Update 1/19/2021: Criminals have grown smarter and more sophisticated over the pandemic, so please share this information with your co-workers, housemates, and family members. Education is the best defense against cybercrime. 2020’s estimated annual revenue from cybercrime was at least $1.5 trillion! To put that in perspective, Apple, Amazon, Facebook, Tesla and Microsoft combined made $761 Billion in 2019, while Walmart made only $514 Billion. It pays to be a cybercriminal! Don’t be a victim.
I’ve written about how employers can keep their data secure and their corporate networks healthy, but let’s also help employees who want to be good custodians of their new work-from home privileges. No one wants to see their company’s data breached, and security is now everyone’s responsibility. Working from home can be a big adjustment, and especially with COVID-19 all over the news, home office setups may be extremely hasty. Here are some things every employee working from home should know:
- Security starts with you. From the cybercriminal perspective, people are the weakest link. Criminals will try to steal your password and gain control over your computer. Don’t forget your anti-phishing training:
- An urgent email from your supervisor demanding you perform unusual tasks is worth a phone call verification
- If it’s too good to be true, it probably is
- Don’t click on links in emails. Bad URLs are easy to hide. Instead, manually browse where you want to go.
- Don’t call numbers for tech support that aren’t your normal number for tech support
- CallerID can easily be faked, so don’t trust it. If in doubt, hang up, and call the entity calling you to verify it’s really them, using a number you know.
- Your home network is an easy target for criminals using automated attacks because your wireless router is probably configured in a very typical way
- Change the default admin password
- Unless you know your guests practice good cyber-hygiene, don’t let them on your network. Most home wireless routers these days have a guest network where guests should connect
- Make passwords strong. Use two-factor authentication as much as possible.
- Passwords need to be secure- blah, blah, blah- but, it really is important. It’s better to have a unique simple password for each site than one complex password you use for all your sites, because when cybercriminals crack a password, the first thing they do is try that password at other sites. Nobody can remember all their passwords- it’s ok, you’re human. Use a password manager program or service.
- Enable automatic updates on your computers, tablets, phones, and routers, and make sure those updates are being installed successfully. Failed updates or devices that are too old to update lead to holes that criminals can easily exploit.
- Restrict use of your computers. Don’t let kids and significant others use that fancy work device, no matter how convenient it is. Games often come with malware and tracking apps that run in the background and upload sensitive data to servers and clouds you don’t know or control. If you are using a computer you provided, like BYOD, it’s best not to share it with family members.
Following these five tips will make you much more secure than the average person working from home, but there are always ways to be more secure. Please ask your IT folks if you would like help with any of these items, and I’m sure they’ll be happy to assist.