Contact Us
When you work at the office, you take security and many other things for granted. When you work at home, things are different. In addition to doing the regular job, all of a sudden, you鈥檝e got a new side gig as Chief Security Officer, Facilities Manager, and Corporate Canteen Chef, too.
Now that millions of people around the world are learning to keep their jobs while keeping their social distance, the importance of preventing security breaches when working from home has never been greater. In this blog, we provide eight proven ways to improve your digital safety and protect your privacy.
1. Understand that conferencing/remote work platforms aren鈥檛 secure by default
As we shift towards more remote work, many of us have started relying on platforms such as Zoom, WebEx, GoToMeeting, Skype, Teams, and Slack. In some cases, these platforms were already part of our workflow. In other cases, they鈥檙e brand new additions.
It鈥檚 easy to assume that because your company or clients recommended (or enforced) the use of a specific platform that it鈥檚 safe. In the case of Zoom, we have already seen numerous privacy and safety issues pop up. For example, Zoom can track your 鈥榓ttention鈥 by alerting call hosts when participants do not have the Zoom app (whether on desktop or mobile) focused for more than 30 seconds. Zoom also harvests a noticeable amount of data鈥攔anging from your IP address, physical address, real name, phone number, employer, and more. While the company states it does not sell data to third parties, it does have a lot of data and sells some of it to third parties. Finally, newly released vulnerabilities make it possible for unwanted users to bypass security measures and access other users鈥 webcams. See also a thoughtful blog on Zoom by Dave Tyson.
This isn鈥檛 meant to target Zoom in particular. Just as many, if not more risks could be listed when it comes to other platforms. We simply want to encourage managers, employees, and clients to be aware of the issues involved, and make sure they are mindful of privacy issues related with different platforms. Every company (and freelancer) should have processes in place to minimize data gathering, implement secure and unique passwords for all meetings, and make sure employees鈥攁t the very least鈥攌eep their apps up to date.
2. Don鈥檛 trust microphones and webcams
For years, we鈥檝e known that malicious agents can hijack microphones and cams and spy on users who have failed to secure their devices. Here are two things you can do to mitigate these risks.
First: keep your devices updated. Operating systems, security patches, apps, and drivers should always all be up to date. Make sure Windows Update, the Windows Store, Google Play, and the Mac/iOS stores are set to auto-update. If needed, head to your webcam manufacturer鈥檚 website and grab the latest driver.
Second: physically disable your microphone and webcam when they鈥檙e not being used. If they鈥檙e peripherals, simply unplug them. If you鈥檙e using a laptop or another device with built-in mic and cam, you can use covers to block them. Assuming this is a work device, just stash it away when you鈥檙e done using it for the day.
3. Beware the internet of things
You may be comfortable letting your smart devices listen in on every word spoken in your place, even though they can be abused by third-party apps that do some phishing in addition to their purported function, and that鈥檚 your choice. However, you鈥檙e working from home now. Are you certain you鈥檙e not going to mention sensitive matters out loud even outside of a remote meeting? What about during a meeting? Can you guarantee no one鈥檚 listening in? Can you guarantee that, even if the data is 鈥渙nly鈥 stored on a major corporation鈥檚 servers, it won鈥檛 be hacked or sold down the road? What does that data say about you and others?
Whether you鈥檙e okay with your daily life being potentially recorded and used by third parties is for you to decide. Many of us would say that鈥檚 a terrible idea. But when IoT devices present a risk for your colleagues, your company, and your clients, this is no longer a personal matter.
Our advice is to unplug those devices from the room where you鈥檙e working when you鈥檙e working. For the time being, the convenience of queueing up your favorite tunes by voice is not worth the security risks.
4. Use a VPN and avoid using your home network
We would hope that your company provides a corporate 鈥渧irtual private network鈥, or VPN. But in case it doesn鈥檛, you should be using one. Your personal IP address says a lot about you鈥攚here you live, for one. But unencrypted data transferred when not using a VPN runs the risk of being intercepted by third parties鈥攆rom malicious actors to your very own ISP. Everything you do online, to the extent that it is possible, should be encrypted or at least difficult to access. A VPN is a great start.
