The pandemic permanently transformed many aspects of our everyday lives, including the workplace. Working remotely has become more commonplace than ever before, with nearly 58% of Americans having the option to work remotely, according to a McKinsey report.
Working remotely has its many perks including working from a location of your choice, being able to blend your work and home responsibilities, saving on transportation costs, avoiding distractions and more. This isn’t to say working from home doesn’t have its negatives as well.
When you are working from the comfort of your home, you forgo the protections an office offers you such as a secure connection, an IT person to help you with all your concerns, and being surrounded by usually trusted coworkers.
When working from a location of choice, your cybersecurity risk is higher as you are exposed to a series of threats ranging from a hacker in a coffee shop to a curious toddler accidentally sharing sensitive information.
To make your remote work environment as secure as possible, we talked to experts and put together a list of the best habits you can practice.
1. Avoid working in public places
I know one of the biggest perks of working remotely is being able to work from a setting that fuels your productivity, which can often be a public place such as a coffee shop, library or park. However, by working in a public place you are exposing yourself to serious cybersecurity risks.
The first, and most direct one is over-the-shoulder attacks, also known as shoulder surfing. All this takes is for an observant, determined hacker to be sitting in the same space as you paying close attention to your every move.
Also: Stop using your 4-digit iPhone passcode in public. Do this instead
Once you are hard at work and concentrated on getting your task done, they can be discreetly jotting down all your data which they can use for a future attack.
The second reason to avoid working in public spaces is the potential data breaches you open yourself up to utilizing public WI-FI, as explained in the next tip.
2. Do not use public Wi-Fi
To practice safe remote working, if you have to work in a public place, you should avoid connecting to public Wi-Fi. Working in public spaces has its own set of risks, but public Wi-Fi networks will only amplify your risks of getting hacked and put corporate sensitive information at risk.
“As you use public Wi-Fi, you are exposing your laptop or your device to the same network somebody else can log on to so that means they can actually peruse through your network, depending on the security of the local network on your laptop,” says Gartner VP Analyst, Patrick Hevesi.
Doing work in a public space while also not using public Wi-FI may seem like a paradox, but there are simple and secure solutions. The first is using a VPN when accessing corporate information in public.
A VPN is a virtual private network that adds an extra layer of security through an encrypted connection between your device and the internet.
If you are using a company provided device, it is likely that it already has a VPN service installed. If not, there are a variety of VPNs that you can invest in. ZDNET has reviewed many of them extensively and you can find our recommended VPNS here.
“If you have to use the public Wi-Fi, then to access corporate sensitive information, use the VPN,” says Tapan Shah, EY Americas Consulting Cybersecurity Leader.
Another more simple solution is turning on your phone hotspot to connect to the internet in a coffee shop. Your hotspot can easily be turned on from your smartphone’s settings which lets you share the data from your smartphone to your device.
“If for whatever reason the VPN is [too] slow, make sure you use your hotspot because the hotspot is secured through a phone connection,” adds Shah.
3. Invest in antivirus software
Antivirus software is an easy way to add another layer of security to your device. All computers, regardless of maker, can benefit from software that stops malware from entering your computer.
“The reason why they are important is there are still so many vulnerabilities out there in the operating systems,” says Shah. “The threat actors are just looking for those kinds of vulnerabilities, trying to get in, and this antivirus will at least have a signature of what that looks like and can catch that.”
If you are using a device provided by your company, then it will likely come with some form of anti-malware software already installed.
However, even if you occasionally access sensitive corporate information on your personal devices, such as your phone or personal laptop, installing antivirus software could make a difference. You could also benefit from the extra layer of protection for personal information such as credit card numbers, medical records and more.
4. Reboot and update all your devices on a regular basis
Typically, when we think of the benefits of software updates, we think of new features or device performance enhancements. However, software updates deliver the latest security fixes to your device.
“Anything, whatever you’re using, you want to make sure that those devices that are connected to your network are up to date,” says Hevesi.
Also: 10 ways to speed up your internet connection today
When updating all of your devices, you have to think of more than just the obvious like your laptop and phone. All of your IoT devices connected to your network, such as your smart home gadgets, need to be updated to reduce the number of vulnerabilities to your network.
One of the most important devices to update, and perhaps the easiest to forget, is your router.
“At a minimum, you should update your firmware and make sure the patches are up to date on your router,” says Shah.
Regularly updating and rebooting your router will not only help its performance and internet connectivity, but it will also ensure that it has the latest, safest software installed.
5. Use password best practices
Setting strong, unique passwords may seem like the most obvious precaution, but it is one often overlooked.
To establish a strong first layer of protection to your accounts, make sure to change default passwords to ones that are specific and unique to each account.
“Your security is as good as your password, because that’s the first first line of defense,” says Shah. “You want to make sure that you have a good strong password, and also don’t use the same password for all the other sites you may be accessing.”
Default passwords, like the ones on your router, are the norm for many different devices and subscriptions. However, these default passwords pose a risk to your security as they can easily be looked up used by potential hackers.
“You get some kind of ISP modem, and there’s a default admin router password, and most people don’t even ever change that,” says Hevesi.
With “default admin password settings that anyone could look up on the internet, I could then get in and make changes or do all sorts of, you know, interceptions of traffic.”
6. Beware of phishing attacks
A quick and easy way to give scammers access to your personal information is falling for a phishing attack.
In these attacks scammers attempt to get your personal information out of you by impersonating a trusted site, email, link or message that you would typically interact with.
Once you interact with the link or file, the scammers are able to infect your machine with malware that can ingest your personal information.
Anti-phishing tools can help offer you an extra layer of protection, but the best protection is to educate yourself and other household members about these attacks.
“Yes, you can have these tools that could try to stop those phishing attacks, but if the people in your house are not educated on what that means, it’s just really about educating the people inside the home, on ‘don’t click every link’ and ‘don’t be fooled,'” says Hevesi.
Once you and your household members are educated on the topic, you can all make an active effort to act with suspicion and avoid falling in future traps.
7. Back up your data
The best way to protect yourself against ransomware is by backing up your data. As implied by the name, in a ransomware attack, a hacker threatens to publish or delete your information until a ransom is paid.
If you back up your data consistently, even if you were subject to one of these attacks, you are able to recover your data from your own backup without having to pay a ransom.
“A lot of ransomware attacks are going on,” says Shah. “If you do the backup on a regular basis that actually helps you to recover [your data] if something like a ransomware event or a data compromised event occurs.”
To back up your data, you can choose from a series of cloud storage services such as iCloud, Dropbox, or Google Drive. You can also choose to back up your data on a physical entity such as an external hard drive.
8. Manage household risks
Even though you may trust your family members and others in your household, it is important to remember that your computer holds sensitive information about your business.
An innocent click from a child could end up sharing highly sensitive information to your entire organization or even worse, to external entities that could use that information for harm.
To avoid an incident like this happening, if you live with children, it could be a smart idea to set up parental controls that can prevent a toddler’s accidental attack. Setting your devices to automatically lock whenever you’re not actively using them can also help.
“If you have children, there’s parental controls,” says Hevesi. “You obviously want to protect people inside your house with additional layers of protection until they become tech savvy.”
In addition to physical obstacles like computer control, it could be worth teaching your child about the dangers of the internet from a young age to keep both themselves and your information safe.
“I taught my daughter, she’s now an adult, about what’s good and bad, and what a hacker is, and you know, how they do and what a phishing attack is,” says Hevesi.