and operate the same way, being sure not to open up suspicious emails, weird attachments or install thumb drives that might come in the mail," Downs says.
Russell Schrader, executive director of the National Cyber Security Alliance, adds that cleaning your machine is one thing - keeping it clean is yet another task.
"Once you get your machine clean you'll want to keep it clean," Schrader says. "It's really important to keep on it, always asking if you really want to share that document or download the latest cool application you saw. The idea is to be mindful of security and build habits that will make it easier for you to keep it clean. It's like your house, once you clean it well one time it's easier to keep it clean moving forward."
The eight tips in the slideshow are based on interviews with ISACA's Downs and NCSA's Schrader. They offer some practical advice on how to keep applications up-to-date, how to handle public hotspots and keep your home router up-to-date.
Assuming the company issued a security policy, it's in place for a reason. Many companies will clearly state that when people work from home, they can only use the company's corporate assets. That means working only on company-issued computers and smartphones and company databases. Many companies may run Office 365 or Google Apps, so home workers may be tempted to use a friend or a spouse's computer to access One Drive or Google Drive. But if the company makes it clear that for security reasons they frown on using non-company devices, make sure to follow it. Once you leave the company's orbit, you can open the organization up to unwanted malware and an environment that corporate IT can't control.
Running updates has become a mantra for security managers, but it's the simplest and most practical thing a home user can do. By running updates, we're talking about doing the updates for the operating system and all applications, not just Microsoft Office. The way the industry has progressed, most of the updates today are security-related, so be sure to run the updates when your computer prompts you to run them. It's also important to run frequent security scans. At least once a month run a full system scan, not just a scan of critical areas. It may take several minutes, but it's well worth it.
Rule No. 1 of using a work computer at a Starbucks is to never use a public hotspot without logging on through a work-based VPN connection. Any time you log on to an unencrypted hotspot there's a high potential for data theft. It's also important to physically keep your devices safe, especially if you are on travel at an airport or train station. Just be aware of your surroundings and don't try to do too much sensitive work at a public hotspot.
It's important to be aware of the networks that might pop up either when you're at a public hotspot and especially when you're working from home. Check to see if unfamiliar SSIDs pop up on your WiFi icon and always make sure you are logged onto the correct network. Knowing your network is important, but so is knowing your applications. If an unfamiliar security application prompts you to do a security scan, be smart enough to not click on that application, you could be downloading malware on to your computer. Some of these rogue applications can be very insidious and appear like they are legitimate applications, so be ever-vigilant.
Look at what's on your cache and just clean it out. You'll get better web browsing performance and there's no reason to keep things piling up for months and months in your cache, where malware can hide. The other point to consider is that once you clean out the cache, you will be visiting the most up-to-date version of that website, so assuming that the site practices security hygiene it will also be more secure.
In the wake of all the bad news surrounding privacy lapses at Facebook, this point has become especially important. Check your browser for cookies and either delete them selectively or delete them entirely. It's really important for you to have insight on who has data about you.
Note: some websites require cookies be enabled to use their site. So, for example, if you block all third-party cookies you will be bounced off Facebook. If you are adamant that you want to delete all cookies you may have to part with Facebook and any other of your favorite sites that require cookies be enabled.
For years, security experts told people to use numbers for vowels in certain places as well as symbols, but in the past year NIST advises that people use passphrases. A longer passphrase is better than a tricky password with numbers and symbols. Use a passphrase that's unique to you and something you can remember. It can be the opening line to a favorite song or poem, but the more unique it is to you, the more secure. And especially for personal banking sites, sign up for two-factor authentication. Most banks today will offer an option where you get a unique PIN number or passcode every time you log on. Use it.
Officially, it became spring early last week, although people in the snowbound Northeast are anxiously awaiting the arrival of the actual spring weather that brings flowers, green grass, and baseball season.
So wherever you live, if you run and manage a home office, now’s a good a time to do some spring cleaning so your devices are less vulnerable to malware and potential threats. While this may seem to affect only a small percentage of workers, it’s really not the case anymore. A Gallup survey from last year found that 43% of employed Americans work from home at least some of the time.
T. Frank Downs, director of SME cybersecurity practices at ISACA, says home workers have to conduct themselves just as they would in the office.
"People have to be aware of their surroundings and operate the same way, being sure not to open up suspicious emails, weird attachments or install thumb drives that might come in the mail," Downs says.
Russell Schrader, executive director of the National Cyber Security Alliance, adds that cleaning your machine is one thing - keeping it clean is yet another task.
"Once you get your machine clean you'll want to keep it clean," Schrader says. "It's really important to keep on it, always asking if you really want to share that document or download the latest cool application you saw. The idea is to be mindful of security and build habits that will make it easier for you to keep it clean. It's like your house, once you clean it well one time it's easier to keep it clean moving forward."
The eight tips in the slideshow are based on interviews with ISACA's Downs and NCSA's Schrader. They offer some practical advice on how to keep applications up-to-date, how to handle public hotspots and keep your home router up-to-date.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024