With the pandemic turning the business world upside down, offices look less like hives of activity and more like ghost towns. Employees have had to make do with working from home, a dangerous proposition from the perspective of any risk-averse IT administrator or security officer.It\u2019s a given that a modern corporation will provide security to protect its business, employees, and secrets. In addition to outfitting every computer with endpoint detection and response (EDR) software to thwart malware, there\u2019s usually access to a virtual private network (VPN) to shield communications from prying eyes and automatic updates to its operating system and apps with the latest security patches.Still, those who work from home (WFH) will have to forgo some of the defenses that are taken for granted in at the office, like the company\u2019s robust firewall and in-person tech support. Even if they\u2019re outside the office\u2019s protective sphere, there are several extra defensive layers that, with a little effort, WFH employees can use to raise their (and the company\u2019s) security profile. Together, they constitute a beefed-up defensive posture to help avoid the hackers, industrial spies and the malware purveyors out there waiting to steal the company\u2019s secrets and burrow into its internal network.These supplemental WFH security tips should be a part of any organization\u2019s security awareness training for remote workers. Most can be done in less than a minute and don\u2019t require any special knowledge. I\u2019ve shown how to do it on one platform but the concept can be extended to the other popular operating systems.1. Encrypt for safetyIf your company is security conscious, there\u2019s a good chance it encrypts computers it owns so even if one is lost or stolen, its data will remain hidden. On the downside, encrypting a full drive can seriously slow down a computer. A good compromise is to use an encryption program to scramble critical or confidential files. That way, if they fall into the wrong hands, they will be unreadable without the correct decryption key. There\u2019s good news for phones and tablets, as well, because Samsung\u2019s recent Galaxy products include the Secure Folder app that encrypts files using the company\u2019s Knox technology. The best part is that the files can be opened with a password, fingerprint or facial scan. Brian NadelSamsung Knox security folder2. Lock out flash drivesA large security hole is left wide open if WFH employees can move data onto and off systems using a flash drive. You can warn them of the danger, and Windows 10 lets you limit how data can enter and leave the computer. Start by typing \u201cgpedit\u201d in the search box to open the Group Policy Editor. Next, click on the System folder to get to the Administrative Templates folder. After you open the Removable Storage folder, there are ways to lock out the use of CDs, DVDs and even antediluvian floppy disks. There are two options: \u201cDeny read access\u201d to prevent incoming malware and \u201cDeny write access\u201d to prevent company data leaving the system. Use both for extra security. Brian NadelDeny read access on removable devices\u00a03. Use home ISPs' security tools and servicesYour computer and often phone and tablet will have your company\u2019s EDR software to protect against malware outbreaks. The software not only monitors the system\u2019s behavior to identify the early signs of an attack or intrusion but can safely roll back its set up to a state before the attack took place. This can happen without the user even knowing an attack took place.Employees\u2019 internet service providers (ISPs) can play a role as well, and you should encourage them to take advantage of the security tools and services they offer. For instance, my internet provider recently suggested uninstalling QuickTime for Windows, which is no longer supported and can be a hacker\u2019s point of entry. Many ISP business packages include managed security with a focus on malware detection, proactive monitoring, and frequent reports on attempted break-ins.4. Turn on the home router\u2019s firewallThe company\u2019s hardware firewall at its base of operations protects its network and clients from intrusion by monitoring activity at its ports and stopping any unexpected actions. Sure, the notebook the company issued you has a software firewall to prevent outsiders from getting in, but your WiFi router\u2019s firewall can help as well.Start by updating the router\u2019s admin name, password and firmware because using generic log-in data or old firmware is like putting a big bullseye on it. While different routers activate their firewalls differently the process is similar. Using my Linksys WRT32X, I started at the \u201cAdvanced Settings\u201d section of the menu and clicked on \u201cLocal Network Settings\u201d. After I opened the \u201cMore Settings\u201d section, I flicked the firewall software \u201cOn\/Off\u201d switch. Now, the system will have an extra layer of protection from hackers. Brian NadelSetting up a home router firewall5. Use only the company\u2019s approved video platformWith most of the business world working from home, using video for personal interactions with colleagues, contractors, and suppliers has become the only game in town, but some platforms are more secure than others. For instance, if a contractor wants to chat about an upcoming project over Zoom or Whatsapp but your company uses Teams, employees should say no and suggest using the company-approved platform. There are too many things that can go wrong, like vulnerable file sharing and Zoom-bombers listening in.6. Use a webcam coverWhile we\u2019re on the subject of video, employees should keep the system\u2019s web camera covered when not in use. Leave it open and who knows who could be watching their work, or worse. Some notebooks, like HP\u2019s Elitebook Dragonfly, have a physical webcam cover that blocks the camera from snoops. For other systems, cheap slide cover accessories or a piece of a Post-it note placed over the camera\u2019s lens work just as well.\u00a07. Never connect with public WiFiMost companies have this as policy but it\u2019s worth repeating: Employees should always use a secure connection to the company\u2019s servers so that there\u2019s a lower chance someone is eavesdropping on the data flow, including avoiding public WiFi at airports, coffee shops, and hotels. If an employee\u2019s home broadband can\u2019t keep up, they can try using the hotspot ability of the company-issued phone or tablet. For iPhones and iPads with mobile data, this starts with tapping on \u201cPersonal Hotspot\u201d on the device\u2019s \u201cSettings\u201d page. Then, flick the switch to \u201cAllow Others to Join\u201d. The network\u2019s password is listed along with connection instructions. Brian Nadel8. Put data in its placeEvery company has its own rules and policies on how data should be securely stored and working from home doesn\u2019t change them. If your firm requires that little or nothing is saved locally or you have to use its online data storage system, continue to do so. Changing data habits at home by saving work files on a computer or sending them to a personal online storage account is just asking for trouble.9. Use multi-factor authenticationOne sure-fire method of increasing WFH security is to add multi-factor authentication (MFA). It can protect the iPhone, iPad, or Mac Apple ID account that the company set up for you from being hacked. To add two-factor authentication on a Mac, go to the \u201cSystems Preferences\u201d section of the main menu and open \u201cApple ID\u201d. Then, go to \u201cPassword & Security\u201d to open \u201cTwo-Factor Authentication\u201d. Once it\u2019s running, a six-digit code will be sent to a trusted device or phone via a text message or automated call. That code is required to open the Apple ID account. Brian Nadel10. Set household guidelines on web hygieneFinally, it\u2019s a good idea to give WFH employees good digital hygiene guidelines that they can share with the whole family. Attackers are targeting WFH employees with scams aimed at grabbing passwords or injecting rogue software onto their systems. Here are some examples of advice to pass on:Avoid online dangerous places like porn sites or free movie or file-sharing sites, and if your browser can block questionable sites, do it.Never tell anyone online your personal info or passwords. You don\u2019t know who they actually are and where the data might end up.Check the URL you\u2019ve typed for accuracy because site squatters with malicious web pages are just a mistyped key away.Above all, be skeptical about anything you read online; it might be a trap.Similarly, be cautious with email. Emails at first glance can look legit, but could have an embedded link to a sophisticated identity theft scam or ransomware. If the sender\u2019s address looks strange, has grammatical or typographical errors, lacks a company logo, or doesn\u2019t have company identification details, pass on opening it. It could be the smartest thing you do all day.