June 26, 2009, 12:00 PM — According to the human resources association World at Work, 17.2 million Americans worked from home or remotely at least one day per month for their employer last year (See also: 4 Telecommuting Security Mistakes). And the 2007 book 'Microtrends' estimates that 4.2 million Americans work full-time from home.
Good security is a key to good productivity. CSO spoke with two home office security experts about security mistakes home office workers often make (and how to avoid those errors).
Failing to physically secure the office
Working out of a home in Southern Florida, Jeff Zbar knows all too well how important physical security is for his office. Zbar, a journalist, corporate copywriting and home office expert, runs the web site chiefhomeofficer.com and has also written several books, including "Safe @ Home: Seven Keys to Home Office Security."
During Florida's infamous hurricane season, Zbar has plywood ready to go for his office windows. He has storm shutters on them year round. But the physical security of his office goes far beyond weather concerns. His home also contains three children and three dogs, which can serve up a different kind of threat.
"These are things you've got to think about if your office is in the house. What if one of the children goes up and sees that pretty green light on the computer and they decide to touch it? What if they pull on the cable or the dog chews on the cables? I've made sure my computer is stashed in such a way they can't get to it when I am not around." (See also: 6 Desk Security Mistakes). Clearly, a lock on the office door itself may not be a bad idea.
Zbar also has fireproof lock boxes (Underwriters Labs (UL)-rated boxes are available at your local office-supply store) where he stores important documents and data in the event of a theft or disaster.
And consider a cross-cut shredder to help dispose of such documents when you're done with them.
[ Also see Home Security: The Basics ]
Failing to install the most basic computer security measures
How much thought do people give to the security of their home office network?
"Most people typically go out and buy a router from Best Buy, throw it in there and call it a network," said Derek Krein, a wireless security expert. "It's pretty scary."
Krein, who is the chief technology officer with Advanced Wireless Networks in Virginia, says the assumption that home office networks are not common targets for criminals is dangerous.
"People think: 'I'm at home, no one is going to bother my home network,'" he said. "But by configuring the security properly, you make it difficult enough that criminals go elsewhere to find lower hanging fruit." (See also: Top 9 Network Security Threats in 2009)
Krein's checklist for security layers includes: a network firewall and good antivirus/anti-malware software, kept up-to-date.
He also recommends that those who have several computers in the home put a personal firewall on any laptop they are using to further protect it from infections that may have gotten into other computers in the home network. If your laptop has Windows XP, it comes with a personal firewall; all you have to do is enable it. Windows Vista has a firewall that is turned on by default. But if you're not working with a system that already has a personal firewall, software is available from most major security-software vendors.
Forgetting Wi-Fi security
How many wireless networks can you log onto at home? Can you see your neighbor's network? Sure, you only log into your own. But can you trust everyone to be so ethical? How easily could someone get onto your network and see sensitive information?
Krein advises that home networks have some kind of encryption, such as Wi-Fi Protected Access, or the newer standard of encryption known as WPA2, enabled. It is important, said Krein, to ensure your wireless router is enabled and configured for encryption and that all wireless network devices are configured properly so the security will work. It takes some time, he said, but it is well worth it.
Most newer Wi-Fi-certified devices support WPA protocol; it is just a matter of configuring it properly to work, which is information you can probably get simply from the owner's manual of your wireless router. But if you are using an older device, you may need to upgrade.
[ Also see Wireless Security: The Basics ]
Failing to separate your business from your home
While it may not be necessary in all instances of home office scenarios, Krein recommends considering the nature of your work when deciding whether or not you need to segregate your work network from your home network. Certain types of work are subject to various laws and regulations. Using the same computer for work as you do for personal business could present an ethical, or even legal, issue."
"If you are doing work that requires PCI compliance, such as working with credit card numbers, or if its medical work and you are bound by HIPAA rules, you would want to segregate your networks."
And there is also the issue of letting family members onto the work computer, which is a mistake, said Zbar. It is a common scene for a child to use a home office computer when it isn't being utilized for business, but Zbar recommends against this.
"We have different computers with printers in the house for the kids for their school projects and other things," he said
The reason Zbar insists on separation is because of the lack of control he has over what his kids might do on the web.
"You don't want to make your computer more vulnerable than it needs to be by having others web surf on it and doing things with it."
Krein handles it a bit differently in his house. He has his computer set up for several users, with administrator privileges only under his own password protected profile. If children accidentally find themselves on a site with a malicious link, it would be much harder for them to download a virus or other malware, he said.
Failing to remember your office is a place of business and is held liable as such
Zbar rarely sees clients or any other work-related individuals in his home office, preferring instead to meet them in public or at their place of business.
"For security purposes I think it's important not to have people in your home office," he said.
Zbar said he thinks it's safer not only from a security standpoint, but that there is a liability issue, too.
"What if you have someone to the office and they trip and fall?" Zbar said "I have insurance that covers me for some of that stuff, but I don't want to have to go through that."
Forgetting to back up data
Ever had a sudden power outage and lost a few hours' work? Or worse, ever fried a hard-drive and lost everything? Data backups are a simple and necessary discipline.
There are many different ways to back up your data these days. Each one comes with a different price in terms of both money and time, said Krein. One obvious solution is to buy an external hard drive and keep to an appropriate schedule for manually backing up data. The danger with this plan, however, is that you may still lose information in the event of a system failure if you haven't manually backed up yet.
Other options include online storage services, network-attached storage, and disk imaging software. All are good backup technologies, said Krein. The most important point is simply to choose a solution and use it.
Krein also recommends having an uninterruptible power supply, or battery backup, in case of a power failure.
"With a battery backup ready to go, if you lose power, you'll still have time to continue to work and make sure you aren't losing anything," he said.
There are three kinds of UPS: standby, line interactive and online. They all provide battery backup, but they work in different ways. Figuring out which one you need depends on the kind of protection you require.
Failing to consider bigger business continuity issues
If you work exclusively from home, your office is your world when it comes to your career. But many fail to consider the possibility of how to continue working if certain conditions, such as weather, or a fire, force one out of the house indefinitely.
Zbar is a vet in preparing for the worst because of his South Florida location.
"I always wonder what someone in Massachusetts or New York must think when I say, we have a storm coming, I might not be available for few days."
But these days, Zbar, who has worked from home since 1989, finds he rarely has to lose a day of productivity if a storm hits. Cloud computing gives him the ability to work from just about anywhere. However, those who have everything stored on a hard drive on a computer that has to be left at home may not be so lucky. Ditto for those who need to get their hands on sensitive documents that have no digital copy elsewhere.
"Everything you need on a day-to-day basis needs to be remembered if you are going to keep things running," said Zbar.
