In most companies, the connection of the home office took place immediately, i.e. without the necessary preparations. Video conferencing, cloud applications and mobile devices make decentralized collaboration much easier. However, these infrastructures also open up new points of attack for cyber criminals. In addition, there are thousands of outdated computers, unsecured routers and poorly protected WLAN connections that suddenly provide access to companies' sensitive data. But how can companies still successfully protect their employees' home workstations from hacker attacks under these conditions? The following 10 golden rules will show you how:

1. All employees who are connected to the company network should receive binding and clear regulations for the protection of IT and data in the company - in writing.
   
   
2. Protect end devices from attacks from the internet. The current need for information during the coronavirus crisis is increasingly being exploited by hackers. Malware is being smuggled onto computers via fake websites, emails or graphics that appear to come from trustworthy sources. The German Federal Office for Information Security (BSI) warns citizens and companies of the increase in such attacks. The best protection against attacks from the Internet is a virtual browser developed by the BSI. If this is used, cyber criminals don't stand a chance.
   
   
3. Protect data on end devices. Organizations with high security requirements in particular should equip their employees' end devices with hard drive encryption. Only authorized users can then use multi-factor authentication to access their data and the operating system. If the device is lost or stolen, it is not possible for third parties to access the data.
   
   
4. Basic security measures. The workplace at home should be physically secured by locking doors and blocking screens. It is also advisable to cover the webcam on the computer or laptop when it is not in use and to switch off the microphone when not in use to prevent potential espionage attacks.
   
   
5. Secure your home WLAN connection. The default administrator password should be replaced with a new, strong password and WPA2 encryption should be activated.
   
   
6. Updateoperating systems, web applications and apps. All of a company's IT technologies must be up to date - this is essential protection against hackers. All employees should therefore carry out regular updates and work with the latest system version.
   
7. Beware of fraudsters. Attackers use deception and trickery to obtain passwords, bank details or access information. For example, they send e-mails that look deceptively genuine. In addition to phishing, caution should also be exercised with calls, text messages, social media content and fake messages sent via messengers. In times of dramatic change, this so-called social engineering represents one of the greatest risks in the home office.
   
8. Companies should use secure communication channels to connect the tablets, smartphones or PCs of employees working from home to the company network. Virtual Private Networks (VPN) are recommended. They establish connections between the end device and the company network via a "secure tunnel".
   
   
9. Usestrong passwords. Passwords protect applications from unauthorized access. The more complex and unique passwords are, the harder they are to crack. Multi-factor authentication, for example using a PIN, fingerprint or password, provides additional protection against access by unauthorized third parties.
   
   
10. Protect data in the cloud. Cloud applications and collaboration services are ideal for decentralized working. However, the protection mechanisms of cloud providers often do not meet the security requirements of a company. There is a risk of data espionage and compliance breaches. The solution is data-centric protection: placeholders are placed in the cloud that only contain metadata that is necessary for collaboration and workflows. The user data worth protecting is fragmented and stored in the company network or at a different location.

Dr. Falk Herrmann, CEO of Rohde & Schwarz Cybersecurity