Whether through security gaps in the software or phishing mails: The dangers in the home office are manifold. With the following tips and tricks, you can protect yourself against unauthorized data access with little effort.
The pandemic has changed the world of work. It is becoming apparent at many companies that mobile working will be maintained after Corona or that a mixture of presence and home office will be introduced. It can therefore be assumed that criminals will come up with new tricks for cyber attacks. ARAG legal expert Tobias Klingelhöfer gives tips on how to protect yourself from these attacks.
Basically, whether in the office or at home, you should always protect your workplace from unauthorized access. When you leave your desk, it is best to lock the screen with the key combination Windows (key) L. Sensitive information such as confidential documents or passwords must be handled conscientiously. They should be kept safe from third parties. Documents that are no longer needed should be disposed of at home or at work. Absolute must: A secure password.
Since IT experts find new vulnerabilities almost every day, it is advisable to use home network devices such as B. routers, repeaters and “smart devices” with the firmware updates provided by the manufacturer. The router’s default WiFi key should be changed and consist of at least 20 characters. To avoid unauthorized access, I advise resetting the router’s password according to the password policy as well. Security should also be increased if third-party devices are occasionally operated in a closed network. Guest access can be set up on the router so that guests can also use the WLAN without hesitation.
In addition, the home router should not automatically allow unauthorized devices to establish a connection. Because with the Wi-Fi Protected Setup (WPS), a wireless network connection is quickly established between two devices – e.g. For example, the smartphone can be registered with a WLAN router at the touch of a button. To prevent potential intruders from connecting to the home network unnoticed, it is best to turn off the WPS.
There are regular updates from the provider for detected security gaps in smartphones. If one is offered, it should be carried out shortly after publication. Untrustworthy app sources and thus possible malware can be avoided if no apps are installed outside of the intended app store. App permissions, such as access to the camera, can be managed in the “Settings” under “Privacy”.
Unnecessary permissions are best deactivated directly. To ensure that essential protection functions are not also deactivated, no unauthorized removal of usage restrictions should be carried out using jailbreak (iOS) or root (Android). Jailbreaking or rooting a smartphone gives you higher rights to make extensive modifications and voids the device’s warranty.
Suspicious e-mails, so-called phishing e-mails, can best be recognized by checking them for certain characteristics such as sender, subject, urgent content, unclean formatting and spelling mistakes. You can also make various security settings so that your own activities are not used by third parties for advertising purposes. My advice is to prevent e-mail content from linking to web pages by disabling the HTML (Hypertext Markup Language) feature and only displaying the plain text message.
To increase account security online, various companies offer multi-factor authentication (MFA), which can be used to protect against attacks. MFA is an authentication method that requires the user to provide two or more pieces of credentials for verification before gaining access to the desired resource, such as a user account or a VPN. Many websites use trackers to collect information about the surfing behavior of visitors and to display personalized advertisements or make improvements based on this. Tracking can be partially or completely disabled in most browsers under “Settings”, “Privacy Policy”.
Verified websites can be recognized by a lock symbol in the browser’s status bar or if the address line begins with “https”. In addition, the correct spelling of the URL should be ensured (e.g. google.com instead of googl0ft.biz). Authorization should only be granted to necessary websites. For example, a website does not need location to read an article. These permissions are usually found in the “Settings” under “Privacy
Ignoring updates could also be fatal for your own private computer. Timely installation is also recommended here in order to close generally recognized security gaps. With a hard drive encrypted with a password, it is more difficult for attackers to access the data. In order to protect the computer data from dangers such as loss or total damage, I recommend a regular backup on an external data carrier that should be kept separate from the computer. For further protection, the computer’s firewall should be activated by default.
