How to Stay Secure When Working Remotely

Do I need a VPN?

A VPN (Virtual Private Network) is simple software that creates an encrypted connection between your device and the internet. If you’re interested in a much more detailed explanation, you can read our What is a VPN guide .

If you’re a freelancer, whether you need a VPN or not largely depends on the type of work you do. Answering the questions below will help you decide whether to get one.

• Do I work with sensitive information? This can include and is not limited to:
  • financial data
  • personal data
  • commercially sensitive data
  • anything your client wouldn’t like to be made public
• Am I looking at things online that I wouldn’t want to be logged by my home ISP and used to market to me? This could include:
  • research on controversial topics
  • medical and health material
  • any topic you wouldn’t want to be associated with

If you answered ‘yes’ to either of the above, you should strongly consider investing in a reliable VPN. This will encrypt your connection, hiding your online activities from your ISP and anyone else who may be on your network.

If you do not deal with sensitive data and are not concerned about your ISP logging your activities, you won’t need a VPN. An example of this would be if you’re a graphic designer working from home.

For those who do need a VPN, this raises the question of what type of VPN would be best for you. Answering the questions in the following section will help you make the right decision.

What sort of VPN do I need?

To keep your browsing activity private, you will need a VPN. This section will help you choose one right for you.

• Do I need to access my clients company networks? This could be to:
  • access company data
  • use tools or services located on their network, such as VOIP software

If you answered ‘no’ then you should look into a consumer VPN. This is the standard type of VPN many use at home to protect their personal data and access geo-restricted content.

If you answered ‘yes’, you will need to be given access to your clients company VPN. This will allow you to access data stored on the company’s servers safely via the cloud or by directly connecting to the company server.

Depending on the size of your clients business, they may be using a VPN for small business or an enterprise VPN. These VPNs are similar but have some key differences which you can read more about in the next section.

Do I need a VPN?

A VPN (Virtual Private Network) is simple software that creates an encrypted connection between your device and the internet. If you’re interested in a much more detailed explanation, you can read our What is a VPN guide and then come back.

Whether you need a VPN or not is dependent on your work requirements. Answering the following questions will help you decide whether you should get one.

• Do I work with sensitive information? This can include and is not limited to:
  • financial data
  • personal data
  • commercially sensitive data
  • anything your client wouldn’t like to be made public
• Do I require access to the company network? This could be to carry out the following activities that would usually take place in office:
  • accessing data stored on the LANs
  • using software like VOIP or custom tools

If you answered ‘no’ to these questions, you do not need a VPN.

If you answered ‘yes’ to either or both, you should strongly consider a VPN. In fact, anyone needing to access their company network will be unable to without one.

Carry on reading the next section to find out which type of VPN will work best for you.

What sort of VPN do I need?

The type of VPN you need will depend on what data and tools you need for work. Answering the following questions will help you workout which one is best for you.

• Do I need to access data stored on the company servers? This could include:
  • VOIP software
  • confidential data
  • custom office tools

If you don’t, a consumer VPN will do the job. This will encrypt your connection through a remote server and is what most people have for personal use.

If you answered ‘yes’, please consider the following:

• Do I need to access data or tools stored at a secondary office? This could be another company office elsewhere in the world.

If you work for a small business then this probably doesn’t apply to you. However, if you are needing to access servers elsewhere for work then you will need to use an enterprise VPN.

The next section goes into this type of VPN in more detail. You can jump to it by clicking here.

If you do not need this type of accessibility, a small business VPN will be right for you and your team.

The language surrounding small business and enterprise products can be confusing, so we break down what a small business VPN is for you below.

What is a small business VPN?

A small business VPN, like a standard consumer VPN, encrypts your connection, making traffic unreadable to hackers or your ISP. However, VPNs for small business can also:

• Route clients internet traffic to specific servers. These are often separate from those reserved for consumer VPNs to free up more server space for corporate clients
• Allow employees to connect to company infrastructure via the cloud. An example of a VPN that does this is NordVPN Teams
• Provide their client with a dedicated IP address. This can be white-listed on their local network and connected to by those needing to access company infrastructure. As this connection happens via the cloud, no installation needs to take place on the physical LAN server

Different VPN providers offer different additional functions for small business VPNs, but they generally provide a simple package for those with basic needs such as security and connecting to a central office network.

If you manage a small company and need a simple solution to secure your employees traffic and grant them access to company infrastructure, a small business VPN is right for you.

An example of a VPN for small business is NordVPN Teams, VyprVPN and Perimeter81.

Do I need a VPN?

A VPN (Virtual Private Network) is simple software that creates an encrypted connection between your device and the internet. If you’re interested in a much more detailed explanation, read our What is a VPN guide and then come back.

