Madeline Gearheart | May 8, 2020
5 COVID-19 Work from Home Security Tips
Social distancing is crucial to limit the spread of COVID-19, which is why many companies have made the change to remote work. The only problem? Hackers are taking advantage.
Since the start of quarantine, cybercrime has increased over 37%. A spike in COVID-19-related phishing scams is partly to blame, but hackers have also capitalized on the fact that employees now operate on less secure servers than those of their offices.
With so much fear and uncertainty surrounding the COVID-19 pandemic, hackers have also leveraged emotions to convince people to send money and share personal information by posing as figures of authority, including governmental and medical contacts.
Here are five security tips to keep you safe from cyberattacks while you work from home.
1. Be Wary of Phishing Scams
People are scared of the uncertainty that surrounds COVID-19, and hackers use this to their advantage, posing as health or government authority figures, charities, and hospitals to dupe people.
Here are some of the common ways hackers have used phishing emails to trick victims during the COVID-19 pandemic:
- Sent emails that contain malware, posing as a healthcare organization or government agency
- Asked for donations posing as illegitimate charities
- Requested medical information, then billed for fraudulent fees
- Created false websites with coronavirus-related information to spread viruses
- Held patient information for ransom
Anytime you receive an email posing as a healthcare authority (e.g., World Health Organization or the Centers for Disease Control and Prevention), pay close attention to the sender’s email address—that will be the first sign it’s a hoax.
If it’s not from a reliable source, don’t open it. Also, never send money—government agencies will never request that you share personal information or wire money in an email.
2. Invest in a VPN
Remote work means an increase in cyber vulnerabilities, since employees work on internet networks with fewer safeguards in place. In-office employees generally operate networks with layers of protective measures that mitigate cyberattacks, but since remote workers don’t have this luxury, they’re often more vulnerable to hackers.
Remote employees and the companies who employ them, should consider a virtual private network (VPN). VPNs add an extra layer of protection for work devices connected to a home network by creating a secure connection between the device and another protected network. Although not as robust as most in-house cyber safeguards, VPNs add protective barriers between hackers and remote employees.
Once you’ve downloaded a VPN, make sure your computer isn’t visible within your network. You should also configure your Wi-Fi and change your Wi-Fi router’s default password and username.
3. Use Two-Factor Authentication
Two-factor authentication provides double-duty protection from cyber criminals. Depending on how much security a company has in place, infiltration of one work device could mean infiltration of an entire network without two-factor authentication. Two-factor authentication also prevents hackers from accessing emails and sending out fraudulent email blasts.
Like phishing scams, hackers use phony two-factor authentication alerts to exploit COVID-19 information. In practice, hackers gain initial access into an account using a compromised password, which triggers a two-step response that users mistakenly approve.
If you ever receive a two-factor authentication for a login you didn’t authorize, immediately reject it and click “Deny.”
4. Avoid Public Wi-Fi
Working at a coffee shop or library is no longer an option when it comes to working from home, but it’s still equally important that remote employees avoid public Wi-Fi while on a company device.
Unless you have a firewall between you and other people on the same network, someone can easily infiltrate your device, as well as any network your device is connected to.
The safest bet when working from home is to connect only to your home network (or an office network via VPN). If you need to work on the go, use a personal hotspot instead.
5. Ask About Data Encryption
Ask your IT department if data encryption is active on your work device. Data encryption helps protect data in the event your computer is stolen or hacked. Most laptops and desktops come with encryption built in, but you may need to manually activate on the device.
To mitigate cross-over of sensitive data, avoid accessing work data from your personal device. Logging into your work email, accessing files, and opening attachments on your personal device puts work data at risk, since your personal laptop or phone likely doesn’t have as much security as your work laptop or phone.
Hackers are as rampant as ever, which is why it’s important you stay on top of cybersecurity. In summary:
- Watch for phishing scams
- Consider a VPN
- Utilize two-factor authentication
- Avoid public Wi-Fi
- Never access work data on personal devices
Check with your IT department to see if your work device has data encryption and antivirus or anti-malware installed on it. If you have questions about COVID-updates, source only legitimate government websites—not second- or third-party organizations that claim to have vaccines or recent updates.
As always, never share sensitive personal information or company data (e.g., credit card numbers, bank accounts) in an email or text. If you encounter a scam, email the National Center for Disaster Fraud (NCDF) at firstname.lastname@example.org, or call its hotline at (866) 720-7721.
Visit DISH’s COVID-19 response page to learn more about its efforts to protect its customers.