IT Security in the Home Office – Quick Guide for SMEs and their employees

Implemented information security systems - e.g. according to ISO 27001 - offer excellent protection

Operational information security relies on the implementation, establishment and continuous improvement of an Information Security Management System (ISMS). Among other things, this system establishes information security guidelines and regular training for employees on the topics of data protection and information security or provides guidelines for mobile working such as the home office.

Guidelines on working from home are particularly relevant in the current situation. Below, we provide an overview:

Using VPN (Virtual Private Network) connections

To enable secure communication in the home office, employees should only connect to the employer's network via a secure VPN connection. The VPN enables encrypted communication between the sender and receiver and thus ensures secure communications.

Evaluation of employee’s home network

Employees should check their own home network and connected devices. The weakest link in a network determines its security. Here are some examples:

  • Does everyone’s computer have the latest antivirus update installed? This includes children, partners and anyone else connecting to your network.
  • Is the router up to date?
  • Is work and private usage strictly separated?
  • Is a separate device is used for this emergency situation?

Carrying out a security check

Even when a large number of employees are working from home, employers should ensure that:

  • Software updates and patches are regularly applied,
  • Configurations, user and administrator rights are regularly checked and adjusted if necessary,
  • Processes in response to cyber-attacks can also be controlled remotely or, if not, adapted accordingly.

Sensitization of employees

In the current situation employers should once again urgently sensitize all employees on home office to the risks associated with information security. This includes: :

  • Reminders that Covid-19 has led to a steep increase in phishing emails
    • Do not open messages or attachments from unknown senders
    • Remain vigilant and check URLs and sender addresses
  • Reminders that Covid-19 leads to a steep increase in social engineering attacks. Be particularly cautious if:
    • emotional appeals and a sense of urgency,
    • alleged exclusivity and an unknown sender,
    • spelling and grammar mistakes
  • Educating the family
    A computer for work should only be used for work purposes and cannot be used by children or partners in parallel. A strict separation must be ensured!
  • Establishing a home work environment that protects privileged company information
    Employees should find a protected working environment at home in which confidential conversations and the exchange of sensitive information can be carried out undisturbed. This ensures that crucial information does not leave the company and is not made accessible to unauthorized people.
  • Social networks
    Employees should not use work devices to log on to social networks. Furthermore, only generally accessible information about employee profiles should be available.
  • Carefully protecting work-related passwords
    Employees should take great care to protect passwords from unauthorized access and should not write them down or share them with family members.
  • Opening a separate account when using private devices for business
    Employees who access company software via a private device should at least create a separate account for these activities.
  • Reporting data protection and IT security incidents
    Just like working in the office, so, too, when working from home, data protection and IT security incidents should be reported by employees immediately. Employers must ensure that employees know whom to contact and that a functioning process has been established. If they notice suspicious activities, employees are obliged, without any exceptions, to immediately inform their employer. It is advisable for employers to set up a hotline.
  • Hygiene
    Employees should always ensure their devices and their hands are clean, regularly wiping down IT equipment that is in use. Always follow the device manufacturer’s instructions on cleaning. Using a damp microfiber cloth with soap and water may be all you need.

Expert Support

Got questions? Contact us.

Share page