In 2017, just 8 million Americans, or about 5.2% of the workforce, worked from home. However, American executives seemed intrigued by the idea of building a secure, satisfied, and low-cost team of kitchen-table workers, so remote workforces increased as time went on.
When the COVID-19 pandemic struck in early 2020, corporations all over the world immediately implemented work-from-home programs, many of which had seemed impossible just weeks earlier.
By June 2020, 42% of Americans were working from home full time, according to research from Stanford University.
In the scramble to shift from office to home, many IT departments hastily propped up internet security measures and relaxed cardinal policies about cybersafety.
Carla Sweeney, director of governance and risk compliance at Red Ventures, explained how even companies already operating with remote workforces were largely unprepared for those changes.
“Many were forced to accelerate an unplanned shift to remote working before they were ready, without the luxury of time to plan and test network changes that make that change possible,” Sweeney said.
Makeshift security measures may have created new vulnerabilities, such as unsecured home WiFi networks, use of personal devices for sensitive information, and lax physical security of hardware. Because of these potential vulnerabilities, remote employees should do their best to follow general best practices for internet safety, including:
- Pause and assess the situation before you click a link or attachment in an email.
- If you must connect to a public network, use a virtual private network (VPN).
- Create long and unique passwords for each account.
- Avoid the temptation to let your family use your work laptop.
- If possible, keep personal use to personal devices and work use to work devices.
- Follow your company’s policy regarding the storage and transmission of company information.
- When you set up a video conference, use a unique password.
- Change your home network name and make it invisible to others.
- Change the default router administrator password to a strong passphrase.
- Use multi-factor authentication wherever possible.
Cybersecurity Threats for WFH
Working from home can expose companies and individual employees to cybercrime by creating new vulnerabilities in the safety structure.
“Employees are connecting to home or public networks of unknown security, in some cases with a personal laptop or mobile device to do their work,” Sweeney said.
Hackers may exploit virtual private networks already infected with malware. Malicious apps promising the lowdown on the COVID crisis can tempt kitchen-table workers. And young family members completing virtual learning may think it’s okay to open up a private chat on mom or dad’s work laptop.
Consequently, cyberattacks have mushroomed since March, when much of the U.S. workforce shifted to remote work due to the COVID-19 pandemic. The World Health Organization alone experienced a 500% increase in cyberattacks early on during the pandemic, and other health-related agencies also saw a spike in cybercrime. Some reports say cyberattacks in general jumped by 34% between March and April, and phishing attacks in particular soared from 5,000 in February to 200,000 in late April.
“Attackers take advantage of heightened emotions and rely on the fact that people are anxious to learn more about breaking news, stimulus payment information, tax refunds, and even company announcements,” Sweeney explained.
Emails parading as announcements from government agencies, misleading subject lines about COVID’s impact on hard-hit industries, and malicious attachments claiming to provide tactics for avoiding the virus have all gotten employees to click.
Work from Home Internet Safety Best Practices
Just as any medical article will tell you to defer to your doctor’s advice, when dealing with technology, always listen to your IT team. Whether a third party or an in-house department, your team features a variety of professionals, such as a chief information security officer, security manager, penetration tester, and information security analyst.
These specialists can help with network, access, email, videoconferencing, and password safety. For employees working from home, we also compiled a list of the top internet safety tips in each of these areas and shared it below.
What is Internet Safety?
Staying safe online means maximizing your personal security while minimizing risks to you and your employer’s private information. Cybersecurity involves keeping people and property safe from cybercrime, which can include acts as diverse as unauthorized data access, cyber blackmail, or unwelcome sexual solicitation.
Network Safety Tips
When we say “network security/safety,” what do we mean? What network security issues do employees need to understand when working from home?
Network security, a broad term, refers to the safety and protection of companies’ computer networks and data. It includes the policies, procedures, processes, hardware, and software that keep computer networks and their information confidential, accessible, and clean.
When working from home, employees should make sure to avoid unsecured networks, protect their home networks with strong passwords, and follow any network security rules their employer provides.
