Over the past year, and primarily because of the COVID-19 pandemic, many more people have become used to working from home (“WFH”) regularly, taking online classes, or overseeing their children using remote learning. All of this dedicated online time means that there are more opportunities for your work computer, home network, and personal computer to be exposed to cyberattacks. It’s important to always be alert to threats online, and following are some suggestions for enhancing your online protection while working or learning at home.
Read and learn any specific policies from your company or schools about WFH and online learning. Your employer or school may have significantly expanded their policies about working or learning from home with more rules and instructions over the past year. You need to look up the current protocols and learn them. Not giving work or school security policies your full attention may not get a sympathetic response from your employer or children's school if there's security breach that you might be responsible for—and could have prevented with more knowledge.
Check the security settings in your software for Zoom®, Microsoft Teams®, Cisco Webex™ or other videoconferencing/remote meeting software. Before initiating a video call or connecting to an invitation to an online meeting, review all the security settings in your software. Here are basic tips that could improve online safety during work calls or school classes:
- Make certain you and your children are using the most current version of the videoconferencing/remote meeting software.
- Ensure meetings or classrooms are private, either by requiring a password for entry or controlling guest access from an online waiting room to only admit invitees.
- Make certain the camera and microphone are only turned on when you want them on.
- Do not have other applications open that are not related to the call; you don't want to accidently overshare your screen and have a sensitive document or email be seen when they should be confidential.
- Consider using end-to-end data encryption. This means that the information coming from you is encrypted and the information you’re receiving is encrypted from the sender. Encryption guards your voice, video, and other information from being attacked by computer hackers. End-to-end encryption should be used if it is available as an option in the videoconferencing software, and use of this encryption may be required by your company or your children's school.
- Carefully manage screensharing options; you may want to limit screensharing to only the host of the video call.
Cover your computer’s video camera lens when not in use. It is possible that your computer’s camera may be unintentionally turned on and sharing views of your workspace accidentally. Check the software settings for the camera to make certain it’s turned off, and to be extra safe, you can tape a piece of paper or put a tightly woven dark cloth over the camera lens.
Mute your computer's microphone when it’s not being used. A turned on—a live—microphone can inadvertently pick up conversation or other audio that should be private. Check the software settings for the microphone to confirm it is turned off.
Check your child’s internet settings before and after class each day. Review the video, audio, and security settings before and after your children have their online classes. It’s possible that an important setting was somehow changed during class, so you should look them over every day. It’s good technology security hygiene that you should practice regularly.
Do not let your family use your work equipment. Your work computer, monitor, mobile phone (or desktop phone) and other equipment that may have been transferred to your home so you could work from home during the pandemic are company property. Not only could you create a possible security breach by letting family members use your work equipment, doing so is also likely to be a serious violation of company policy. Work equipment should be used for work exclusively.
Do not use your work computer for personal tasks. This recommendation cannot be emphasized too often. Your work devices should not be used for personal tasks such as shopping, paying bills, using personal email, checking personal calendars, or other online activities. This personal use of your work equipment is probably a pretty direct violation of company policy, and it’s an easy opportunity to expose your work computer to potential security risks.
Be sure to password lock your computer even when you're away for a few minutes. Another easy way to prevent unauthorized access to your laptop when working from home is to password-lock yourself out of the system when away from the keyboard, even if it’s just for a brief break from work. It’s a little effort for a lot more security.
Physical security for work devices is also important. Secure your laptop with a locking cable during work hours, and put it in a locked room or drawer when not in use.
Use a Virtual Private Network (VPN). A VPN is software that creates what is often described as an encrypted data tunnel that all your internet traffic (audio, video, email, chat, and gaming) can go through, and your data will be invisible and protected from hackers. Companies and schools may provide VPN service for employees and students, and it may be required to be turned on before work or classes can begin.
Always keep your home internet router's built-in operating software (firmware) and related software up-to-date by downloading and installing new versions from its manufacturer. Remember that when WFH, security starts with your home network. Internet routers always have firmware, operating system software controlling your router that is built into the router's memory hardware. The firmware software can be downloaded from the manufacturer’s website and used to update the router. Separately, the router may have other, different software from the manufacturer that can be installed on your computer to help manage the router. Updating firmware and software to the most recent version helps ensure that any errors in earlier versions have been fixed by the manufacturer.
Consider changing your home Wi-Fi password to make it longer and more complex. When was the last time you changed your home Wi-Fi password to make it much stronger? Really? So, it's been a while? Well, maybe it's time for a password upgrade to something longer, stronger, and tougher to crack.
Finally, turn off your work computer at the end of the day. The recommendation above to not let your family use your work equipment is easier if the equipment is turned off. It's likely that many WFH workers are not shutting down their devices—especially their computer—at the end of the workday. It’s easier to leave your computer on and have it almost immediately available for work the next day. But turning off your computer at the end of the day may be the simplest way to help improve your online security by preventing any access to it at all. Shutting down the computer regularly also gives the machine time to install essential software updates and patches, which also improve security.
Interested in more online safety suggestions? Here are a few more.
The U.S. Federal Trade Commission has useful suggestions on protecting yourself while working from home and on remote learning and children's privacy. We also have a number of blog and security posts on managing online personal security: