The Do’s and Don’ts of Working From Home

wfh.png
  • Organizations around the globe adopted “work from home” policies as a result of the COVID-19 pandemic.

  • The working environment has been significantly changed. Although the emergence of new technologies has revolutionized working patterns and offered significant flexibility and benefits to employers and employees, this sudden shift to a remote work setup has been surprisingly stressful for many employees, physically and mentally.  

  • Besides that, when you switch to working-from-home culture, your digital security culture changes as well, whether or not you are thinking about it.

Before the COVID-19 pandemic, working from home may have seemed like a perk only for freelancers. Now, many more full-time employees have experienced working remotely due to the government or employer-mandated safety requirements. If you recently joined the ranks of virtual staff due to the pandemic, your visions of remote-working life may have been dashed by reality. Furthermore, this crisis will inevitably be used as an excuse to further repress human rights defenders (HRDs) and civil society organizations (CSOs) like many other crises in the past.

Below are some of our thinking and learning around the challenges of working from home. It is not a one size fits all solution and merely as inspiration to evaluate and improve the protection of your particular situation. Also,  if you are a HRD or CSO at risk, you may always reach out to Security Matters for help.

Digital Protection

1. Have a strategy meeting with the leaders in your work. 

  • Transitions towards working from home may be happening without enough coordination and discussion of what is vulnerable in the organization’s communications, infrastructure, and/or plan for switching to digital practices. 

  • A strategy meeting can help with risk assessment and the realignment of technology platforms so you are well informed of your risk and are able to work more confidently at home.

2. Use an encrypted messaging/calling application.

  • In an office setting, we might not realize how often we communicate sensitive information that might feel casual. Despite the urgency of this moment, all of the assumptions of state and corporate surveillance still apply. So keep that in mind with the use of your digital devices. 

  • Use a trustable encrypted messaging/calling application like Signal in place of SMS text messages and phone calls. Encrypted apps can help with keeping those calls discrete. 

3. Use encrypted video conference:

  • Now that many meetings will be digital, people will be using video conferencing more frequently.

  • There are many platforms that can be used for video conferencing. It is important that the service you are using is with end-to-end encryption (e2ee). Below is a guide from Front Line Defenders on selecting your messaging and conferencing tools.

4. Use a Virtual Private Network (VPN) or the Tor Browser.

  • VPN helps to put some distance between your home network, sensitive organizational information, and places you might visit on the internet by privatizing your network traffic and bypass filtering happening at your internet service provider. VPN also makes sure that cybercriminals can’t find you by using your IP address. 

  • Front Line Defenders recommends: 

    • Some free options: Psiphon, RiseUp VPN, Proton VPN, TunnelBear (limited to 500MB), Hideme (limited to 10GB), Hoxx, Speedify (limited to 2GB), Lantern (limited to 500MB), Intra, Windscribe, SecurityKiss (limited to 9GB), Calyx VPN

    • Some paid options: Express VPN, Mullvad, Tor Guard, Private VPN, ibVPN

  • Any HRD that needs a VPN coupon may reach us at [email protected].

  • Another option is to use the Tor Browser. This option is free and provides real anonymity but does not always load multimedia heavy sites. 

5. Adopt a password manager.

  • Use a password manager like KeePassXC to keep your passwords safe offline.

  • If you need to use an online password manager consider Bitwarden but make sure you set up 2-factor authentication to log in to your collection of passwords and note that there are new risks introduced by storing passwords online.

6. Offer training for any new technology or processes.

  • Offer training and/or User Acceptance Testing (UAT) for any new technology or processes that you are going to introduce or require, and communicate the expectations to the entire organization. 

  • Not offering security training is almost analogous to not offering security itself, since an entire network is only as secure as their employees who wanted to implement the change but were not set up to do so.

7. Beware of phishing scams.

  • Ask your colleagues about any links or attachments coming through email or messages that you were not expecting or that seem strange.

  • Cybercriminals can trick you into clicking a link or open an attachment that introduces harmful software to your computer. So if you are not sure why your colleague is sending you a document urgently needing your signature or directing you to a strange website, check if they really sent it.

8. Tighten your home's wireless security.

  • Update your wifi router’s firmware.

  • Set the wifi network access password so you need to provide the password to connect to it. Make this password strong and change it from time to time. 

  • Change the default administrator password of your wifi router and disable logins from outside of your network. You can make all those changes if you log in to your wifi router. Search for your router manual to learn how.

9. Update your connected devices.

  • Every device connected to your network may have vulnerabilities. 

