There’s no question we live in interesting times. The recent global pandemic has had everyone scrambling to try and meet customer demand and keep employees working. For the lucky ones who get to continue working during this crisis that means making changes to how we work, largely doing everything remotely. With millions of people working from home, who may have never had to manage their cybersecurity, this new way of working brings with it some potentially serious security concerns. That’s why we’re taking this time to offer you some cybersecurity tips for remote workers.
I’m lucky enough to work for WebDevStudios as a Support Engineer. We are a fully distributed company. That means we all work from home. WebDevStudios has been 100% remote for over a decade, and we’ve all learned some important lessons and acquired expert knowledge.
Before we jump in, though, what exactly is cybersecurity? To oversimply it a bit for the purposes of this article, it’s basically best practices for defending your computers, servers, corporate assets, and electronic systems or data from malicious actors who try to take advantage of vulnerable systems. With even more people working online, there are even more scammers and hackers trying to take advantage of this terrible situation. Apply these cybersecurity tips for remote workers and keep your computer safe during all this.
Use Antivirus Software
You should already be running antivirus software, but if not, that needs to be your number-one priority. Everyone is human and we are going to make mistakes and click on things without thinking or download a file from someone else who isn’t running antivirus software.
There are a lot of great antivirus software brands, and your company may even provide licenses for one of the popular antivirus packages. If not, however, know that there are free options for every operating system (Mac, PC, Linux). For the purposes of this article, we’ll mostly be focused on Mac and PC.
Free options are great, but having solid antivirus protection is what is super important. There’s a reason I started this list of tips with this one. If you aren’t running antivirus, even viewing an image can be a potential point of attack. Someone could infect your system with a virus or malware and cause all kinds of damage. Viruses can do things, such as copy sensitive data (like usernames and passwords, especially financial ones) and send it to the hacker’s server where they collect and then sell your information on the black market, usually via the dark web.
Malware can be almost as bad and is often used to insert intrusive ads on your system. Both types can also use your computer as a zombie to try and infect other systems. So, do yourself a favor and make sure you are running antivirus software. The free ones are indeed pretty good, but like with anything, you get what you pay for. Check with your employer’s IT department to see if they provide licenses to a specific antivirus software. If not, the premium options are often affordable at around $30-$50 per year and are worth every penny.
Trust No One
Next, before we get into another favorite bit of software, do not trust anyone online. It should be your default position. The number-one source of system intrusion is typically employees not being vigilant with sensitive information. Something innocuous, like clicking on a random link, can lead to your computer getting infected.
If you get a link from someone you don’t know, DO NOT OPEN IT! This is often a “phishing” scheme where the attacker learns about you or tricks you into installing something you shouldn’t by getting you to visit a special URL (link) designed to compromise your system.
You should also guard your own and your company’s private information. Use common sense and be suspect of anyone you don’t know online. To complicate things even further, you have to watch out for people pretending to be people you know. Just the other day, I got a Facebook friend request from my aunt and it turned out to be someone pretending to be her. She was asking me for money, and red flags went up immediately. I checked and sure enough, my aunt and I were already friends on Facebook. This new account was trying to pretend to be her to scam our family out of money. Stay aware!
Use Strong Passwords and a Password Manager
Speaking of sensitive information this next tip is all about passwords. First and foremost, you should be using unique passwords for everything. I know this is a major hassle, and remembering a password for every site seems impossible. You’re right; it is. That’s why we recommend using a password manager like 1Password or LastPass.
Once you install these apps, they’ll remember all your passwords for you and store them in a secure vault. Then, you just need to remember ONE password to get access to all your passwords. This protects you in a number of ways.
For example, if you do somehow get a virus that searches your computer for passwords, it won’t be able to find them as your passwords will be inside a secure, encrypted vault. It would take a hacker many decades to break into with today’s computers.
Also, using a different password for every service means that if one service gets hacked, and your password is leaked, then it won’t effect any other accounts you have. This is super important, as it seems like there isn’t a month that goes by where some service or another isn’t hacked and customer data stolen or exposed. Bottom line: use strong, unique passwords and store them in a secure password manager like 1Password or LastPass.
Use a VPN
This cybersecurity tip is a little more technical. A VPN is a virtual private network that you can connect to and then browse the internet and complete your work safely. You’ll need a VPN service to do this, and they usually have their own software, as well.
