One of the unexpected results of the COVID-19 pandemic, as well as toilet paper becoming a rare commodity, was the rise of working from home.
Organisations had to adapt at a rapid pace to ensure that their employees were still able to work, without being put at risk. For many of us, this meant making our homes into our new primary workspaces and navigating the obstacles of video conferencing, internet issues and working alongside our pets or children. It’s certainly been an interesting, if challenging time!
Since the end of lockdown, a lot of companies have given their staff more opportunities to work from home with hybrid working policies. Hybrid working empowers staff to work from home part-time, as well as coming into the office for one to four days a week.
However, a concern that comes with taking employees out of the office environment is data protection and security. Most workplaces have policies and procedures in place to keep their data and their clients’ data safe. But once people begin logging in from home, this can leave the organisation vulnerable to data leaks, and even cyber attacks.
Here are ten steps that our cyber security experts advise you to take if you work from home. We’ve designed these tips to help keep your data safe and secure, whilst making sure they’re straightforward enough that they can be implemented right away, whatever level of IT experience you have.
1. Change the default password on your home router.
Why it’s important: Most routers are shipped with a default password to allow you to access the WiFi. Although the password your router arrives with may seem strong, it’s much safer to change it to something that is personal to you and would be hard to guess.
Professional hackers can run programmes that try thousands of passwords in a matter of minutes to try and access your home WiFi network. Once they’re in, your personal data and even company data can be accessed and stolen.
Protect your home WiFi with a strong, memorable password and make sure it is shared only with members of your household.
How to do it: Find out the make and model of your router, and Google “how to change the default password on [make and model] router”. Once you find them, follow the instructions from your provider’s website.
2. Backup any data that you save to your computer.
Why it’s important: If you use a personal computer while working from home and a different one in the office, then anything you save to your Desktop or Documents folders can only be accessed in that one location. Nobody wants that sinking feeling of needing an important report, only to realise it’s saved to another device!
Another risk you should take into account is what would happen if your home computer was damaged. Any data that you’ve saved could be lost if not backed up on another device, an external hard drive or a shared cloud service. Accidents happen, so don’t be caught out — backup anything you don’t want to lose.
How to do it: If your organisation doesn’t already have a cloud-based sharing service like Sharepoint or Google Drive, try proposing the idea to your IT department. In the meantime, you can set up a personal drive where you regularly backup your documents and that you can access from all your work devices.
3. Don’t use an Administrator account when you’re using the internet or email.
Why it’s important: An administrator account is an account which is used to make changes to a system — for instance, a network of computers and devices in an office. Administrator accounts should only be used for administrative purposes, because doing everyday tasks like checking your emails or browsing the internet could leave your whole system vulnerable to malware attacks.
Phishing emails, scam websites and downloadable viruses can cause a great deal more damage when they infiltrate an administrator account, rather than a standard user account that has limited permissions to make changes. Always be sure to keep the two accounts separate and distinct.
How to do it: If you have access to an administrator account, create a separate ‘standard user’ account for your everyday tasks. Only use the administrator account when you are wanting to make system changes.
4. Use a separate login for work if you’re using a personal computer.
Why it’s important: As well as being better for your work-life balance, you’ll find your home computer will feel a lot less cluttered if you can keep the documents you use for work separate from your personal ones.
If your home computer is a shared one, there’s also the chance that someone else in your household accessing data they’re not meant to see. The best thing to do is to create a password-protected login that you use only for work, keeping any sensitive documents and data well-protected.
How to do it: Like creating a ‘standard user’ account, a separate work login can be created via the administrator account. It’s a good online safety practice to ensure that everyone in your household has their own account, with a password known only to them.
5. Review the apps on your computer and remove any you don’t need.
Why it’s important: Having lots of unused apps can slow down your device, as well as cluttering up your desktop, reducing your available storage and leaving you to deal with constant updates that you may not even need.
Some apps can also increase what is known as your ‘attack surface area’ — creating more ways for people to gain access to your computer or your data. They will normally request permission to make changes to your computer, so always carefully consider it before choosing ‘Agree’.
How to do it: Do a digital declutter by looking over all the apps, browser extensions and software you have downloaded onto your computer, and decide whether it’s something you really need, or if it could be leaving you open to unnecessary risk.
