Security of Work from Home
Home > 
Security of Work from Home
< back

Security of Work from Home

During the outbreak of COVID-19, many organisations have arranged for their employees to work from home to achieve social distancing with a view to reducing infection risks. Schools have also arranged remote learning for students. While working or studying remotely through various information technology (IT) solutions, organisations including schools should be aware of the potential IT security risks and proper security measures should be put in place. Below are some tips for all parties including organisations and individuals to maintain a safe and secure remote working or learning environment.



Security Tips

Keep your computing devices secure
Install personal firewall and anti-malware software with their definition up-to-date
Ensure all software and firmware are patched and updated
Enable security features to prevent unauthorised access to your devices
Secure your network
Avoid using public Wi-Fi network to handle sensitive information
Use secure connection to your working environment (e.g. use Virtual Private Network (VPN))
When using Wi-Fi at home, make sure it is using WPA2 or WPA3 encryption technology. Do not use WEP and WPA which are vulnerable.
Install firewall, intrusion detection system (IDS) and intrusion prevention system (IPS) to enhance network security.
Protect your user accounts
Adopt strong passwords and/or multi-factor authentication for remote login to prevent unauthorised access
Do not share your personal accounts with others
Log out remote access account when not in use
Protect your data
Back up your important data and keep the backups in a secure, off-site location
Adopt data encryption when storing sensitive data in storage devices or cloud storage
Do not overshare your personal data in social networking sites
Be aware of phishing scams
Do not visit any websites by clicking links in suspicious emails / websites
Do not open / download email attachments from suspicious sources
Be cautious before submitting any personal / sensitive information through emails / websites
Provide adequate support for remote working (applicable for organisations including schools)
Remind employees to comply with the information security guidelines and policies of your organisation and report to the organisation’s IT support staff if any security issues are found
Ensure employees working remotely have good awareness of the IT support facilities and correct configuration for the devices
Ensure the incident response plan and business continuity plan are up-to-date to cover staff working remotely
Additional Resources

Some references on security of work from home and what you need to know:

1.
InfoSec website - Protecting against Malware
2.
3.
InfoSec website - Make Regular Backups
5.
6.
Education Bureau website – Cyber Security in Schools
7.
The Office of the Privacy Commissioner for Personal Data, Hong Kong website - Protecting Personal Data under Work-from-home Arrangements: Guidance for Organisations
7.
The Office of the Privacy Commissioner for Personal Data, Hong Kong website - Protecting Personal Data under Work-from-home Arrangements: Guidance for Employees