While people globally are struggling to adapt and deal with the reality of coronavirus and the impact on their day-to-day lives, it’s troubling that there are some who view it as an opportunity to defraud others.
Sadly, cyber criminals are taking advantage of the fear, uncertainty and doubt brought about by the pandemic to specifically target home workers for their private information. To avoid becoming a victim of cybercrimes like hacking and phishing while working from home, here is some useful guidance...
Enable multi-factor authentication
If you or your employees need to access work emails or other work-related information while home working then it’s worthwhile setting up multi-factor authentication on all online accounts. Multi-factor authentication means users input their password and then a second piece of information to confirm their identity. This makes it much harder for hackers to get into your accounts because they can’t get past the second layer of security.
Use a password manager
If you’ve got one password you’ve been using across multiple online accounts for years, you’re seriously compromising your data security. It’s wise to have different passwords for different apps and websites and that’s where password managers come in useful. Password managers are apps you can download to store all your different log-in details and passwords. The data is then encrypted so the only way you can access it is through a master password (the only password you have to remember) giving you access to the app. For more information, read our recent blog on how to protect your passwords.
Secure home networks
Most people access the internet at home through a router device, many of which come with default passwords that can be vulnerable to hackers. You can avoid this by resetting your router and wifi passwords.
Ensure to follow work procedures for things like password policies and only use software and collaboration tools approved by your company. If you are logging on to your work cloud via VPN, make sure the network is fully encrypted.
And, if you pop out of the room to make a cup of tea make sure your screen is locked so that no one else can access your device.
Keep software and systems updated
If you are working from home on your own device for the first time you might need to update your computer’s security systems. Ask your company’s IT support whether you need to install any additional solutions and make sure your anti-viral software and operating system are up to date.
If you're working on company files at home make sure they are fully encrypted, no one can access them if your device is stolen. The easiest way to do this is to use the built-in functionality on your device, such as BitLocker on a Windows laptop.
Do regular back-ups
Computer hard drives fail, ransomware can hold your files hostage or you computer can get a bug that corrupts your files, so whether you're working on your own device or a company one, it's important to back-up regularly. Cloud storage systems like Dropbox, Google Drive and Microsoft OneDrive are popular and easy for everyday use, but for extra security, it's worth backing up to an external hard drive too.
Identify dodgy messages
One of the most common cybercrimes is phishing, where you are sent an unsolicited email or text from an organisation or company that looks legitimate, asking you to click on a link for more information or to hand over your bank details or other personal information.
Scammers are really good at making their emails look real, using email addresses and subject lines similar to what a legitimate company might use. It’s therefore important that if you're in any doubt you scrutinise the email address it came from. If there are any weird spelling mistakes or characters in the address, it’s most probably fake.
Ignore emails with 'verify' links
If you do open an email which you think is genuine from your email provider, bank or other trusted source and there’s a link asking you to verify your information by clicking on a URL, don’t click on it. Instead, go to your browser and enter the web address of the company or organisation that sent you the email instead and access your account that way to see if the request is legitimate.