As with small businesses, whether you need a VPN or not depends on your work requirements. Answering the questions below will help you decide whether or not you need one.

• Do I work with sensitive information? This can include and is not limited to:
  • financial data
  • personal data
  • commercially sensitive data
  • anything your client wouldn’t like to be made public
• Do I require access to the company network? This could be to carry out the following activities that would usually take place in office:
  • accessing data stored on the LANs (Local Area Network server)
  • using software like VOIP or custom tools

If you answered ‘no’ to both of the above, you do not need a VPN.

If you answered ‘yes’ to either or both, you should strongly consider a VPN. In fact, those who need to access their companies LANs will need a VPN to do so.

For those needing a VPN, the section below will help you chose which one is right for you.

What VPN do I need?

While many working for large businesses will need an enterprise VPN, some may do just fine with a consumer VPN or VPN for small business. Consider the questions below to see which VPN you need.

• Do I require access to the company network? This could be to carry out the following activities that would usually take place in office:
  • accessing data stored on the LANs
  • using software like VOIP or custom tools
• Do I require access to multiple company networks in different locations?
• Do I have any other requirements outside of securing my connection to the office LANs?

If you answered ‘no’ to all of the above, you should consider a consumer VPN. This will encrypt your connection and protect your data from anyone else on the network, ensuring that any confidential information you’re dealing with remains safe.

If you answered ‘yes’ to only the first question, a small business VPN may work for you. You can read more about this type of VPN in the previous section, which you can jump to here.

However, if you answered ‘yes’ to all of the above questions, you will need an enterprise VPN. Read on the next section to find out more about this type of VPN.

What is an enterprise VPN?

Enterprise VPNs offer the same encrypted, secure connection that all VPNs do. However, they have additional features which set them apart from both consumer and small business products. Enterprise VPNs:

• Are typically installed physically in the corporate LAN (though many companies also offer cloud-based services)
• Provide access to all LAN based services
• Are generally customizeable, meaning extra functions can be added to facilitate your companies specific needs

The ability to customize enterprise VPNs is the key difference between them and small business products.

For example, large corporations may need to give their employees the ability to connect to other global office networks as well as their own LANs. An enterprise VPN can be configured to make this possible.

An enterprise VPN is great for large businesses with specific needs who want to give their employees the ability to access company servers while securing their connection.

Examples of enterprise VPNs are Cisco and NordVPNs enterprise product.

Our USB solution is just one remote working solution of many. It won’t serve every need, but as we have road-tested it (in fact, it’s what we’re using right now) we know it works.

With that in mind, we have created a step-by-step guide for those of you who would like to use it. It gives employees an easy way to work in a secure environment, with access to company specific tools and a protected online infrastructure.

This guide can be used as-is or to inspire your own custom solution.

Why did we decide to create this custom USB solution?

We decided to create an operating system on a USB stick for use by our staff for several reasons:

• We wanted to let staff work from home as soon as possible given the developments in the COVID-19 pandemic and our desire to keep employees safe
• Our staff tend to use desktop machines and we have a limited number of laptops available to take home. We didn’t want to buy new machines which take time to be delivered and would eventually leave us with surplus computers
• We wanted staff to work in a “known” environment, where we know what programs are installed and can ensure there is no malware on the system

What were our requirements?

• Security, so we don’t have to worry if a staff member loses the the USB Stick
• Allows access to our office VPN
• Supports LastPass, our companies’ choice of password-management solution
• A light solution that works on older machines. All our staff have reasonably modern laptops (Mac and PC) or PC desktops at home, but we wanted this to work on older machines
• Accessibility to the office network. We have resources that are only accessible from our office network, and made a company VPN so staff could access them
• To create an internet-connected environment that works within a modern browser. We work primarily in a browser-based environment and didn’t want our solution to affect or cause any permanent change to our staff’s home computers

How did we do it?

We decided to build a bootable USB stick based on Linux Ubuntu Desktop 18.04 LTS , a modern operating system that is currently supported with software updates. It also has driver support for a large number of different components that can be found in peoples’ computers.

We had to build a separate bootable USB stick for PC and Mac due to Mac booting working differently to PC.

What flash drive did we use?

We decided to use the Samsung Fit Plus USB Drive, which is 64GB in size. It supports USB 2 – USB 3.1 and has data transfer speeds from 200-300Mbs (based on drive size.) It also has great performance for reading and writing of small files, is physically small, has a handy notch to be attached to a key-ring and is a reasonable price per unit.

We recommend you use the same USB sticks for all cloned drives as this will remove any potential complications from duplicating the stick to other USB flash drive types.

