Working from home: Cybersecurity tips from a CISO

These past couple of weeks have been eventful, and things are changing by the hour. Personal and professional lives have altered drastically to reduce the spread of COVID-19, as Canadians are encouraged to socially distance.

As a result, we are seeing major fluctuations in every type of business as they adapt to remote work. The research, education, and innovation sectors are no different. Employees are increasingly working from home, and student learning has moved online.

From a cybersecurity standpoint, remote work presents several additional security issues. Unsecured home networks or public networks and weak WiFi passwords are just some of the new vectors that are prone to attacks.

As part of my role in Ontario’s Cybersecurity Higher Education Consortium, I convene and advise the IT leaders at higher education institutions across Ontario – the real heroes supporting online working, teaching, and learning. As they make this quick shift to enable this at-home productivity, it is presenting many cybersecurity challenges. Here, I share some tips and best practices to help our community navigate this transition to remote work.

Physical Security

The first most basic tip for remote work is physical security. Offices are often fob or key code protected access, and often have security manning the front desk. When your home is your office, you’re responsible.

Lock your doors

When working from home, be sure to lock your doors to protect any confidential information that may be on your work computer.

Keep your devices on you

Don’t leave your work laptop or phone in your car if you are stepping out. Leave your devices at home or keep them on your person.

Know your thumb drives

If you need to use a thumb drive, make sure you know where it came from. One hacking technique is to leave thumb drives near a target computer. Only use a thumb drives if you know where it came from.

Remember your IoT

The Internet of Things is a network of internet-connected devices that can collect and share data. Any household object that is connected to the internet in your home is a gateway to your server and needs to be protected.

Update your devices

Make sure all your devices have updated software. Software updates often include fixes to vulnerabilities.

Change your passwords

Be sure to change the default passwords of any internet connected device as well as your router.

Look out for scams

Offices often have firewalls and phishing prevention as a part of the company’s cybersecurity procedure. There has been an increase in COVID-19 related scams, from phishing to fundraising. Messaging from credible sources are often directly copied, such as alerts from The World Health Organization (WHO) and Health Canada, with malicious links in the message.

Never click on unknown links or files

Always double check before clicking or downloading any links or files from an unknown source. Remember, the main website is the last part of a URL, be sure to double check it. This is also true if colleague sends you an attachment or file you were not expecting.

Install anti-virus software

Be sure you have installed and updated antivirus software on all your work devices.

Confirm invoices with vendors

Be sure to call the billing department of any company that has sent you an invoice to verify its authenticity.

Update your passwords

Keeping passwords updated and different for each device and account is an important cybersecurity basic.

Use multi-factor authentication

Use multi-factor authentication when possible, the combination of a password and a text or email verification greatly increases security.

Upgrade your passwords

Use a password manager both generate and store passwords, and use different passwords for all your accounts.


In this morning’s Open Community Call that ORION has been hosting weekly during this crisis, I mentioned a few links that should be helpful to you:

ORION’s supporting role

This is a tough time for organizations as we all move quickly to minimize harm and ensure the safety of all.

ORION is committed to providing you with best service and advice during this time. We are actively monitoring our network to ensure that it is available to all our constituents as they experience a time of greater need. We’re holding weekly open calls for our constituents so that they can share issues and solutions.

ORION is committed to providing you service and advice during this time. We’re keeping our community updated on our support activities during this pandemic, so I hope you’ll check in with us too.

In the meantime, stay safe, stay home, and wash your hands.