Information security awareness guide
![Image - work at home](https://www.h-x.technology/wp-content/uploads/2021/01/working-home-covid-19.gif)
This short guide is based on SANS recommendations issued at the beginning of the COVID-19 pandemic in March 2020.
Why do you need this guide?
Transitioning the workforce to work from home can be a challenge because you may:
- lack the policies, technology or training to secure a remote workforce;
- be unfamiliar or uncomfortable with the idea of working from home.
Major security risks
Social Engineering
![Image - Social Engineering](https://www.h-x.technology/wp-content/uploads/2021/01/social-engineering-manipulation.jpg)
Social Engineering is a psychological attack where the victims are tricked into making a mistake, especially in times of change or confusion.
Phishing is a social engineering attack when an attacker attempts to fool you into clicking on a malicious link or opening an attachment in an email. Be suspicious of any email or online message that creates a sense of urgency, has bad spelling or addresses you not by your name, for example, “Dear Customer.”
Protection from Social Engineering
- Learn what Social Engineering is, how to spot the most common indicators of a Social Engineering attack, and what to do when you spot one.
- Remember that Social Engineering is not just email phishing attacks, but other methods including phone calls, texting, social media or fake news.
Weak passwords
![Image - Weak passwords](https://www.h-x.technology/wp-content/uploads/2021/01/weak-passwords.jpg)
To protect from information theft, account hijacking or penetration, avoid weak passwords and use:
- Passphrases (note, both password complexity and password expiration are not sufficiently reliable any more).
- Unique passwords for all accounts.
- Password Managers.
- MFA (Multi-Factor Authentication), Two-factor Authentication or Two-Step-Verification.
Outdated Systems
![Image - Outdated Systems](https://www.h-x.technology/wp-content/uploads/2021/01/system-update.jpg)
To protect yourself from malware and hacking, ensure any device you use is running the latest versions of the operating systems, applications and mobile apps.
Quick tips
- To secure your wireless network at home, change the default admin password of your router, disable admin access from WAN, install the latest firmware, enable WPA2 encryption and use a strong password/passphrase for your wireless network.
- Ensure all the devices, connected to your home network, including baby monitors, gaming consoles, TVs, appliances or even your car, are protected by a strong password/passphrase and are running the latest version of their operating system.
- Make sure both the operating system and your applications are patched and updated. Enable automatic updating.
- Make sure each of your accounts has a separate, unique password. Consider using a password manager to securely store all of the passwords/passphrases for you if you cannot remember them.
- Two-step verification is one of the best steps you can take to secure any account. Two-step verification is when you require both a password and code sent to or generated by your mobile device.
- Ensure your firewall is activated.
- Ensure your antimalware or endpoint protection system is activated.
- Family or guests should not access work related devices.
- Common sense: if an email, phone call or online message seems odd, suspicious or too good to be true, it may be an attack.
- Backup your data and check backups regularly.