Convalesco

Current revision: 0.4

Last update: 2017-03-22 18:42:07 +0200 UTC

We cannot solve our problems with the same thinking we used when we created them.

A. Einstein


Security Policies for Remote Workers

Date: 01/10/2016, 10:25

Category: technology



One of the perks of telecommuting is the ability to work from anywhere. All we need is good internet connection, coffee, a laptop and the game is afoot!

Along with great perks come responsibilities! Traditional companies, can enforce security policies at the office. Telecommuters have to take care of security themselves.

Here are a few standard practices that are easy to implement and can save us and our co-workers from unpleasant situations.

Use disk encryption

A laptop or even desktop computer can be easily stolen from a house or office. Even more so from airports, coffee shops, hackathons, co-working spaces and other populated venues.

IT related venues are more dangerous. It is unlikely for a regular user to search the contents of your ~/.aws directory but a geek knows how to use AWS credentials.

Luckily for us, every major operating system supports transparent encryption these days. Once the encryption scheme is setup, we don’t have to manually encrypt or decrypt data.

Microsoft Windows features an advanced encryption system called Bitlocker. Apple MacOSX ships with an equally advanced encryption system called FileVault while GNU/Linux has multiple solutions.

It is good practice to keep a printed copy of your encryption key(s) in a secure place.

Encrypt your backups

If your drive contains sensible informations, like the ones discussed above, then your backups should be encrypted too. MacOSX supports encrypted time machine backups. Microsoft Bitlocket supports encrypted backups too.

For GNU/Linux there are multiple solutions like duplicity, tarsnap, etc.

Disable automatic login

Disable automatic login. Make a password is required to access the computer when the screensaver kicks in or the computer goes to sleep.

Avoid having your keyboard unguarded when you’re not around.

Avoid illegal content

Downloading illegal content is… well illegal!!! Morality aside, using the working computer to execute programs dowloaded illegally should be strongly avoided for security reasons. Most torrents come with all kinds of malware.

Ability to wipe mobile devices remotely

Our mobile devices should be considered an extension of our workspaces. Mobile devices like tablets or phones can be lost or stolen easily. It is a good idea to enable the ability to remotely wipe our device. Android and iOs devices support this feature.

Use strong passwords

Better let XKCD author, Randall Munroe do the talking:

xcd

Using the same password everywhere is equally bad. If you need to access multiple websites daily, try using a password manager like 1Passwd, Lastpass, KeePass and many others. There are tons of password managers with varying levels of browser integration.

You might want to check out Edward Snowden on Passwords.

Enable 2FA

Two-Factor Authentication (2FA) provides identification of users by means of the combination of two different components. The most common 2FA system is Google authenticator. Google Authenticator can be installed in any iOs or Android device.

Popular websites like Google, Dropbox, Slack, Github and many others have support for 2FA. It is a good practice to use 2FA whenever possible.

For the truly cool kids, there are toys like the YubiKeys. Yubikeys would make an inspiring present for any security oriented geek.

Remember, when enabling 2FA make sure you print and store your fallback codes in a secure physical place. Some companies, AWS is an example, do not give away fallback codes upon enabling 2FA. You can take a screenshot of the 3D barcode and save it to a safe place.

HTTPS Anywhere

The HTTPS protocol is omnipresent these days. However, to avoid mistakenly accessing a website non-https version, browser extensions such as EFF HTTPS everywhere can act as an additional level of security.

Use common sense

This is the most underestimated and at the same time the most effective security measure: common sense. There is no security precaution that can prevent lack of common sense.

When everything fails

In case your hardware was lost or stolen, notify the sysadmin team immediately.

Good luck, stay secure and strong!