A VPN provides protection against a number of exploits like people “sniffing packets” from your computer to steal passwords or other sensitive information like bank accounts. This is more critical when you are working on a public network, like at a coffee shop or airport, where other people you don’t know are on the same shared network as you.
With a VPN, you connect to a virtual private network and then your connection is encrypted and made anonymous. It is much more difficult for hackers to gain access or see your passwords with an active VPN. Remember, when you are connected to any network, including your own cable/fiber internet, your service provider can see all your activity, as well. A VPN will keep your internet usage private and protect your connection from malicious hackers.
Don’t Share Your Zoom Links Publicly
I shouldn’t have to even be saying this, but some unscrupulous folks have decided to invade unprotected Zoom chats (and other open chat systems) and play pranks on the calls, or worse, listen in and gain inside secrets. So far, it’s mostly been stupid pranks, but one of our executives was on a public meetup where someone broke into the chat and played pornography. There really is serious potential for someone to wreak havoc and expose (pun intended) you and your company to liability or harassment all the way to corporate espionage.
Zoom has taken steps to lock things down by default, so make sure you have the latest version of Zoom (or any app you are running, for that matter; staying up to date is part of the security process). If you do have to share your Zoom link, make sure you require passwords to join or that you manually approve people who join your chat (that’s now the default behavior in Zoom). You can read more about “zoombombing” on WikiPedia. It sounds cute, like photobombing, but it’s so much worse!
Hide Your WiFi
Wait, what? Hide my WiFi? Yeah, hide it so that not just anyone can probe your network.
You should already be using a WiFi password (and hopefully a strong one; I know typing them sucks!), but if your network SSID (network ID or network name) is set to “broadcast,” that means attackers know it exists and can start probing for ways to get in. By changing your network settings to have the SSID to not broadcast, when anyone wants to join your network, you’ll need to personally tell them the network name and the password.
That also means that strangers sitting outside your house can’t see your network just by parking outside at the curb. This is a bit of “security by obscurity,” and I don’t usually recommend that, but with WiFi, it’s an extra step that can really help keep your network more secure. Changing this setting requires you to have admin access to your router. If you have one from your internet service provider, the password is likely on the side or back of the modem/router provided.
Have a Strong Security Policy and Follow It
Even if your company doesn’t have an official security policy you should set out guidelines for yourself. Everything is online these days and most of these tips will apply to anything you do online. Make sure you have a least a basic understanding of how to work securely online.
Back Up Your Computer
I know this doesn’t sound like much of a security tip. I even debated making it the first item in the list; that’s how important it is. No matter how careful you are, things happen. The last thing you want to do is lose important work or data that can’t easily be recovered.
A bad virus can infect and delete or encrypt data in such a way that you can no longer access is. They may even try to ransom the data back to you in extreme cases! So, make sure you are backing up your computer. You should be doing this already.
I personally have a cheap USB drive that I back up my computer to weekly, and I use an online service call BackBlaze to automatically back up my computer to the cloud. It works pretty well. There are other services out there, but please, back up your computer locally and remotely for the best coverage.
Keep Software and Apps Up To Date
Make sure you keep your software and apps up to date! I can’t believe I left this out originally, as it’s super important. Out of date software is one of the most common ways a computer system gets compromised. My advice is turn on auto updates if you can (I do this for all my mobile apps any software that supports it), and if not, you can set a reminder to check for updates at least once per week.
I usually do my updates and backups on the same day. I set a reminder for Sunday evening and then do any software updates that need to be done and then hook up my USB drive to get a local backup. Thanks to Nick Franklin via Twitter for reminding me of this one!
Some Quick Bonus Cybersecurity Tips for Remote Workers
- If you are out in public, make sure people can’t easily see sensitive data on your screen.
- Use encryption where possible (example: you can use PGP encryption to encrypt your emails).
- Don’t leave your device open/logged in when you walk away from it, especially in public.
- Don’t use/trust a USB device you found or were given by someone you don’t know.
Lastly, remember that human behavior is the weakest link in almost every security policy. Stay alert, aware and suspicious of everything to improve your chances of not getting hacked, infected or otherwise compromised. This is true whether you are working from home or once you go back to the office.
Did you enjoy these cybersecurity tips for remote workers? Read more of our remote work articles and stay safe!