According to Sweeney, best practices for network security include:
Use Your VPN If You Must Connect to a Public Network. You can download a VPN from a source you trust. Paying for a VPN typically yields better results than downloading a free app, which may monetize its services in an undesirable way.
Connect to Your Home Network Using a Long, Strong Password. To create an uncrackable password, shoot for something longer than 12 characters, and never use a word that appears in a dictionary.
Hide Your Home Network. Give your home network a new name and make it invisible to your neighbors and others who may be cyber-snooping.
Protect Your Router. Use your password-creation skills to change the default router administrator password to a strong passphrase.
Keep Your Devices Current. Make sure any devices connected to your home network are current so they feature the most up-to-date cybersecurity hardware and software.
Password Safety Tips
Working like a simple lock-and-key system, passwords seem like such a basic cybersecurity building block that they hardly merit attention. But often, the simplest tactics provide the strongest security. When does password security matter? Which security issues should work-from-home employees look out for?
A strong, unique password can protect your device, bank account, emails, and/or data drive from common hackers. A password-cracking device can use brute force or dictionary hacking to guess nearly any password, but most ordinary hackers move on to easier prey when passwords prove too complex to quickly crack.
Unfortunately, many users still don’t practice good password protocols, despite regular reminders to use long passwords, avoid words found in the dictionary, create new passwords for each account, and never use personal phrases such as street names. According to the February 2019 Online Security Survey by Google and Harris Poll, 52% of respondents use the same password for at least two accounts, and 13% use one password for all accounts.
Try the following practices to help keep your passwords in good working order:
Keep Your Passwords Secret. No matter how clever your key is, resist the urge to let anyone else know about it.
Use a Longer Password. A password of 16-plus characters trumps a shorter one.
Use Multi-Factor Authentication. This additional layer of protection lets you confirm that it’s you logging in.
Don’t Repeat Passwords. Create a new password for each account if possible, and never mix and mingle work and home passwords. If your company offers a password manager, use it.
Email Safety Tips
The oldest form of internet communication, email remains one of the most common ways computer users exchange messages. A McKinsey study found that reading and answering emails consumes 28% of an average workday. Clearly, people spend lots of time using email, making it one of the easiest points of entry for computer hackers.
What email security issues plague work-from-home employees? And what are the possible consequences of a lapse in email security practices? Email attacks can appear as legitimate appeals for money or information, or they can spread malware or ransomware through infected attachments. In 2020, for instance, coronavirus-related email subject lines have enticed employees to click malicious links or attachments, even if they didn’t know the senders.
An email security breach can expose sensitive data, embroil employees in phishing scams, lock down systems through malware, and even introduce viruses that crash entire systems.
Consider the following internet safety tips for email use when working from home:
Pause and Assess the Email. Before you click a link or an attachment, ask yourself: “Did this message come from someone I know? If so, did I expect to receive it?”
Be Aware That Phishing Messages Look Real. Attackers put you at ease by appearing to be someone familiar — maybe even a colleague — and creating a sense of urgency to act. Sweeney said there has been an increase in phishing scams since the COVID pandemic hit.
Verify With the Sender. Ask in a phone call or instant message if a suspicious email is really from the sender whose name is attached.
Videoconferencing Safety Tips
Videoconferencing has boomed as people social distance during the pandemic. One videoconference software platform, Zoom, grew from 10 million users
in December 2019 to 200 million in spring 2020.
Because videoconferencing relies on internet communication, it provides an access point for nefarious actors who want to break into companies’ networks. What potential issues surround videoconferencing security?
Remote workers aren’t always careful. It’s easy to jump on a video conference without taking precautions.
“These are strange times,” Sweeney said, “and employees working from home likely have a different mindset than they do at the office, whether that means they’re preoccupied, have increased job demands, or are distracted and letting their guard down.”
The results can prove catastrophic. According to the Washington Post, hackers have accessed thousands of recordings of private Zoom meetings and made them available to anyone on the internet. Hackers can also break into meetings, share offensive content, and disrupt the sessions.
What solutions can remote workers implement to maximize security when using videoconferencing platforms?
