WFH Cybersecurity Tips: How to be the Strongest Link
Why Coronavirus means it is time to get serious about securing personal information, and what employees can do to protect themselves.
Businesses have been telling their employees to take additional security precautions on their personal devices, like enabling two-factor authentication, for years. Many people chose not to follow that advice, believing that the risk was seemingly low. But with the arrival of the coronavirus, risk has increased and hackers are already using this global tragedy as an opportunity — and the worst is yet to come.
While most newly-remote employees are still in the process of downloading video conferencing tools or wrestling with what they will and will not be able to do from home, hackers have already mobilized in sophisticated ways and have set their sights on employees’ personal computers, devices, cell phones and home Wi-Fi networks. Employees who do not go above and beyond to protect their personal devices and internet connections may find themselves in a tough situation, with little to no immediate recourse as corporate IT and public service departments alike feel the strain.
It has already started: In just the past few weeks, malicious actors have posed as members of the World Health Organization, spreading misinformation via email phishing campaigns and targeting non-governmental organizations, as well as companies in the healthcare, financial and technology industries. One hacker in particular has been distributing a COVID-19 outbreak map that delivers malware to anyone that interacts with it. Two weeks ago, the Champaign-Urbana Public Health District fell victim to a ransomware attack. Hackers’ tactics are evolving so quickly in a time of panic that even more tech-savvy employees may find themselves duped.
If that’s not enough of a wake-up call, consider how hard it was to resolve identity theft before this global crisis. Victims must typically file a report with the Federal Trade Commission, work with the IRS, contact the local police, freeze credit cards and more. As these public institutions will likely continue to struggle with more pressing demands in the coming months, resolving identity theft will take a backseat and victims will see longer timelines between reporting and resolution.
Right now, we’re in the first wave. The second wave will come as more and more people working from home start using personal devices to work remotely, causing the opportunities for malicious exploitation to grow exponentially. Add in that most companies lack a formalized work from home security policy, and we’re fast approaching a new era of digital threats to employees.
What you can do: Employees at every level play crucial roles in building a secure organization. Be the strongest link by:
Know what to do if you are compromised — Preventing a breach is one thing, and knowing what to do if you fall victim is another. Hackers may access your personal or work email accounts to send malware to your contacts or colleagues using your address. The sooner you alert your IT department, the faster they can control any potential damage.
Be diligent about passwords — Use a different password for everything, make sure it is long and complicated and change it every few months, especially if the account or device does not have two-factor authentication (2FA). This principle applies to anything you use online or at home — not just email accounts but also Wi-Fi passwords, online bank accounts and computer login passwords.
Several apps exist that can make this less of a pain. Using a password manager like LastPass to generate and store complex, hard-to-hack passwords works. Download a 2FA tool like the one offered by LastPass or Google’s Authenticator to make it even more difficult for hackers to access your accounts.
Watch yourself — Monitor all activity in your financial accounts. LifeLock is one vendor that helps people keep an eye on their accounts. Freezing your credit is also a great safeguard — it doesn’t prevent you from using your credit cards, but will help prevent someone else from opening up a new line of credit in your name by implementing additional security measures around your account.
Get smart about phishing — Too many employees still think phishing is presented as a poorly-worded email with a suspicious-looking link. But it has evolved — phishing can now happen on Slack, Dropbox and even your phone. Additionally, hackers engage in “social engineering,” where they may uncover details such as the names of your boss and coworkers through platforms like LinkedIn in order to pose as someone you trust. Limit the amount of information you share on these sites, as well as who can view them. If you get an email from a co-worker requesting you to share sensitive information, pick up the phone and call them to verify. Educate yourself on the latest phishing scams and tactics, and work with your IT department to understand the threats specific to your industry. Even when things are busy, take the time to double-check the spelling in a senders’ email address, be especially suspicious of shortened URLs and delete messages immediately if something feels wrong.
Get physical — Threats to hardware, like routers, should also be considered. Often we link multiple devices together and receive emails and software updates across laptops, tablets, and phones. If one device is weak, they are all vulnerable, so practice these tips across every device you use for work and home.
Governments, hospitals, and communities around the world are calling for solidarity in doing everything we can to ease the impact of the coronavirus, and the same goes for protecting ourselves and each other in our digital lives.
