Best Cybersecurity Practices While Working From Home

By Jason Chong and Steve Vasconcellos, CPA, CGEIT

The coronavirus pandemic has brought an unprecedented rise in the number of employees working from home. Unfortunately, with employees operating outside of their company’s usual cybersecurity set-ups, the situation offers plenty of opportunities for hackers to exploit poor digital habits and weak at-home security protocols. We recommend these best practices to keep your data safe while working from home:

Watch Out for Scammers Taking Advantage of COVID-19

While many of us view this crisis as a moment to come together and help one another, there are others who see an opportunity to exploit vulnerabilities. Be aware of malicious actors and keep your guard up:

• Only use mainstream apps/websites for COVID-19 tracking and information. These include such authorities as Johns Hopkins, the World Health Organization, and the Center for Disease Control.
• Don’t give away any Personally Identifiable Information (PII), especially via email, text, or phone calls. Scams targeting CARES Act stimulus funds are already becoming prevalent.
• Do not click on links or attachments sent via email, unless you are 100% certain it’s legitimate.
  • If you’re unsure, do not click the sent link, but open up a web browser and go directly to the website.
  • If you open an attachment and there is a clickable link that asks you to sign in with any of your login credentials (e.g. work, Microsoft, Google, LinkedIn) for any reason, stop and close out of the web browser and attachment immediately.
• Look to IRS.gov for information on tax-related updates.

Review Your Wireless Security

Since you’re now working from home, you should ensure your personal wireless security set-up is secure. This will involve logging into your wireless access point, such as your router, and:

• Changing the default admin password on your wireless access point. Your router may have instructions for how to easily do so. After logging into your router, look for the “security” section on the navigation/menu pane. This will differ based on your access point.
• Make sure your wireless access point has WPA2-level security. WEP is considered outdated and its security is low. This can also be changed through the “security” section or equivalent of your wireless access point.
• Update your wireless access point’s firmware. You should consider upgrading to a new access point if your existing one doesn’t have any current updates available. Hackers may exploit known vulnerabilities in older firmware versions.
• Do not broadcast your main SSID (aka your Wi-fi network name). Keeping it private will make it less vulnerable to outside agents.
• Add a guest network separate from your main network if your wireless access point has this feature.
• Do not connect to open (public, neighbor, etc.) wireless networks. Stick only to the wireless networks you’ve set-up yourself. If you absolutely must connect to an untrusted network, make sure to use VPN services/software.

Separate the Work from the Personal

While this applies to many areas right now, for this article, we’re specifically talking computers. If at all possible, don’t use a personal computer that is shared among your household to access work resources. If this is not possible:

• Be wary of software (especially freeware and games) installed by other household members. These may contain malicious software.
• Make sure you lock your computer when you step away (even at home). Once you are finished, log out of all work resources if the computer is shared.
• Don’t save company data to your personal computer. Verify your company’s protocols regarding Data Security Policies while working on non-company issued computers.

Make Sure Your Software is Up-to-Date

Outdated operating systems and software may contain issues that hackers can exploit to gain access to your devices. As such, you should:

• Upgrade to Windows 10. As of this year, there are no more security patches being released for the widely used Windows 7 OS.
• If you’re already using Windows 10, review your current version and apply the latest patches. This can be done by typing “Check for update” in the home search bar.
  • For MacOS version updates, click the Apple (logo/menu), “About This Mac,” then “Software Update.” This can also be done incrementally through visiting the App Store, then checking “Updates.”
• Upgrade your mobile phone’s OS to the latest version, this applies to Android, Apple, or whatever your brand of choice is. Make sure you’ve also enabled a passcode or the use of biometrics to unlock your mobile phone.
  • It’s also important to install web security software on your mobile device. This definitely applies for Android users; Apple’s closed ecosystem makes them less vulnerable.
• Update your preferred internet browser to the latest versions. These should be updated regularly to receive critical security updates.
• Make sure you have active and up-to-date antivirus software installed on your computer.
  • On Windows 10, go to “Settings,” then “Update and Security.” On the left-hand pane, click on “Windows Security” to make any updates.
  • For MacOS systems, anti-virus protections are built into the operating system. Update your OS following the steps mentioned above and your anti-virus software will follow suit.
• Finally, download the latest patches for all the devices connected to your home network. These include obvious items such as your iPad and security cameras, and less obvious Internet-of-Things products like your Smart TV or Nest thermometer.

Protect Your Login Credentials

Be wary of providing your login credentials when prompted by websites/applications. Stolen credentials can be very damaging to your personal reputation as well as to your company’s reputation depending on the type of access you have and how your stolen credentials are used. To better protect your information:

• Enable multi-factor authentication (MFA) for all your accounts. You can generally accomplish this by logging into your account and checking your user profile security/login settings to see if multi-factor authentication is available. At the very least, you should check to ensure MFA is set up for:
  • Email
  • Financial (e.g. banking, investments)
  • Other online services (Box.com, DropBox, Amazon, etc.)
• Use a mobile authenticator app (e.g. Microsoft Authenticator) as the first choice for MFA; text-based MFA is less secure, but it is better than no MFA. Also keep in mind that mobile authenticator apps that include security (e.g. Microsoft Authenticator) are better than open access mobile authenticator apps (e.g. Google Authenticator) that don’t require any security to access the mobile application.
• If your company doesn’t utilize MFA already, inquire with your IT department about establishing it.
• Finally, frequently change your passwords. Even if your login credentials have been compromised, resetting your password often will help keep your information safe.

Taking these simple steps will build a more robust cybersecurity defense as you work from home. If you have any questions regarding how to improve your cybersecurity set-up, contact one of our Clark Nuber IT professionals.

© Clark Nuber PS, 2020. All Rights Reserved

This article or blog contains general information only and should not be construed as accounting, business, financial, investment, legal, tax, or other professional advice or services. Before making any decision or taking any action, you should engage a qualified professional advisor.