Create Unique Passwords for Each Meeting. Don’t just rely on the meeting ID for security. If you are not the host, ask whoever is hosting the meeting to take this extra step.
- Don’t Open an Unexpected Meeting Invitation or Accept an Unknown Caller.
Lock the Call After All the Members Have Joined. This practice can help keep out unwanted intruders.
Limit File-Sharing During Calls. Don’t let attendees receive or open documents on the platform, since these can contain malware.
Tips for Accessing Websites and Sharing Information
It’s hard to come by reliable data on the personal internet use of work-from-home staff, but research shows
that nearly all employees spend at least some time surfing the web at work. Called “cyberloafing,” this practice offers several benefits, namely operating as a stress-relief valve for knowledge workers. Nevertheless, clicking on unsafe websites or sharing personal information on a work computer can put a company’s network technology at risk.
Any surfer’s web history offers critical data into their life. People use the internet to research health topics that concern them, vacation spots they want to visit, charities they consider giving to, political sites that appeal to them, and other topics of relevance to their life. Legitimate advertisers use this information to help prospective customers find their products or services.
Cyber criminals can also track user data, however, and use it to determine how they’ll get a specific user to click on an infected file. Here are some ways Sweeney suggests to minimize your footprint and keep your work computer safe:
Limit Personal Use. Dedicate your work computer to work, and only use your own computer for personal searches, online shopping, and entertainment.
Avoid the Temptation to Let Your Family Use Your Work Laptop. Children and even partners can inadvertently expose your employer to hackers through the sites they click on and the search strings they enter.
Follow Your Company’s Policies Around Storing and Transmitting Company Information. These policies often require you to use authorized platforms, which have stronger security protocols in place.
Tips for Personal Versus Work Devices
Mixing work life with personal life can get sticky, but work-from-home employees often switch between work use and personal use on their electronic devices, cross-polluting data between the two. What security issues can arise when people mix and mingle work devices with personal ones?
Personal devices containing employer data can get lost, stolen, or damaged, thus putting corporate information at risk. Furthermore, friends, family, and inattentive employees could easily upload personal files to a cloud, breaking data security policies and co-mingling homework assignments with budget drafts, for example. Finally, security breaches on personal devices could result in legal or corporate penalties, or they could affect companies’ reputations with clients or customers.
Even so, some remote workers don’t have the luxury of separate work and personal devices and must rely on one device for both aspects of their life. To maintain safety, employers who ask staff to use their own devices for work should implement acceptable use policies, company-provided authentication components, and agreements for how to wipe devices when employees depart.
Sweeney provided an additional security tip for switching between devices safely:
Don’t Copy Corporate Data to Your Personal Device, Email, or Online Storage. Follow your company’s policy on storage and transmission of company information and communication.
The Future of WFH and Cybersecurity
COVID caused a monumental surge in remote work, but will companies make the work-from-home shift permanent even post-COVID? Probably.
In a Salesforce/Tableau survey, 69% of respondents said they believed the pandemic would “permanently change the nature of work.”
“With the pandemic situation constantly evolving, I think companies are having to adjust to the ‘new normal’ of work-from-home,” she explained, “whether that means the full workforce working from home or allowing for more flexibility as we navigate remote schooling, COVID exposure, and quarantining.”
This radical realignment of the digital workforce means companies are relying even more on well-trained cybersecurity professionals to keep their data, hardware, and employees safe.
“InfoSec teams will have to stay agile and align to company strategies as they respond to the pandemic, while monitoring ever-evolving threats that come with it (while dealing with election year threats to boot!),” Sweeney said.
As a result of these recent events, cybersecurity is morphing into an even more exciting field to study. Recent graduates and career-switchers can find an enticing new career helping to fight crime and tackle new technological challenges through cybersecurity.
Whether you choose to trailblaze a new career field or stick to your current trajectory, you can help keep everyone safe from cyber crime by practicing common-sense tactics, including:
- Pause and assess the situation before you click a link or attachment in an email.
- If you must connect to a public network, use your VPN.
- Create long and unique passwords for each account.
Meet the Expert
Director of Governance, Risk Compliance at Red Ventures