Cyber Security Protection While Working from Home

One key way to improve home cyber security is simply to get better at identifying and avoiding potential threats. That’s because most security lapses are at least partly due to human error. For example, if a malicious email message evades your spam filter and arrives in your inbox, it usually can only cause damage if you mistakenly click on a link or attachment in the message. What’s more, the distractions often associated with working from home can make you more likely to click when you shouldn’t.

Cyber security awareness training is designed to help you learn how to spot the threats. Do you regularly receive emailed shopping coupons or discount offers? Scrutinize them closely, even if they look like they’re from a familiar retailer. Is your CEO emailing you from their personal email account with an urgent request to transfer thousands of dollars to a supplier? That may seem highly important, but it should also ring alarm bells.

If you work for a company that offers cyber security awareness training to its employees, be sure to take it frequently, to stay abreast of the latest threats. If that option isn’t available, there are many online sources for awareness training and tips, including the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.¹

Most cyber security threats are encountered in email or on websites, so it’s particularly important to be aware of those risks and know how to avoid them. Here are a few tips from the nonprofit Center for Internet Security:²

• Double-check all links in emails and on websites, and don’t click if they look suspicious. Hackers may conceal a malicious link behind innocent-looking text; if you’re using a PC, hovering over the text may reveal whether the link doesn’t match the text.
• Whenever possible, type web addresses into your browser instead of clicking on links in emails. A favorite ploy of criminals is to send emails containing URLs that look deceptively like the real thing—simply substituting a zero for an “o,” in the name, for example. If you type the address you want instead of clicking on a link, you may avoid being taken to a malicious website.
• Enter usernames and passwords only on sites that you completely trust. Hackers often create websites that look identical to genuine, commonly used services—but are really designed to capture your information. They may then try to use that information to log in to your corporate email system or personal bank accounts.
• Use multifactor authentication (MFA) to add another layer of cyber security. MFA applies additional checks when you sign in to an online service, to make sure that you are who you say you are. For example, if you try to log in from a computer, an MFA service would text a number to your cell phone; you have to enter that number on the computer in order to be admitted. The idea is that even if a hacker steals your password, they can’t access your account unless they have your cell phone, too.
• If you see something suspicious, contact your company’s cyber security team, verify by other means, or do both. For example, if you receive an email request from a contact at another company and something about it looks slightly odd, call your contact at a known phone number to make sure it’s really them.

Many homes contain several devices that can connect to the internet—such as the home’s router or set-top box, WiFi access point, computers, phones, and smart devices like thermostats or alarm systems. It’s important to secure every one of those devices, because each is a potential entry point for a cybercriminal. Leaving a device unsecured is like leaving your windows and doors unlocked.

• Always change the default password on each device to a strong password. Many devices are sold with a default username (e.g. “admin”) and password (e.g. “1234”) that are easy for hackers to guess; in fact, some malware stores a list of common passwords and automatically tries them to see if one will work. Experts generally recommend replacing each default password with a long string of numbers, letters and symbols that doesn’t include anything a hacker might be able to guess, like your birthday or a pet’s name.
• Don’t use the same password on multiple devices.
• Pay special attention to your home router or set-top box, which is the gateway from the internet to all the connected devices in your home. Use a strong password for your home Wi-Fi network, and make sure your router’s attack-blocking firewall is activated. You can call your internet service provider for help setting up your router.
• Stay current on software updates for all your devices; they are often designed to fix known security problems.
• If your employer provides a virtual private network (VPN), be sure to use it for all internet activity including email and web surfing. A VPN creates a secure connection to your company’s systems by encrypting information that’s sent via the internet, making it harder to steal.

Online videoconferencing provides many of the advantages of face-to-face meetings without the need for travel. But videoconferences can also be misused: hackers may attempt to disrupt meetings or—perhaps even worse—silently watch in order to steal confidential information. To prevent problems, take a few precautions:

• Make videoconferences private to prevent unauthorized access. If you’re the host, require attendees to enter a password for each meeting, and admit each attendee individually.
• Don’t share meeting links on social media. They could be seen by people you don’t want in your meeting.
• Manage screen sharing options so that only the host or chosen participants can share their screen.