Working from home and flexible work is no longer just a temporary pandemic response, but an essential workplace structure. Many businesses now operate on hybrid work models to effectively support employee remote schedules. In fact, as of spring 2022, 58% of Americans work from home at least one day a week, and 35% have the option to work from home completely.
While working from home has ushered in new routines and lifestyles for employees, hackers have thrived by finding advanced ways to attack vulnerable workers. And as offices are still adjusting to hybrid work environments, cybercriminals can easily target fresh security protocols and their weak spots.
For those who are still working from home or operating in a hybrid work model, this guide is for you. We cover safety tips for working from home that you can begin incorporating into your routine today to ensure you, your employers, and your fellow employees remain safe.
Safety Tips For Working From Home
Hybrid workers expose their business networks to increased risk every time they sign on and reconnect, potentially carrying unintentional malware or exposing vulnerabilities in their company’s systems. To keep yourself and your employer safe when working from home, follow these simple cybersecurity tips and keep fraudsters at a distance.
10 Cybersecurity Tips to Protect Yourself and Your Employer
(1) Don’t share login information or confidential documents through DM or email
Everyone knows that sharing login information online is risky - 81% of hacking-related breaches are achieved through stolen or weak passwords. However, sharing login credentials is unavoidable when you’re working with a partially or fully remote team. How do you do it securely?
Never share login information or confidential documents through office chat DMs or texts that can be easily breached. Instead, opt for secure platforms that offer safe sharing features.
An example of this is 1Password’s feature, Psst!. Say you need to share the login information for your company’s social media accounts. All you have to do is open the share menu in 1Password and select “Share” to generate a link to your colleagues.
Your recipient will either be taken directly to a web view with the shared information, or be prompted with a one-time verification code to be permitted access. Since 1Password and other similar secure password managers are built with your safety top of mind, they are well worth the investment to protect you and your colleagues from fraudulent behavior.
Similar to login credentials and passwords, you should only share files through encrypted platforms and never through an email; once something is in an email, it can be sent or forwarded anywhere and easily intercepted. Instead, save and share files via a document server that’s been approved by your company’s IT team.
Also, resist the urge to download or use any unapproved tools outside of company resources. If you need something you don’t already have to get your job done, ask your IT department who can let you know what applications meet your network’s security requirements.
(2) Stay up to date with the latest security news
The best way to stay on top of recent security updates is to subscribe to newsletters and security experts that cover the latest industry news. Whether you prefer to consume podcasts, videos, or newsletters, here are a few of our favorite suggestions:
- Darknet Diaries: uncovering stories around hackers, breaches, and cybercrime, this podcast tells you everything you need to know about the dark web
- Security Now: in this podcast, cybersecurity experts Steve Gibson and Leo Laporte discuss the hottest topics in security, such as recent cyberattacks and platform/policy updates
- Pleasant Green: Pleasant Green exposes scammers and creates entertaining content around how you can avoid similar fraudulent activity
- UNREDACTED Magazine: a quarterly magazine that covers all things in privacy, security, and open source intelligence
Have a resource recommendation? Leave us a comment on Twitter and let us know.
(3) Secure your router at home and update the default settings
Most routers and network equipment, especially those provided by your internet service provider (ISP), are not actually safe. Because ISPs distribute millions of the same router units every year, most hackers can easily intercept default settings that aren’t updated.
Here are a few things remote workers can do to ensure their home equipment is safe:
- Change your router’s default username and password. Note that the router login is different from your WiFi credentials! Most third party routers come with a default username (typically ‘admin’) and password (typically left blank), that hackers target first. The way to reset your router’s credentials is not outwardly obvious and will vary by service provider, so be sure to look up the instructions specific to your equipment.
- Change your WiFi network name. Popular default network names like “Netgear” and “Linksys” disclose what network you’re connected to, making it easy for hackers to narrow down ways to target you. Remove these default names from your network credentials, and change them to something only identifiable to yourself. Also, never reveal any housing unit information. It’s common for people to list their apt numbers in their WiFi names, but this gives bad actors more information to exploit.
- Disable WiFi Protected Setup (WPS). WPS is a feature designed to enable users to connect their devices to WiFi networks without needing to enter a username or password. Most routers come with WPS turned on by default, permitting users the ability to simply press the WPS button on the back of the router to pair devices with the network connection. While this is convenient for friends and guests, WPS-enabled networks are more vulnerable to cybersecurity threats since they allow attackers to directly target the WPS function and steal passwords. Make sure that you disable this feature and reduce the number of access points for bad actors.
(4) Make secure online payments with Privacy virtual cards
Whether you’re making purchases for work or for personal use, if you’re on a company device, make your online purchases with a virtual card such as Privacy.