Process overview

• Creating an Ubuntu Installation USB to boot from
• Creating a master image with the Operating System installed, a default user account, software (including VPN)and templates ready for configuration
• Making an image of the USB stick ready for duplication
• Duplicating the USB onto new USB Sticks
• Booting each stick and configuring individual VPN connections

PC Image Setup

You will need two USB sticks for this process. The first will be used to create a bootable Ubuntu USB stick to run the installation from. The second will be used to create your company USB stick master image. You’ll then need as many USB sticks as you have employees wanting to use this system.

The easiest way to approach this, and one which ensures you create an encrypted USB, is to disconnect the hard drive of your computer. This will make sure that the installation process handles the setup correctly and doesn’t put your existing data at risk of being lost. Doing this will also reduce the steps required to build an encrypted USB stick.

Note: We take no responsibility for any damage caused to your machine, or issues with lost data in following these instructions. You are recommended to take (and verify) backups of your computers at all times.

Stage 1 – Setup the Ubuntu Installation USB

• Download the Ubuntu 18.04 LTS Desktop ISO image from Ubuntu.com
• Follow the guides provided by Ubuntu and create a bootable Ubuntu USB stick for your current operating system: Windows, Apple Mac OS or Ubuntu

Stage 2 – Install Ubuntu to the master USB Stick

We are largely following the instructions provided by Ubuntu for installing Ubuntu here, but with some key differences to avoid overwriting the existing operating system on your computer’s hard drive. We are assuming you are using a PC to create the USB stick on.

• Insert the Ubuntu USB Stick created in Stage 1 into your PC
• Choose the ‘Try Ubuntu’ option
• The computer will boot into the Ubuntu live graphical desktop
• If you use WiFi instead of Ethernet for Internet access, connect your computer to your WiFi network. You’ll find the WiFi Menu under the down arrow at the top right-hand corner of the screen, next to the power icon
• In the dock panel on the left, open the applications button. Search for ‘GParted’, and double click to open it
• Take note of what drives are currently shown on the right hand side drive selector. You will probably only have one entry, ‘/dev/sda’
• Put the second USB stick into the computer. Take note of what new drive has appeared in the right hand side drive selector as you will need this information later on. This is your new drive. It will be something like ‘/dev/sdb’
• Select the entry. Note: If you choose the wrong drive here you could destroy data on your computer if you left a hard drive plugged in
• Then, remove the existing partitions on this drive by selecting Device > Create Partition Table. Select ‘msdos’, then click ‘Apply.’ You can now close the GParted application

Creating a partition table

Select ‘msdos’ to remove existing device partitions

Completion of device GParting

• On the desktop, click on the ‘Install Ubuntu’ icon. You will see a welcome screen. Select the appropriate language, and click the ‘Continue’ button

Setting your language

• Choose your keyboard layout. Click the Continue button

Selecting your keyboard layout

• On the Updates and other software screen, select ‘Normal installation’, ‘Download updates whilst installing Ubuntu’, and install third-party software for graphics and WiFi hardware. Click ‘Continue’

Selecting your update and software settings

• On the ‘Installation Type’ screen, select the ‘Erase disk and install Ubuntu’ option. Also check ‘Encrypt the new Ubuntu installation for security’, and ensure ‘Use LVM with the new Ubuntu Installation’ is selected. Press the ‘Install Now’ button

Selecting your Ubuntu installer requirements

• Choose a security key (password) that will be needed to decrypt and boot the USB drive. If you are re-using a USB key that has had something on it before, check ‘Overwrite empty disk space.’ Note: doing so means the install process will take a while, but ensures any data left on the drive is irrecoverable

Picking a password for your USB drive

• Click ‘Install Now’. A message will show up on screen asking you to confirm the changes to the disk. If you’re happy to go ahead, click the ‘Continue’ button

The Ubuntu installation confirmation window

• You will then be asked for your location which is used to set localization and time zone settings. Choose the appropriate location then click the ‘Continue’ button

Selecting your location

• You will then be asked to create a user. We chose to make a generic username and share the login details with everyone who uses the stick. Since it’s a single user stick that our staff will individually use at home, we feel this approach is fine. We used the settings as per this image:

Creating a User

Note: It is recommended to use a different password for the user login that you chose in Step 15

• Click ‘Continue’. The installation will now proceed. After the installation has completed, a new dialog box will show. Click ‘Restart Now’

  This window confirms your Ubuntu installation is complete, and requests to restart your computer

• As the computer reboots, remove the first USB flash drive. Your computer will now boot from the second USB drive. You will be asked for the password you set in Step 15. Enter this and your computer will boot into your Ubuntu environment