  • Take an inventory of your connected devices, e.g. phones, tablets, voice assistants, computers, internet-connected cameras, etc., and check to see if they have any available updates.

10. Encrypt your computers and shut down all computers when you are away.

  • Setup full disk encryption with FileVault for Macbooks, or BitLocker for Windows users.

  • Shut down your computer especially if it contains highly sensitive data when you walk away as full disk encryption will not work if your device is logged in.

  • Also, switch on your operating system firewall and use antivirus protection. 

Physical Protection

1. Plan your working space.

  • Look for a place or room where you can work and talk about sensitive issues. 

  • Some things that you should consider when planning your workplace:

    • Can people see your computer screen or desk from the outside?

    • Is the place easily accessible?

    • How to avoid your housemates seeing you working or overhear sensitive conversations?

  • Get in the habit of always locking your doors. 

2. Never leave your devices or laptop in the car.

  • It’s a best practice to keep work laptops and devices on your person at all times while on the road. 

  • The boot/trunk of your car is not any safer. There may be criminals watching the parking lot from afar, waiting for their next victim.


3. Never leave your work around the house.

  • Stay organized and protect sensitive information,  even if you are staying alone. 

  • Consider locating some good hiding places and getting lockable drawers or cabinets. 

4. Consider using a simple surveillance system of your designated working space.

  • The simple surveillance system can be simple traps or even a CCTV to detect if someone has entered your workspace or moved something on your desk. 

  • There are apps such as Haven that enable you to use your old Android phone to monitor activity occurring in the vicinity of the device.

5. Prepare emergency numbers.

  • Always have a list of emergency contacts and have them handy, e.g. written/printed and stuck up on the wall, saved in your phone, and kept in your wallet.

  • Consider having a security contact who will take measures to find you if you do not check-in at certain times.

6. Have an evacuation plan.

  • Know and familiarize yourself with your emergency exits.

  • Some people also have a pre-packed bag that they keep next to the exits, that contains copies of sensitive documents, cash, phone charger, power bank, medication, and other items that you would want to have with you.

Emotional Protection

Since the pandemic began, many of us have started working from home. This sudden shift to a remote work setup has been surprisingly stressful for many, and it will inevitably take some time to get used to.

1. Have someone to talk to.

  • The sudden lack of physical connection can leave people feeling they have nowhere to turn when they feel stressed or anxious. People feel more alone, without the necessary support they need.

  • If possible, have someone that you trust to talk to about your current state of being, to share some of your current thoughts and emotions.

  • If you are a people’s manager, schedule time for regular one-on-one catch-ups with your team members, to show care, support, and avoid isolation.

2. Maintain boundaries between your personal and professional lives.

  • Keep a regular schedule of your work and stick to it as much as you can. Treat work time as if you are in the office and personal time as you would be away from the office. Shut down your working laptop/phone when you are finished with work.

  • Have planned breaks from screens.

  • If you can, have a separate place at home which will be your workspace, and do not work all over the house or the place where you eat or rest.

3. Stay healthy.

  • Working from home might be here to stay. Make sure you eat healthily, sleep enough hours and at the right time for you, and exercise regularly. 

  • Go outside each day for a walk, breathe in the fresh air, if you are not under quarantine.

  • Don’t forget to stretch, walk around, or stand up at least once an hour while working.

4. Don’t be too hard on yourself.

  • Don’t force yourself to push through unproductivity. Taking the right amount of breaks actually helps us be more productive, and accomplish higher-quality work at that.

  • It's okay to have moments and days where the events get you down, and you don’t feel like you’re doing your best work. Be gentle with yourself. We’re all just doing our best. 

As much as these tips can make your life easier in small ways, if you’re struggling with stress and anxiety over your work during this time, it can still be hard to focus and practice good mental and physical health. Check out the many networks that are putting together information on well-being during the pandemic, as well as online activities such as yoga, dancing, exercising sessions, discussions, chit-chat sessions, and webinars to help go through this difficult time. 

Consider this as an opportunity to do more of the things that you didn't have enough time for before: reading, writing, playing games, watching films, spending time with your loved one, etc. 

While now might be a challenging time, challenging times are the best times to become a better person. While we are all going through this, know that once we do, we will be stronger, more agile, more empathetic, and more on our game in every aspect of life - work and otherwise.

Other guides:

Previous
Previous

Phishing Attack: How is It Engineered and How to Prevent It

Next
Next

Basic Digital Security Hygiene