If you’re currently part of a remote team, you need to have cyber security at the front of your mind. This article has loads of practice advice on how you and your team can stay secure when working from home.
Whether you enjoy working from home or you can’t wait to get back to the office, the likelihood is that home-working is here to stay, at least for a little while longer. Putting all the quirks of working from home to one side – that is, unlimited coffee breaks, sitting at your desk in your pyjamas and the world’s best commute – we all need to be aware and alert to cyber security risks when working from home.
The UK has headed back into lockdown. England, Wales, Scotland and Northern Ireland may have done so at different times and with slightly different rules, but here we are again.
For most of us, working from home is an excuse to get your head down and focus on work, yet scammers and cyber criminals are making opportunistic use of the pandemic to commit more sophisticated scams.
Online scammers have been taking advantage of the various lockdowns and restrictions around the world to exploit individuals and businesses whilst everyone’s focus is elsewhere.
By exercising caution and staying vigilant towards potential cyber security threats, you can reduce the risks posed by these scammers whilst enabling your remote team to work safely, securely and more efficiently.
Here are our tips for staying secure when working from home during these uncertain times.
1. Secure your Home Broadband
How secure is your home Wi-Fi connection?
The majority of home broadband subscribers often don’t bother changing the default Wi-Fi password that’s assigned to the modem/router provided by their ISP. At the very least, you should change this password away from the default password as soon as possible.
Your home Wi-Fi password should be complex, difficult to guess, and certainly not something like your phone number or home address!
If you want to go even further and you have the knowledge and ability to do so, you can create a subnet or guest network to keep your work internet activity completely separate from the rest of your household’s activity.
Your home broadband equipment will also have its own web interface, usually accessed by an internal IP address such as 192.168.0.1. There will be a separate password used to access this, so make sure you change this too, as wireless routers are often targeted by criminals.
2. Consider Using a VPN
A Virtual Private Network (VPN) allows you to securely connect to the internet. Think of the internet like a wide and busy road with a load of traffic crossing between lanes as it moves back and forth. A VPN creates a private tunnel for you to use. No traffic can get in and all the traffic inside the tunnel stays there; away from prying eyes and remaining private.
Many employers use VPNs to allow their employees secure and encrypted access to company systems. Not only does this give companies more control over who can access their systems, but it’s also inherently more secure as all VPN traffic is encrypted. That means that even if traffic was intercepted, it would be scrambled and extremely difficult to decrypt.
Use of VPNs is established within companies and Government bodies who adopted remote working long before the pandemic. If you don’t use a VPN, there’s never been a better time than now!
VPNs are also useful for home users who wish to stay more private when browsing the web.
3. Don’t Share Passwords with Colleagues via Email
Sharing passwords with colleagues is common practice in offices (even if it shouldn’t be!). Let’s face it – most people find passwords an inconvenience. However, it’s one thing being verbally given a password in person, but sending passwords by emails or text has a much higher risk of interception.
Ideally, passwords should not be shared at all and each individual user has their own username and password, eliminating the need to share.
When this is not possible, password managers like LastPass or BitWarden allow people to share passwords safely and securely, without sending it in plain text.
Extra tip: Use 2-FA (2-Factor Authentication) if it’s available. This means that users need a one-time code in addition to a standard password to log in. 2FA can be used with an authenticator app, which is more secure than SMS.
4. Be Careful when Photographing your Screen
If you’re posting on your own personal social media whilst working from home, be aware that your innocent selfie may be revealing confidential or personal information on your computer screen!
You’ve probably seen a deluge of work from home social media posts this year, so if you’ve snapped the perfect photo, remember to zoom in on your screen and make sure that it doesn’t reveal anything that you don’t intend to share.
5. Be Equally Careful when Screen Sharing
It’s been said that “can you see my screen?” is the phrase of the year (or is it “you’re on mute“?!)
Screen sharing with your colleagues on Zoom or Microsoft Teams is great, it’s much easier to explain something when everyone else can see what you’re seeing.
During online meetings when it’s your screen being shared, you need to use caution before hitting that “share” button to avoid an embarrassing incident or a more serious security breach.
You also need to be aware that some applications give you notifications or pop-ups in the corner of your screen. These alerts may display the first part of an email, which could contain private or sensitive data.
Before screen-sharing, make sure that you close down any private files and disable any application that gives you pop-ups or alerts.
