Written by: Emily Young // Jun 12, 2020
Last updated: Jun 12, 2020
You already know that your new work-from-home life demands a new skill set: Managing Zoom meetings, staying productive even when the cat crawls onto your lap, and hiding your office snacks from your toddler. But did you know that cybersecurity skills are key to WFH success? Now that you are working remotely, your company’s data is vulnerable in new ways, and it’s crucial that you know how to protect it. Luckily, you don’t have to be tech gods like Lisbeth Salander or Mr. Robot to know how to defend against cyber threats. By changing a few simple habits, you can master these cybersecurity basics for remote workers.
Know Why Cybersecurity Is Important
In what has been called the “world’s largest work-from-home experiment,” more than 60 percent of employees have worked remotely during the coronavirus crisis, according to Gallup data. Nearly 43 percent of surveyed employees want to keep living that WFH life, even after the COVID-19 lockdown. For the first time, many employers are actively experiencing the benefits of a remote team. But this brave new world also comes with increased risks of cyberattacks.
“Studies have shown that people present usually the highest point of vulnerability in an attack. We're vulnerable,” explained Clinton Daniel, the director of the Information Assurance concentration for USF’s MS in Cybersecurity. When you’re working from home, he said, employers have less control over your behavior. That means they can’t protect company data as easily: You have to change your habits and master basic cyber hygiene.
Follow Your Company’s Policies
First of all, make sure you’re following any cybersecurity policies from your company, such as two-factor authentication and VPNs.
- Two-factor authentication means that it takes “two steps to verify that you are who you say you are, so that even if a password falls into the hands of the wrong people, they cannot pretend to be you,” explains this New York Times article.
- A VPN is a virtual private network where “your home laptop becomes a part of your company's network,” Daniel said. “So essentially, your laptop becomes like it is sitting in the building at your company's work.”
Secure Your Physical Environment
Securing your physical space requires zero technical know-how. Follow Daniel’s advice:
- Working in a private room with a closed door is ideal, but for many remote workers, it’s not an option. Wherever you set up shop, make sure your screen is positioned so your housemates can’t see it: i.e., if you’re working from the kitchen, “make sure your laptop is facing the wall in the kitchen, not the living room.”
- Wear headphones during virtual meetings.
- If you are speaking with a client, ensure they are also in a private environment before discussing anything confidential.
If you’re in charge of highly sensitive data, you may want to take extra precautions:
- Install a home security system such as the Ring Alarm.
- Use encrypted company devices rather than your personal devices. Don’t have a company device? You can ask your IT department to encrypt your personal laptop or phone.
Use a Password Manager
Have you used any of these “most commonly hacked” passwords?
Avoid the temptation to type in “password” the next time you’re prompted to secure an online account. Instead, make your life easier and safer by using a password manager, “which generates, securely stores and provides easy access to all your passwords,” as this NBC News article explains.
Wirecutter recommends 1Password, which costs $36 a year. If you can’t swing the cost, you can try the free Bitwarden.
Frequently update passwords to sites that would “hurt you the most” if they got hacked, Daniel said. (Psst … that means your bank account!)
Avoid Phishing Schemes
When scammers want to play Go Phish, they create emails that look like they’re from your colleague or a trusted company. “Phishing scams work by tricking you into clicking on a link or attachment that either infects your machine with malware or takes you to a page that looks totally legit, but isn't and is designed to steal your private information,” this Wired article says.
Don’t get hooked. Take these steps to avoid the bait:
Change Your Behavior
Even if an email looks like it’s from your friend, double check. “Verify the email address of where it came from,” Daniel said. “Just because it says ‘Clinton Daniel’ doesn't mean it came from Clinton Daniel.”
Daniel organizes his inbox by the names of clients, coworkers, and companies. Whenever he gets a new email from a contact, he confirms that the address matches the verified one he has on file.
Let’s look at an example.
- You receive an email that says it’s from your coworker, Dolores Abernathy. The message even sounds like it’s from Dolores: She talks all about the nature of reality, which is totally on brand.
- Look at the email address: Dolores1.Delos.firstname.lastname@example.org.
- Compare it to Dolores’ verified address: Dolores1@Delos.org.
- Aha! The scammer tried to trick you by putting the phrase “Delos.org” in their email address, but you can see that the email is actually coming from a Hotmail domain, not from Delos itself. (Look at what comes after the @ sign to find the domain name.)
Now, what if you get an email from someone who isn’t in your contacts?
- Call the sender directly to verify their email address. (But do not use any phone numbers listed in the email: Use what is listed on the company’s real website.)
- Do not open attachments or click any links. “If you think the (link) address is correct, retype it in a browser window,” suggests this CDC guide on avoiding COVID-19 phishing schemes.
- Don’t verify any personal information, such as your name, address, phone number, or password. Reputable companies would never ask you to do this via email, Daniel said. “If they needed to electronically validate anything, they (would) contact you by other means without just sending you an email out of nowhere.”
Keep Your Software Updated
For additional protection, follow these tips from the Federal Trade Commission:
- Install security software.
- Make sure software on your computer and your phone is set to update automatically.
- Use two-factor authentication on your accounts.
- Back up your data.
Beware of Malware
“Malware is nothing more than a program that is designed to do something malicious or destructive to a system,” Daniel said. It could track your keystrokes, activate your laptop’s camera, steal information, delete data, or more. You might encounter malware through:
- An email link. If you aren’t sure whether a link is valid, hover your cursor over it until you see a preview. Be careful not to accidentally click on it. If it seems suspicious, forward the email to your IT department.
- A website. Don’t click any links, or download attachments, on websites that are unfamiliar or seem unreliable.
- A flash drive. Sometimes, nefarious people leave malware-infected flash drives in public places, hoping you’ll be tempted enough to pick up the drive and insert it into your laptop. Resist the urge.
These tips from the Federal Trade Commission can help you avoid malware:
- Keep your security software updated and consider using a firewall.
- Use your browser’s default security settings.
- If you click on a website and your browser warns you it isn’t safe, avoid it.
- Be wary of downloading so-called “free” software or games from unfamiliar sites.
- Be cautious when installing new software: “If you don’t recognize a program, or are prompted to install additional ‘bundled’ software, decline the additional program or exit the installation process.”
- Avoid clicking on pop-ups.
- Be wary of chain emails.
Use Secure Wi-Fi
Make sure your home Wi-Fi network is password protected, and use a newer router (not that one you got 10 years ago). Never use coffee shop Wi-Fi. The cappuccino may be good, but the connection’s risky.
We’ve given you some foundational skills to protect your company’s data, but there’s so much more to the world of cybersecurity. Explore our article on cybersecurity tips for remote workers during the pandemic, or take our Cybersecurity Essentials course. In just three to five hours, the course teaches you the skills to keep your company’s information secure — and you’ll earn a certification that sets you apart from your colleagues.