Rebooting from the second USB drive onto Ubuntu

• After a few moments you will see the login screen

The Ubuntu desktop login screen

• It’s a good idea to run the Software Updater to install any updates necessary, so if you see a window stating ‘Updated software has been issued since Ubuntu 18.04 was released,’ click ‘Install Now’

Running the Ubuntu software updater

Stage 3 – Install software applications onto the master USB stick

As mentioned above, day-to-day we mainly operate in a web environment and wanted the USB stick to offer the same programs as our individuals’ desktops do. Therefore, the steps below will explain how to install Google Chrome, LastPass, Slack and the image editor Glimpse. We also installed access to our in-office VPN.

How to install:

• Google Chrome
• LastPass
• Slack
• Glimpse
• VPN

We also run through customization options in this section. You can jump to these by clicking the links below:

• Changing the dock configuration
• Changing the background image

How to install Google Chrome

• Open a terminal window by using the keyboard shortcut Ctrl + Alt + T
• Issue the command ‘wget’ https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb . This will download the Chrome installer
• Install Chrome by running ‘sudo apt install ./google-chrome-stable_current_amd64.deb’. You will be asked to enter your password. Once finished, Google Chrome will be available to Ubuntu

Terminal window showing Google Chrome installation and USB password request

• Remove the install file from the disk by typing ‘rm google-chrome-stable_current_amb64.deb’
• We added it to the Application dock by clicking on the Activities text, searching for Google Chrome and then right clicking ‘Add to Favourites’

Adding Google Chrome to your favourites

How to install LastPass

LastPass is available as a chrome extension, making its installation straight forward.

• Start the Chrome browser.
• Click the three dots in the upper right corner of the browser to access the Chrome menu. Select ‘More Tools’ > ‘Extensions’
• Click on the hamburger menu in the top left and then click Open Chrome Web Store bottom left
• Search for LastPass, wait for the results to show, then click ‘Add To Chrome’

Installing LastPass as a Chrome extension

• Once installed, you can close Chrome. LastPass is now ready to be logged into by your users

How to install Slack

• In the terminal window, type: sudo snap install slack –classic
• After a moment you will see the message ‘Slack has been installed’
• Add Slack to the dock by clicking Activities, searching for Slack, and then right clicking to select ‘Add to Favourites’

Adding Slack to your Favorites dock

How to install Glimpse Image Editor

• In the terminal window, type ‘sudo snap install glimpse-editor’
• You will be asked to enter the login password
• Add it to the dock by clicking Activities, searching for Glimpse and then right clicking to select ‘Add To Favourites’

How to change the dock configuration

We made a change to move the dock to the bottom of the screen and resized the icons so they take up less vertical space.

• Click Activities and search for Settings. Click the Settings icon
• Select the Dock tab on the left hand side
• Change the icon size to suit (we set ours to 30)
• Change the ‘Position on Screen’ to ‘Bottom’

Changing your Dock settings

How to change the Background image

We added our company background to the image to round off the installation. You can do this yourself by following the instructions below.

• Copy the background image onto the USB stick (download from a website, or copy from another USB etc.) We suggest putting it in the user’s Pictures folder in their home folder
• Access the Settings app as per step 1 in the dock configuration guide above
• Select the Background Tab
• Select the image labelled ‘Background’, click the Pictures tab and then find the picture file from where you copied it earlier. Double click on the file
• Repeat step 4 for the image marked ‘Lock Screen’

Selecting your background image

Example of our Top10VPN background image for Ubuntu desktop

Once you have finished configuring the stick to your requirements, you can shut down the machine, take out the USB Stick and re-attach your internal hard drive.

Stage 4 – Image the completed Master USB Stick

For Windows, we use the ImageUSB tool to do this.

• Insert the Master USB Stick and start ‘ImageUSB’
• Select the USB drive
• Select ‘Write image to USB drive’

Writing image to USB drive

• Choose where to save the image of the USB on your hard drive. Make a note of where this is
• Finally, click ‘Write.’ Your USB Stick will now be copied to a file on your computer, ready for writing onto other USB sticks
• Remove this USB stick from the computer and you’re ready to clone the image to USB sticks for your team

Stage 5 – Write the master image to the USB sticks for your users

For Windows, we use the same ImageUSB tool as in Stage 4.

• Insert 1 (or more) blank USB stick(s) into your computer
• Start ‘ImageUSB’
• Select the USB drive(s) you want to add the image to and select ‘Write image to USB drive’
• Select the image you wrote the master USB stick to in Stage 4 – step 3
• Click ‘Create’

Stage 6 – Finish customization for each drive

• For each drive, boot it on another computer to ensure it works
• Customize any settings, such as VPN connection settings, as required
• Deploy to your user base

Your team now has a fully working operating system they can boot from their home PCs.