Remember that it’s also possible for others in the meeting to screenshot your screen whilst you’re sharing.
6. Watch out for COVID-19 Phishing messages and other scams
Remember that cyber criminals are using the pandemic as an opportunity to for exploiting risks. As a result, there has been a large increase in phishing related scams being reported.
These phishing scams, including text messages and emails are much more sophisticated now than they were a few years ago. Scammers have gone to great lengths to make these messages look extremely convincing, even experienced users are often caught out by emails that look identical to legitimate emails.
Phishing works by scammers pretending to be legitimate companies, such as banks, large online retailers or mobile phone service providers. They send emails saying things like “your payment card has expired, please click here to update your details” or “You are entitled to a refund”. These emails are designed to harvest personal data from unsuspecting individuals.
Scammers are able to spoof email address headers, using fake “from” addresses, making them almost indistinguishable from genuine emails sent by banks and other companies, which makes modern phishing emails even more difficult to spot.
You should ensure that your colleagues are alert and vigilant when it comes to phishing scams. If you’re suspicious, never click on a link in an email or message before verifying who sent it.
7. Ensure your phone calls are not overheard
Are your phone calls really private? Depending on where you live, something as simple as an open window can make your private phone call a lot less private!
If you’re talking to customers on the phone whilst working at home, or discussing confidential information with clients then you should take extra steps to ensure that call stays as private as possible.
Don’t sit next to an open window if your neighbours are in their garden within earshot. Just think – if you can hear your neighbours conversations through your windows or walls, they can probably hear yours too.
Hands-free/headphone users don’t usually realise that their voice sounds much louder to others, as headphones block external noises, so there’s another thing to be aware of!
8. Physical device security
An often overlooked way to stay secure when working from home is to store laptops and other work equipment securely when they’re not in use.
For laptops and mobile phones, this could mean locking the screen if you’re leaving them unattended, even just for a few minutes. When you’ve finished working for the day, shut down every device and lock them away if possible. Computers can still be access remotely if they’re put to sleep or left on stand-by, so powering-off is essential when you’re working remotely.
This doesn’t mean that you don’t trust the people you live with, or even that you anticipate a break-in, this just removes any additional risk to your workplace security.
9. Don’t overshare on Social Media
During these times of social distancing, social media helps us stay close to our friends when the global situations means we have to stay apart. But, are you sharing a bit too much about your working from home routine online?
Platforms like Instagram and Snapchat are very much focussed on daily video stories. TikTok has also emerged as a new popular source of entertainment during the pandemic. Millions of users share parts of their daily routines online via these platforms every day. In the hands of a scammer or cybercriminal, these seemingly innocent social media posts can be extremely dangerous, often revealing more than was intended.
It’s a good idea to check your privacy settings on all your social media platforms to make sure that you’re only sharing updates with people you know and trust in real life.
10. Keep your home and work life separate for extra security benefits
Everyone’s living situation is different – you may live alone, with housemates or with your family. You could have a dedicated office or workspace at home, or you might be perched on the end of your kitchen table. All of us who started working from home this year have had to quickly adapt to our new routines and working environment.
Yet, it’s still not normal for most of us. Your home is your home, where you live, relax and enjoy your life. Now, your work is encroaching on your home life.
When you’re working from home full-time, the lines become blurred between work and home-life. It’s easy to step away from your work duties for a few moments to answer the door to the delivery driver, get yourself a quick snack or do a few household chores. However, these blurred lines in your mind whilst working from home causes a vulnerability in workplace security.
Think about it – you’re at home, where you feel safe and your guard is down – it’s only natural. Because of this, mistakes and oversights are more likely to happen. If your mind is elsewhere, you’re more likely to send that confidential message to the wrong person or open that suspicious email in error.
Keeping your personal life separate from work can help you stay secure, as well as benefiting your wellbeing with a healthy work-life balance.
Summary – Cyber Security and Working from Home
As working from home solidifies itself into our culture and truly becomes ‘the new normal’, we must not become complacent when it comes to workplace security.
We now work and live within the same four walls, so it’s natural to have your guard down when you’re in your own home where you usually feel safe. Cyber security, passwords and phishing scams are probably not at the front of your mind when there are bigger things going on in the world at the moment.
Just remember that cyber criminals are taking advantage of the situation, so it’s vital that individuals and businesses don’t overlook cyber security as an active threat of 2020.