Cyber Security

WFH Risks Your Home Internet Usage Presents

The unplanned pivot to WFH or work from home caused by the COVID-19 pandemic has led many workers to use whatever they happen to have at home as their work setup.

This has caused a number of problems, and one of the chief issues is cybersecurity. The FBI’s Cyber Division has reported a 400% increase in attack complaints compared to pre-COVID-19. Thieves love a good crisis. And it’s very likely that your home internet setup is creating an unnecessary risk for both you and your employer.

Here are some of the biggest risks that your home internet usage presents to your WFH setup:

Using Personal Devices for WFH

Are you using your own computer for your WFH? It likely doesn’t have as good a security suite as your work computer. This is a particular problem for people who were not previously issued a laptop.

By this point, everyone should have one. But it may be tempting to use your personal desktop for a larger screen and better ergonomics. A better choice is to connect your laptop to your monitor and keyboard and then switch it back at the end of the day.

Make sure that you have up-to-date antivirus software on your personal devices (as you should anyway) and keep the operating system up to date. This includes phones and tablets. Also, keep your employers’ data off your personal devices as much as possible.

Unencrypted Connections

Most home Wi-Fi routers now come with encryption set up as standard, but a few older ones may not. The connection between your office and the server is also unencrypted.

This opens you up to man-in-the-middle attacks, especially if the firewall has been altered to allow additional remote connections. Whilst office connections to the cloud are generally routinely encrypted, people who only do a casual WFH may not have things set up.

You should always connect to your work network using a VPN. Most companies have this available and many are now enforcing it. VPN usage is particularly important if you are traveling or working from another location, as it mitigates the risks of using public Wi-Fi.

Also, make sure that your router is encrypted. Change your SSID to something cryptic and difficult to guess. This is what shows up when somebody is scanning for Wi-Fi networks. Make sure it doesn’t include your name, home address, or other identifying information.

Shared Passwords

We’ve all done it. Friends come around and we let them connect to our Wi-Fi, giving them the password or letting them store it on their device. A relative couch surfs for a week.

While your friends can be trusted, that means your Wi-Fi password is out there. Changing the password every time is a lot of hassle. A better solution is to set up a guest login for your router that visiting friends and family can use. Many routers support this, and if yours doesn’t, consider an upgrade. Talk to IT and you might even get some help with it. The guest network also lets them access the internet, but not your printers, shared folders, etc.

This makes for a much more secure setup, and the guest network is still password-protected so your neighbors can’t “borrow” your internet.

Woman working on her computer in her home office, a WFH setup.

Distractions

Work from home distractions aren’t a problem for everyone, but they are for many people. It’s easy to forget to connect to the VPN properly when your roommate is talking to you or your cat won’t get off your lap.

Taking steps to reduce these distractions can definitely help. Background music, the use of a good to-do list, and having a set office space as much as you can, will all help you focus better and not make mistakes.

Distractions can also make it more likely that you fall for a phishing or other social engineering attack. Make sure to post your schedule so other people know not to disturb you when working. An interruption may result in you reflexively clicking on a link or responding to a fake email.

Inefficient Security Policies

A lot of employees have found themselves adopting workarounds to do their work. Instead of following the security policies, they bend them or go around them. This may involve “shadow IT” (installing unapproved apps), turning off a firewall because it’s blocking video conferencing, etc.

These workarounds reduce security, but can sometimes be the only way to get things done when companies don’t make proper allowance for WFH realities. If you are having to deal with security policies that reduce productivity, you should talk to your supervisor and IT rather than doing workarounds.

Inability to Access IT

When you are all in the office, it is easy to get the attention of the IT department. If all else fails, you can go knock on their door. IT can also make sure that you aren’t doing anything stupid.

With IT also remote, it can be much more challenging to get their help. This often results in shadow IT. You need software to do X right now, IT isn’t answering their phone or responding to their email, so you install your own or install something on your own computer that then gets access to company data.

Talk to your boss about making sure you have better access to IT when you need them, and make sure that you resist the temptation to just install your own software while waiting.

Other People Accessing Your Devices

Family members can be trusted, but you still can’t let them borrow your work devices. Young children might inadvertently expose data “playing” with a computer or other device.

Make sure your work devices are password-protected and that nobody else has the password, including your spouse. This is another good reason not to just use your own computer which might have family stuff everyone needs to access. Never use a family member’s computer for work-related stuff.

Ideally, use multi-factor authentication to help keep your devices particularly secure.

Working from home presents unique security challenges, some of which you can work on yourself, and some of which will need the support of your employer. If you are not sure how to keep your work setup fully secure, then it may be time to hire a professional. A professional service can go through everything and make sure it is as secure as it can be and help you and your employer protect vital company information.