Online Safety While Working from Home
In This Article
• Keep things updated
• Use strong passwords
• Secure your home network
• Be very careful with email
• Make regular backups
(No time to read right now? Just want to see the list of things to check? Here you go.)
Working from home (WFH) can be beneficial, whether you're “social distancing” due to a pandemic or just need to be productive when away from the office.
But WFH comes with many security risks. In this article, we'll teach you how to minimize these risks.
When we refer to “device” below we mean a computer or smartphone that connects to the Internet. If you have any questions or concerns after reading this article, please let us know.
The Basics
Make sure you keep your Operating System (see box), software, and apps updated. We know it's a hassle to keep updating things, but those updates often include security improvements that are meant to protect you.
An operating system is the software that runs your device. On phones, it's typically iOS or Android. On computers, it's usually Microsoft Windows or Apple MacOS. Details on how to update your operating system are beyond the scope of this article, but if you want guidance, just get in touch.Use strong passwords for everything you log into to. A strong password is at least 12-18 characters long, uses a variety of characters (lowercase letters, UPPERCASE letters, numb3r5, and speci@l symb@ls). It should be easy for you to remember but hard to guess.
(It's safest to never write down passwords anywhere, but if you must, do something clever like putting them on recipe cards in your kitchen. Never put them anywhere near your computer.)
Your Home Network
Make sure that your home WiFi router uses good encryption (a way of scrambling data going between your device and the Internet).
The best encryption currently available is called “WPA3–AES” (or something similar). If that's not available on your router, the next best is “WPA2–AES” and then “WPA–WPA2 Mixed Mode”.
Don't even bother using plain “WPA” or “WEP”. Those encryption methods have already been broken by hackers.
Setting up encryption is different for each type of router, so just Google “how to update encryption on [your router model here]” or get in touch and we'll try to help you out.
We're preparing a detailed article to help you decide which VPN is best for you, so check back later (or sign up for our free newsletter to be notified when the article is ready.)
Use virtual private network (VPN) software to have a more secure and private Internet connection. There are free and paid VPNs available for phones and computers. (see box)
Always use “two-factor” or “multi-factor” authentication (if available) for websites you log into. This technology (called “2FA” or “MFA”) creates an extra layer of protection by requiring you to provide a code, in addition to your username and password, to log into something. While not 100% unhackable, this type of authentication makes things much harder for hackers.
Ideally, you'll be able to use a work-issued device (computer or phone) for “official business”. If so, remember to use it only for business and keep personal stuff on your own devices. If you have to use a personal device for work, it's a good idea to log out of non-work sites (and close the web browser tabs) while you're doing work.
If you need to discard any printed work-related materials (and especially if it contains sensitive information) be sure to use a good cross-cut shredder to fully destroy the materials.
Your company may issue “work from home” security protocols. Some of them may include things mentioned above as well as other policies and techniques. Be sure to follow them — they're set up to protect you and your company.
If you get stuck with something, or need help, ask your company's tech support team for help. They would prefer that you reach out to them rather than try to figure something out yourself and possibly have a less secure connection.
If possible, keep work-related and personal email separate. Hopefully you can access your work email from home. (If not, ask your company's tech support team for help.)
There are three main dangers with email that exist with work and personal email. But with work email, and especially when a lot of people are working from home, the dangers are even greater because they can compromise your company.
1 The first danger is something called “phishing”.
This is when a hacker sends email that looks like it came from someone you know (maybe your boss or a co-worker) or from your company (maybe tech support or the HR department). The email may ask you to provide information, click a link (see below), or open an attachment (see below).
If the email is not really from who it seems to be from, taking those actions can lead to big problems. The best way to avoid being tricked by a phishing email is to call the sender and get confirmation that they really sent it.
2 The second danger is clicking links in emails.
Even with a legitimate-looking email, a clickable link can take you to a web page that is trying to fool you. It might look normal, and ask you for information, but when you submit the info, it gets captured by a hacker.