Right now, there are a couple of providers we would recommend. They are both located in countries with solid privacy laws, do not require much (if any) personal information, offer reliable servers and, more importantly, do not keep any logs of your online activities. The first is ProtonVPN, offered by the same folks who offer the excellent ProtonMail. The second is Mullvad, which is still fairly unknown yet provides incredible security鈥攐pen source software, anonymous payment methods, Wireguard鈥攁nd has been audited independently.
We would also recommend using alternative solutions to connect to the internet (or talk on the phone) in the first place. We鈥檝e talked about products such as Skyroam and other GSM-type hotspots, and we encourage their use鈥攚hich brings us to our next point.
5. Compartmentalize your life
Not only should you avoid using your home connection for work, if you have a work laptop or phone, only use these devices for work. That way, you don鈥檛 run the risk of compromising your devices (including any sensitive files they contain) just because you decided to download a seemingly fun game from a dubious website. Similarly, your personal devices are meant to be used in your off-time鈥攕o don鈥檛 log into a corporate server using the family iPad.
Your work files, in whatever forms, should be handled securely. When it comes to data, nothing should be transferred or stored on personal storage devices, such as external hard drives or a home server. If you鈥檙e printing out documents, make sure they鈥檙e disposed of securely (shredded) once you鈥檙e done with them.
Compartmentalization extends to talking about work, too, and to wandering around the house while on a work call. After all, you may have signed an NDA, but your family members haven鈥檛.
6. Images and sounds can say a lot. Don鈥檛 let them.
When you鈥檙e on a video call, what does your webcam show? Your face, sure, but what鈥檚 the wall behind you? Is there a window offering a view of the street? Photos of family members? How many unique identifiers are in the frame? What if your kids decide to run past?
The same question applies to microphones. What kind of background noise is there? Someone else at home talking? Traffic outside?
This may seem paranoid to some of you, but anyone who鈥檚 seen the lengths people will go through to gather information on a target will tell you it鈥檚 common sense to neutralize background visuals and sounds. Ideally, your webcam and mic should reveal the bare minimum needed to communicate with others. Use the background blur available on some video-conferencing tools. Make sure there鈥檚 a neutral background behind you, and if you can find a room where there鈥檚 little-to-no external noise, even better for the people you鈥檙e talking to and for your own security.
7. Don鈥檛 get robbed, and encrypt in case it happens anyway
Where you leave your tech devices, as well as how you access them, is always a concern鈥攅ven at home. Your laptop and desktop computers should be impossible to access whenever you step away, even if you鈥檙e just going for a 15-minute walk. You want everything to be locked with passwords or biometrically.
Should someone get their hands on your devices, you want to make sure everything is encrypted. For Windows users, you should encrypt your drives with Bitlocker. MacOS users, look at Filevault. For more advanced techies out there, Veracrypt is an excellent third-party option.
Ideally, once the work is over, you want to lock everything behind a safe or equally secure place. The 鈥渓ayers鈥 of residential security with several perimeters most of us know about? Yeah, same logic applies here.
You want to make it hard for anyone to get within range of your devices. And if they do, you want to make it near-impossible to access what鈥檚 on there.
8. Be smart about phishing (but you already were, weren鈥檛 you?)
We鈥檝e seen a lot of phishing attempts lately. Phishing, as we all know, is already a serious threat when you鈥檙e in an office setting鈥攅xcept now you鈥檙e no longer protected by your company鈥檚 firewalls and IT department. Unless that鈥檚 your specialty, you simply won鈥檛 get the same kind of digital security at home.
Now more than ever, personal security matters because it overlaps so much with professional security.
It鈥檚 not a matter of a link or email attachment looking dubious鈥攅verything you click on should be approached with care. So, follow the steps outlined by your company, but use common sense and vigilance on top of that.
When it comes to your personal devices, you鈥檒l also need to step up your game. Just because you鈥檝e compartmentalized work and home life doesn鈥檛 mean personal devices stopped being a vector of attack. Any kind of cloud storage for your personal data should be end-to-end encrypted.. Look at options like pCloud, Tresorit, or Sync.com. Your personal communications should be end-to-end encrypted as well鈥攑referably via Signal or Telegram. Daily anti-malware scans are a must, and if you鈥檙e tech-savvy enough to install a software firewall that alerts you of any outgoing connection, then do so.
