Even though millions of workers have been directed by their companies to work from home, it still shocks me that many of them are again not taking the proper precautions to protect their data. Some of this stems from the fact that many companies, at the onset of COVID-19, did not have substantial work from home security guidelines and requirements for users who were using their personal PCs or mobile devices to work from home. Some consumers still believe, falsely, that a severe data breach can’t happen to them.
In preparing for this column, an informal (and unscientific) survey of 10 friends and family members, all of whom are working from home, demonstrated to varying degrees how many work from home users are simply not prepared. I’m even reluctant to admit that two of my informal survey respondents told me that they hadn’t changed their home email password in years, and it contains their birthday so that it’s simple to remember. Yikes.
So in the spirit of fictional George Costanza, who was once famously counseled by Jerry Seinfeld that doing the opposite of his instincts would result in the right thing to do, please embark on these contrarian recommendations to ensure that you have a highly secure work from home setup.
#1: Don’t Use A Password On Your Desktop Or Laptop PC
I must begin with a “Captain Obvious” callout. It always horrifies me when I visit someone’s home and notice that they’re not using any type of password to secure their home PC (particularly laptops that can be stolen). Both Microsoft Windows and Apple’s macOS make password strong password protection too easy not to utilize. Strong password protection is needed to withstand typical password crackers that can execute 350 billion guesses per second and use “rainbow tables” that contain millions of pre-computed password hashes.
The most common complaint I hear from people about passwords is that they hate using them because so many must be remembered. Fortunately, those days are over as most recent vintage Windows and Apple MacBook Pro laptops employ biometrics fingerprint sensors near the keyboard. What’s more, Microsoft implemented “Windows Hello” that can use your face, fingerprint, or a PIN to identify you for secure logon onto your PC. Apple’s Face ID (and similar face recognition function on Android) have had this functionality on mobile phones or tablets for a few years. It’s surprising to me that so few Windows users take advantage of “Windows Hello,” which can be employed on a desktop PC with the right supported discrete Webcam.
Just remember that hackers love default passwords. If your laptop doesn’t have a biometric sensor built into it, password managers are a great way to solve that problem. They’re extremely affordable multi-platform apps that create and manage encrypted passwords for all the Web sites, as well as filling out payment and personal details wherever you need them, across the Web and on any device. Again, there are several excellent solutions to choose from, including Dashlane, which has a free version that manages up to 50 passwords on a single device (the paid version has a $60 annual price tag but can manage unlimited passwords on an unlimited number of devices).
#2: A VPN Is Overkill For My Work From Home Setup
Nothing could be further from the truth. A virtual private network (otherwise known as a VPN) allows you to create a private connection over a public network. If your company already has established work from home security protocols in place, it might already utilize a VPN to permit remote workers to directly connect to their physical office’s server (or in some cases) intranet through their home Internet connection. Without getting too detailed about the technical minutia, you should think about a VPN as a “secure tunnel” between your home Internet and office network connection. While VPNs are not foolproof and certainly are useful, they’re not immune to attacks —- but having one is decidedly better than not having one as its real value that it prevents your data from being hijacked from so-called “man-in-the-middle” attacks.
One last word of advice: when you select a VPN, make sure that you utilize a reputable company since all your Internet traffic will be passing through its servers. CNET, for example, offers excellent, thoughtful recommendations —- and avoid “free” VPNs as many of them have been caught red-handed using malware or sharing your data.
#3: My Apple Mac Is Impervious To Hacking Threats So I Don’t Need Security Software
This fallacy roils me. For years, the Mac operating system has had a reputation of not needing security software urban legend was that hackers focused their resources on Microsoft Windows, the continued market share leader in the PC space. I was never crazy about that rationale then, and I’m not thrilled with it now. Windows PC may still be more susceptible, but Macs are by no means impassable strongholds.
There are many excellent antivirus software security suites for both the Windows and Mac platforms. They’re also very affordable as well as all the major competitors in the security suite space offer yearly subscriptions that cover multiple PCs (Norton, for example, provides comprehensive coverage for up to 5 PCs and/or Macs for $99 per year ($50 for the first year).
Almost every consumer PC sold today includes some type of trial security software protection for a brief period. It’s bewildering to me as many consumers —- and I’ve seen this situation countless times —- don’t utilize the trial subscription or let it expire. Security software isn’t failsafe, but it’s excellent protection against malicious links embedded in emails or Web sites, phishing attacks, and other nefarious assaults. Not using some type of security software is akin to, in my opinion, owning a car and electing to sign up for auto insurance.
#4: My Router Plays No Role In My Home Network Security
This one is a biggie. The average “smart home” connects to upwards of 20 devices or more. Not just PCs, but mobile phones, tablets, smart locks, smart speakers, and smart thermostats…and that’s just the tip of the iceberg. All these devices represent a clear and present danger to the digital security of your home network.
Most consumers see their router as merely a device to distribute WiFi coverage throughout the home. Mesh routers, including ones from Netgear and Plume, provide the ability to blanket WiFi access to virtually every square foot of even the largest homes. Your router brand decision can also play a potent role in protecting your online digital footprint as the newest models have embedded, continually updated security functionality that can protect every connected device in your home. While some “Internet of Things” products are better than others when it comes to security protection, many of them are incredibly vulnerable. Even printers —- and I’ve written in the past how HP has taken on this challenge —- offer hackers with novel ways to target your home computer or network.
The best routers on the market have embedded security firmware that is continually updated with the latest threat protection and provided another defensive layer of security between your home network-connected device and the bad guys. Plume’s Adaptive WiFi capability provides peace of mind with an architecture that offers enhanced security and privacy with real-time monitoring, analysis and quarantine of threats in real-time for all the devices on your home wireless network. Calix is a notable example of a company that offers service providers with security functionality at the router level that protects devices across the home network in a managed, integrated manner.
A Few Closing Thoughts
Ultimately, you should think about the cybersecurity of your home office in more comprehensive actions than merely the four suggestions I’ve made above. The best security protection is derived by implementing multiple layers and even redundancies. There are no guarantees that these recommendations will insulate you from all cyberattacks, but they will dramatically lower the odds.
Finally, reach out to the IT departments of your company. Even organizations that were caught off guard by COVID-19 and did not have proactive security protocols for personal devices used by work from home users back in March may have recommendations now that you can leverage. It’s a good bet that your company’s IT department has done their due diligence over the past 90 days, and I’ll be shocked if they don’t have great tips and security recommendations for you.
The best advice I can give you is to steer clear of George Costanza as your role model for work from home cybersecurity. How he was able to get a job working for the New York Yankees, I’ll never know.
Note: Moor Insights & Strategy writers and editors may have contributed to this article.