Instead of using a traditional debit or credit card at checkout, opt for a Privacy Card that allows you to generate unique virtual card numbers at every place you transact. Privacy Cards are built with a suite of security features that ensure your personal information and card details remain secure. If an online merchant or vendor you transact with experiences a breach, you can simply close a Privacy Card without needing to shut down your bank account or jeopardize your company’s finances.
We also encourage small business owners to leverage Privacy Cards to monitor and track employee spend. Share Privacy Cards with your employees so online transactions remain secure.
(5) Make small adjustments to your Zoom and video conferencing etiquette
Working from home has allowed employees all over the world to easily connect with each other. It’s important you follow secure video conferencing protocols when you’re on company devices. Here are 3 simple ways to stay safe online when connecting virtually with your coworkers:
- Always generate a new meeting with a new Personal Meeting ID (PMI). On Zoom, everyone is given a PMI to launch an ad hoc meeting. Essentially, your PMI is the same personal meeting link for every call you schedule - for instance, your 3PM meeting guests can accidentally join your 2PM call if they dialed in early. For public meetings, you should always generate a new meeting with a new PMI. This way, only invited members will know how to join.
- For public meetings, make sure that all confidential information has been closed out before you share your screen. Turn off your chat and email notifications, close out of opened docs and private tabs, and log out of anything that shouldn’t be shared with anyone outside of your company.
- Consider dialing through Zoom’s phone calls if you’re on the go. As of this year, Zoom users can now also add end-to-end encryption for phone calls, which brings all of the enhanced security features on video chat to your Zoom phone calls. This could be a secure option to connect with your colleagues virtually.
(6) Always keep your VPN turned on
Built to protect against malware and cyberthreats, remote-access VPNs allow employees to safely connect to a shared network that has the same security and connectivity benefits as an in-office network.
First, make sure that your company utilizes a secure VPN. Then, always make sure that your VPN automatically connects to your work devices when you turn them on. This is important if you ever need to access confidential information on an insecure network (i.e., at a coffee shop, on a commute, at the airport, etc.). Your employer’s VPN will give you an extra layer of security when accessing private information on work devices.
(7) Know how to identify malicious and scam behavior
Remote work has made phishing attacks and scams even more prevalent. One type of attack that has been on the rise with remote work is social engineering—fraudulent actors will pose as trusted individuals and then manipulate these relationships to gather insider information. Fake employees can easily hide behind screens and collect confidential work details, operational processes, and login credentials to plan an attack.
Additionally, LinkedIn has recently become a crucial tool for cybercriminals, who can use a company’s public account to gather lists of executives and employees to target. This is why it’s important you only connect with individuals that you know or can trust on LinkedIn. Malicious actors can easily create false profiles to collect company details from vulnerable employees.
(8) Use secure browsers when accessing confidential work information
Search browsers built for security provide a host of features that keep you safe online. If you’re accessing confidential work documents or viewing shared files online, we suggest you open them in a secure browser such as DuckDuckGo or Tor.
These browsers have built in features that prevent third-parties from collecting personal information that can be exploited (e.g., websites you’ve visited, usernames and passwords, cookies and trackers, and any autofill information with phone numbers, addresses, and emails).
(9) Separate your work and personal devices
You may find it’s more convenient to add work emails and apps directly onto your personal phone or laptop. While this removes the need to carry multiple devices everywhere you go, it poses potentially huge security risks if your phone or laptop with work emails/apps installed is stolen. In fact, 86% of IT practitioners have said that someone in their organization has had their laptop stolen, with 56% of these instances resulting in a data breach. Separating your personal and work access points will reduce the overall risk should your devices fall into the wrong hands.
(10) Follow the general encryption checklist for your work devices
Across all personal and work devices, follow the checklist below to keep your equipment safe.
- Make sure all your devices require a password to unlock that’s at least 6 digits. And where possible, turn on all other security enhancements like face and/or fingerprint identification.
- Turn on your devices’ auto-lock feature to engage after short periods of inactivity.
- Turn on two-factor authentication (2FA) wherever possible.
- Turn off your devices’ WiFi and Bluetooth discovery settings when they’re not in use. Also, remember to do this before you shut your computer down.
- Regularly update your software. Anytime you see a notification to install new updates on your phone or laptop, do so as soon as possible.
- Make sure that you have a data wipe option on your phone or laptop.
We cover more ways to protect yourself in our mobile security threats guide.
Stay Secure Online
Increased flexibility in how and where employees work has opened a wealth of opportunities for both companies and employees. Being able to hire people from all over the world encourages diversity of thought while providing employees the freedom to work from anywhere they want.
However, remote work has also introduced more ways for hackers to target the employees that do not stay vigilant. Whether you are working remotely (like we are here at Privacy! We have a few positions open, FYI), working on a hybrid model, or looking for simple cybersecurity tips to keep you safe when working from home, make sure you’re taking the appropriate steps to keep yourself and your employers secure online.