Some links in email can take you to a web page that installs malware (“malicious software”) as soon as the page loads. You would not know that this was happening.
So be very careful with links in emails. As with potential phishing email, the safest thing to do is to talk to the sender and confirm where the link should take you. Then very carefully examine the web address in your browser to make sure it's the correct URL.
3 The third danger is opening attachments on emails.
Even if they seem like normal PDF files, Word documents, Excel spreadsheets, PowerPoints, etc. they can actually contain malware that auto-installs on your device upon opening. Like the previous dangers mentioned, the best thing to do is confirm with the sender that the attachment is legitimate.
But be careful with emails containing attachments that have been forwarded. If a sender “up the chain” included an infected attachment (knowingly or not), the person who forwarded the email to you would not be aware of this.
The dangers explained above are linked to most of the computer malware infections people experience. Unfortunately, even the best anti-malware software can't always protect you because some infections go undetected. The best thing you can do is be careful about your own email behavior and not rely on software to keep you safe.
Backups
Just like it’s good practice to make regular backups of your personal computer, your work device should also be backed up regularly. When you're in the office, it's possible that your computer is configured to back up to your company's servers.
When you're working from home, especially for an extended time period, confirm with your tech support team that backups will continue (and, if not, ask how they can be configured to do so).
We recommend three types of backups. Ideally, you can do all of them. But if not, the third type below is the most important.
1 Real-time cloud storage for frequently accessed and updated files
These are things like Dropbox, Box, Google Drive, OneDrive, etc. Your storage space is limited, so you generally can't use these to back up an entire computer. But this type of service is good to have if you make a lot of updates to files on your computer.
2 Daily local backups
These are full system backups to a local hard drive. They contain all the data from your computer as well as the operating system, software, and apps so you can actually boot your computer from the backup drive if your main internal drive breaks.
3 Continuous off-site (“cloud”) backups
These are full system backups to a “magic computer in the cloud”. You don't need to know where it is or how it works — just know that it provides an extra level of safety. Off-site backups will save you if, for example, you have a fire that destroys your computer and local backup drive. You can use an off-site backup to restore everything to a new computer.
Other Things to Know
When using a web browser from home, make sure you have a secure connection. You should see an “s” at the beginning of the web address so it looks like “https”. A browser addon called HTTPS Everywhere can help you browse securely.
A secure connection means that information coming into and going out of your web browser is encrypted (“scrambled”) so that if a hacker somehow sees the info, it'll just look like a bunch of random characters. But your browser and the website know how to understand the info.
Use other browser addons such as Privacy Badger and uBlock Origin, which is available for Google Chrome, Mozilla Firefox, and Microsoft Edge web browsers. These automatically prevent some websites from sending potentially malicious content and tracking your activities.
Browser addons are apps or software that work within your web browser and are designed to perform a specific task.
Unfortunately, with a lot of people working from home now, hackers will try to take advantage using some other tricks:
Be very careful with anything that pops up on your screen unexpectedly. If it's software telling you about an update, it's safer to close the popup, go directly into the software, and find “check for updates” in the menu. If a popup is for anything else, it's usually safest just to close it.
“Tech support scams” are on the rise, where hackers pretending to be from a tech company use a popup, email, or text message to say they found a problem with your system and can fix it. Their scam is to get you to set up a remote desktop session that lets them control your computer. While they appear to be doing something helpful, they're actually installing malware on your system. Be very careful with anyone who wants to remotely control your computer unless you were the one who initiated the request (such as directly contacting Microsoft or another company). See our full article about this.
Conclusion
Working from home can make life so much easier, but requires extra vigilance from you to protect your computer, your data, and your online safety.
While there are technical things you can do (router encryption, VPN, software updates, etc.) to help, the BEST way to protect yourself is to be careful with your own behavior. Use the tips explained above and you'll be much safer.
If you have any questions about this topic, please get in touch.
Want More Info Like This?
Get our Free Newsletter