You can manage your apps in your computer settings. Make sure you delete them completely, and not just the shortcut on your desktop.
6. Make sure you have antivirus software installed.
Why it’s important: Antivirus software gives you the best chance of protecting yourself and preventing malicious software from being downloaded to your computer.
Malware creators are very sneaky, and can do the most damage when you don’t know the malware is there. Your data can be stolen, encrypted so that you can no longer access it, or even deleted entirely. Antivirus software can detect malware, remove it, and even alert you to suspicious-looking emails or apps.
How to do it: If your organisation doesn’t have a preferred software that they provide, there are a number of free antivirus software options you may like to look into. Windows 10 comes with the built-in Windows Defender, whereas Avast is a reliable option for Macs.
7. Ensure you have a unique, hard to guess password for every application.
Why it’s important: This is a piece of online safety wisdom that we all know and understand, but few of us put into practice. If you use the same password for multiple sites and accounts (some of which store payment information), a data breach in just one of those sites could leave you in a tricky spot!
We know it can be a pain to try to remember dozens of passwords and which accounts they belong to. However, you can take away the stress by setting up a password manager to keep them secure.
How to do it: Download a password manager such as 1Password, LastPass or Dashlane, so that you can have a different password for each application you use. They’re quick and easy to set up, and will save you from having to constantly reset your passwords every time you forget one.
8. Be cautious when opening email attachments.
Why it’s important: Phishing emails are getting more and more convincing. A growing number of scammers are copying the branding and communication style of legitimate companies to try to extract sensitive information from their target. Anybody can be taken in, and if you happen to download some malware onto the computer you use for work, it can leave your organisation vulnerable to data theft and other cyber attacks.
How to do it: Pay careful attention to emails from outside your organisation. Be vigilant — were you expecting this communication? Does the wording seem strange, or more urgent than usual?
Phishing emails take advantage of the better, more trusting sides of human nature. If a document or file looks suspect, always be safe and don’t download it before doing more research.
9. Use video conferencing apps which are secure.
Why it’s important: You may remember hearing stories about ‘zoombombing’ during the pandemic. Whilst the popularity of videoconferencing soared, some opportunistic pranksters were able to gain access to private video calls which weren’t password-protected.
Whilst for the most part the worst thing a zoombomber would cause was a bit of disruption, if your organisation deals with sensitive information about clients or other companies, it’s vital that you prevent people from infiltrating your calls.
How to do it: Just as you’d want to keep strangers out of your meeting rooms, make sure the videoconferencing app or software you use is secure. Choose a platform that requires a password or admin approval before somebody is able to join a call.
10. Invest in a webcam cover and blur tool
Why it’s important: With the rise of videoconferencing, scammers and cyber criminals have been finding even more ways to exploit web users. The unfortunate truth is that webcams can be hacked, normally by remote administration tools (RAT) that can be downloaded via phishing. Although webcam attacks are rare, it’s simply not worth taking chances when it comes to your safety.
To protect your clients, your organisation, and yourself, ensure you are careful about the things you share on your camera — even in a secure video call. Use the background blur tool to hide any identifying items that could be seen in the room behind you, and try to keep other members of your household out of shot where possible.
How to do it: If you have a built-in webcam cover, make sure it is closed whenever you aren’t using it. Sliding camera covers can also be purchased very cheaply and will give you peace of mind. The blur tool can be typically be switched on using the settings on your videoconferencing app.
Perfect security isn’t possible, though by implementing the steps above you’ll greatly reduce your exposure to most attacks.
10. Online Safety when Working from Home: Final Thoughts
Whilst totally foolproof cyber security isn’t possible, by implementing the steps above, you’ll greatly reduce your exposure to possible attacks. Cyber criminals are getting craftier by the day, but you can deter them by taking sensible online safety measures while working from home. There will always be unscrupulous people online, but it doesn’t mean we need to make things easy for them!
At Forensic Control, we’re passionate about online safety. If you’re interested in more ways to protect your organisation from cyber attacks, you may like to read our guide for small businesses on how to create a simple cyber security plan.
We also provide Cyber Essentials and Cyber Essentials Plus certification if you’d like to join the growing list of businesses who have demonstrated their commitment to cyber security and have been certified as safe and secure.
If you’d like a quote, or would like to chat to one of our experts to find out more, feel free to contact us for all your cyber security queries.