Notes

Other apps for easy installation can be found in the Snap Store.

VPN connectivity to office

Our team makes use of web applications and other resources that are accessible from the office network only.

To allow our team to continue to work, we created a VPN endpoint on our network using WireGuard. Our staff members can connect to WireGuard from the setup provided by the USB Sticks, which routes traffic destined for our applications and resources via the Office VPN.

We created a common configuration on our master USB image and, after imaging, customized each stick to use unique credentials with WireGuard.

Ubuntu 18 offers a Graphical User Interface VPN client for OpenVPN, Cisco VPN, and PPTP (PPTP is not recommended). You can see a guide to setting up these on the Ubuntu Community Help Wiki.

In order to provide a GUI for Wireguard on the USB Stick, we followed the guide for ‘Desktop Toggle’ from LinuxServer.io

Apple Mac Hardware

Users with a Mac laptop or desktop machine at home will require a slightly different USB Stick. We followed the steps covered here by Medium, and here by Heeris.

Once up and running, we encrypted the users’ home directory and swap partition by following these steps on HowtoGeek.

Is your home environment secure?

Users should consider the environment that they are working in. As well as potentially needing to secure their home network, users should also be aware of physical security risks.

For instance, if you are using a VPN to protect against an untrustworthy housemate, this doesn’t do much good if you then leave your computer unattended for long periods of time.

Any security conscious user should lock and password protect devices whenever possible. This will protect access to your online accounts if someone does gain access to your device.

Password tools like LastPass or 1Password offer an easy way of doing this and store all of your login details in one place. You can also add two-factor authentication to these tools with an app like Authy.

You should also make sure that your hard drive is encrypted. You can set this up easily on a Mac with OS X Lion or later via FileVault, and on a Mac or PC using <Veracrypt.

Is your video calling software safe?

Users who still have to attend meetings with colleagues or clients should opt for a safe and secure video calling service. Products like Zoom are currently experiencing a surge in demand, but recent revelations have shown that their privacy promises have much to be desired. Zoom themselves have even admitted that some users calls were ‘mistakenly’ routed through China.

Other options for video and voice calling are FaceTime, WhatsApp, Jitsi and Wire.

Do you have smart home devices?

Smart home devices can be useful, but they’re also a security risk for those working from home.

If you’re working in a room where you’ve got an Alexa or Google Home, turn them off, move them or find somewhere else to work. Not only can they activate unexpectedly on conference calls and embarrass you but they are also, more seriously, always listening.

This is a security risk when you are having a sensitive discussion with a client or colleague.

Do you have poor VOIP call quality?

If you rely on VOIP calls to operate or conduct work from home, you may struggle with lags and bad call quality (such as ‘choppy voice’) as a result of insufficient bandwidth.

To avoid this, you should ensure other applications that use a lot of bandwidth aren’t running while you use VOIP.

If your company uses VOIP then you should ensure your set-up prioritizes this traffic over the VPN connection to help you maintain call quality. If you heavily rely on VOIP then we recommend you regularly test your VPN to catch any issues early.

Is your home connection struggling?

Being kicked off home networks by other house mates or family members can be a real issue for employees now working from home. To ensure you’re using your WiFi network as efficiently as possible you can do a number or things.

• Optimizing router placement can make a big difference in the speed and strength of your connection. Ensuring that it’s placed high up and not blocked by any large items of furniture or metal objects is a good start. Moving closer to your router should also help connection speeds and quality
• If adjusting your router’s placement doesn’t improve your connection, you can always connect directly via an ethernet cable. It’s also worth checking you router software has been updated to the most recent version available
• For those with the time and inclination to do so, signal segregating will also help optimise your households internet connection for each device
  • Signal segregating, sometimes referred to as WiFi network isolation, involves manually altering the WiFi frequency and channels available on your home router to split them between different devices
  • Using this method, you can connect to the best WiFi channel available to you, or divide WiFi channels up in your household between older and newer devices. This will stop older devices from slowing down the connection speeds of newer ones.
• There’s no harm in rebooting your router to see if that makes a substantial difference. Sometimes the simplest option can be the most effective.
• If those tips don’t help, you may want to consider investing in a product which will give your home WiFi connection a boost. For example, BT offer a Whole Home Wi-Fi Range Extender which will help your connection reach further in your home. Netgear also have a similar and slightly more affordable option in their Nighthawk X6 EX7700-100UKS WiFi Range Extender.