Home Office Security – TOP 14 Actions Checklist (2024)

What does good home office security look like ?

What is different? More dangerous or more secure?

This guide gives you 14 concrete tips on how to continue IT security in the home office.

Let’s get started!

What’s different about working from home?

The biggest difference from an IT security perspective is that the employee computer is no longer physically located in the company’s computer network.

Normally, the employee computer is located in the internal network. There it is “better protected”. One or more firewalls prevent serious attacks. The internal network is significantly more powerful than the public lines. A modern company network will provide 1 to 10 gigabits per second in 2024.

What are the risks?

• If the company is infected with ransomware, the malware cannot usually spread as quickly through the slow VPN lines.
• A social engineering agent (criminal) can steal fewer laptops with hard drives because these are stored at the employee’s home. Unguarded and “just locked” laptops remain in the open-plan offices during the lunch break. A third party can collect these and extract the data from the running Windows computers.
• In a private home, a family member or neighbour is more likely to notice if a criminal is tampering with a company laptop. In the anonymous atmosphere of an open-plan office, it may be a new colleague and those present will not take action.
• If the company’s internet goes down, employees can at least continue to use public resources without a VPN.
• The location of the employee laptops in the home office is unknown – in contrast to the company’s public address.

What makes it difficult?

IT security has more work to do because the VPN makes the update and patching processes more slow and unstable. Many operating systems and software update themselves via the public Internet, but centralised changes still have to be rolled out to company laptops.

The variety of private hardware (monitor, printer, mouse and keyboard) dramatically increases the security risk. Security issues such as unpatched printers, routers and malware on USBs increase the risk of infection.

Instead of waiting for IT support, some employees may switch to private computers and store confidential information there (unprotected).

14 Tips for More Home Office Security

If you work from home, you should follow these tips to keep IT security at a high standard and not give criminals a chance.

#1 Use a VPN with 2FA

An encrypted, encapsulated connection to the company network is the be-all and end-all of a secure home office. The user should only activate the virtual private network with a 2-factor authentication: a long password (14 symbols) and a one-time password are mandatory.

The VPN (Wireguard or IPSec) is the basis for enabling work in the home office at all, because internal servers would never be accessible.

#2 Full encryption of the hard drive

Every home office laptop should be equipped with Bitlocker or LUKS. When switched off, the Windows hard drive is secured and the device does not reveal any secrets, even if a hacker breaks into your private home.

Click here for the guide

#3 Only use encrypted connections

Many companies use unencrypted connections within the company, e.g. to an update server.

These should all be encrypted with HTTPS or FTPS so that a hacker who has slipped through the VPN has no chance to play the man-in-the-middle.

#4 Spear your screen

Most employees are used to locking their computer when they go into a meeting or visit the toilet. In the home office, many employees find this unnecessary. Every employee should be prepared for all eventualities.

#5 Secure WLAN router

Wi-Fi routers are your home’s connection to the internet.

This point must be protected with a secure and particularly long password. The BSI recommends 18 characters or more. Otherwise, criminals could use a brute force attack to impersonate you.

#6 Separate private and office

Some employees may increasingly use end devices for private and business purposes (bring your own device, co-operate owned, personally enabled).

This trend increases the risk of malware and (illegal) private data ending up on laptops. For this reason, employees should use their own laptop or desktop computer to ensure a strict separation of activities and storage areas. The same applies to accessories. A backup hard drive / USB stick should not also be used privately. You can use a monitor, mouse and keyboard for your private and business setup.

#7 Clean desk at the end of the day

Many companies have introduced a clear desk policy because employees can work at any desk.

Every employee should take / lock away or destroy all documents when they go home in the evening. After hours in the home office, prying eyes could leak a critical document from an untidy desk.

#8 Shred printed documents properly

Some prehistoric employees 🙂 prefer paper and pen.

Herzog von LiebtPapier prints out the important documents from the meeting beforehand and takes notes. The unnecessary paper ends up in the waste paper basket. Stop!

Herzog von LiebtPapier is not allowed to dispose of internal company information in the household rubbish. A criminal vole does not shy away from the rubbish bins to steal information. Collect all “rubbish documents” to transfer to the data trashbin at work. Alternatively, the employee can use a paper shredder at home with sufficient classification (P9).

#9 Ensure connection to update channels

The use of VPN complicates update processes.

Ensure that Windows Update and other software update channels are active in the home office. Prompt patching of critical updates is important to prevent the spread of ransomware. Decentralised patching reduces the load via the VPN.

#10 Security awareness training anywhere and at any time

Security awareness training should be completed by employees in the home office as well as in the office. Employees should be trained on phishing and social engineering attacks at regular intervals.

The trainer can actively organise online training courses to strengthen the “weakest link” in IT security.

Steffen Lippke

#11 Backups are a must

Backups are the last resort.

Backup software is a dime a dozen on the Internet. The software must work!

Check whether the backup works reliably with the VPN. Alternatively, create a backup on a local hard drive provided by the company. Check whether the intervals are set correctly and whether the last backups have run through completely.

Other companies stipulate that only the “most necessary” work data is stored on the local laptop. All other data is stored on the network drives / clouds, which you can only access via the VPN.

#12 Do not use private hardware

When it comes to IT security, the devil is in the detail. Private USB sticks, mice and keyboards can be infected with keyloggers and other malware. The company should provide all devices to eliminate this risk. Avoid using your own hardware and do not transfer data with private USB sticks.

#13 Careful handling like in the office

Don’t be tempted to handle confidential information differently in your familiar surroundings. This applies to phone calls, written communication, virtual coffee breaks or kitchen table chats.

Steffen Lippke

The homely atmosphere can tempt you to chat a little too much in a meeting. Try to protect confidential information with the same seriousness and care.

#14 Meetings, but protected

You have quickly arranged a meeting with teams and are chatting with your boss about very critical topics that must not be made public. A co-working space, the railway or a park bench are not confidential places.

Make sure that when visitors (for other family members) are in the house, the doors are closed. The same applies to windows. If the walls are made of paper, you should favour a change of location or upgrade.