Working from home on your own computer: 12 security tips in the COVID-19 era

You might work for a small business that’s not especially sophisticated when it comes to technology. Your boss has told you to work from home, due to social distancing guidance related to COVID-19, and has asked you to use your own personal computer to do your work.

Why is that a problem? You might face computer security issues. Plus, you could encounter a variety of online scams that have emerged with the aim of exploiting the coronavirus pandemic. Scammers are capitalizing on business vulnerabilities created by COVID-19, unleashing attacks that are sometimes disguised as assistance.

If you’re using your own computer to do your work, you’re not alone. In a recent survey of 412 small business owners, 6-in-10 said some of their employees would be using personal devices when working from home. However, only 40 percent of the small businesses surveyed said they have a telework policy in place focused on cybersecurity.

Here are some tips that can help you work safely at home on your personal devices.

Tip 1. Watch for phishing scams

With stay-at-home orders in effect in many places, a lot of people work from home. This has created opportunities for cybercriminals with scams related to COVID-19. 

Some scams stem from the COVID-19 stimulus package, part of which is intended to provide loans to small businesses. With so many small companies under financial pressure due to the coronavirus, employers may be eager to secure a loan.

Scammers can prey on this financial insecurity. They may contact employees with phishing emails, claiming they have money to distribute. But, first, they may ask for personal information or payment — sure signs of a scam. Other scams try to trick you with emails that promise the latest COVID-19 updates. 

When you work from home, you might not have some of the safeguards in place on your personal devices you enjoy at your workplace. Fraudsters could design scams that take advantage of your situation.

How? Scammers may send fraudulent emails that claim to be from legitimate organizations or someone you know associated with your business or industry. These phishing emails often ask you to visit a link to what is a fraudulent website, or to open an attachment that’s embedded with malicious software. The emails may look authentic, but imposters send them. 

Why it’s important: If you download the attachments or click on the links in phishing emails, you may download malicious software onto your computer or device. Or you might be lured into sharing personal information on a fraudulent website. 

Malicious software — also known as malware — could allow cybercriminals to take control of your computer, log your keystrokes, or access your personal information and financial data. That could lead to identity theft or other frauds.

What to do: Watch out for phishing scams. If you receive an email that looks suspicious, reach out to someone in your company who’s in charge of information technology. That person can help alert other employees. 

Some companies have established tests to help ensure employees are following the rules — not only with training, but also with their own “fake” emails to see if employees will click on them. The goal? To keep employees vigilant for potentially dangerous email. 

Keep in mind, you can inspect a link by hovering your mouse button over the URL to see where it leads. It may be obvious that the web address isn’t legitimate. But remember, phishers can still create links that look like real addresses. 

Instead of clicking on the link provided in those phishing emails, type the real web address into your browser to be sure it’s legitimate. Always make sure the URL of the website you’re visiting contains the padlock icon and starts with “HTTPS” – the “S” meaning it’s secure and the data is encrypted.

Tip 2. Install reputable security software — but check first

Install reputable security software to help keep your personal computer and other devices secure. Many security software programs can scan for computer viruses and other malicious software. It’s smart to install security software on your devices even if your company doesn’t provide it .

Keep in mind, though, installing security software on your personal device could potentially hinder accessing a work network. Also, you should check first to determine if your employer has a preferred vendor or someone that they have a contract with to provide security software, VPN, and other products.

Why it’s important: Security solutions often offer comprehensive protection, including a smart firewall and a VPN. They can help you block malware and other malicious threats and IP spoofing attacks — which disguise the origin of a communication as a known and trusted source — that could leave your personal devices and your home network vulnerable.

Tip 3. Update everything — regularly

Enabling automatic software updates is important. Update everything — from your security solutions to your routers, modems, web browsers, and apps. Make sure your operating system is running the latest version.

Software developers issue security patches when they discover software flaws that could let in viruses or hackers. Software updates enable the latest security patches for newly discovered bugs. Updates also can add new features to your devices and remove outdated ones.

Why it’s important:  You don’t want to miss important security patches that fix flaws that could let in malware. You can set up automatic updates to help ensure you’re running the latest versions.

Tip 4. Ensure your home network is secure

It’s a good idea to make sure your home network is secure with an up-to-date router that offers WPA2 or WPA3 encryption. That will help you maintain a high level of privacy and security when information is sent via your network. A firewall provides some of the protection.

To secure your home network, it’s also important to reset and update all default usernames and passwords on your home router and connected devices. Create strong, unique passwords. Long passphrases that are difficult to guess — but which you will remember — are best as long as the site or device supports it.

Why it’s important: Your home network is your first line of defense against hackers. A firewall can help prevent unauthorized users from accessing your websites, mail servers, and other sources of information. It helps protect your network by filtering and blocking malicious traffic. This could help prevent outsiders from accessing sensitive company information that you’re accessing via your personal devices.

Tip 5. Set up a VPN

If your company doesn’t provide one for you, the easiest thing to do is install and use a VPN on your personal computer and mobile devices. A VPN can also help ensure your online activities remain private. Keep in mind, some VPNs could create issues when accessing an employer network.

If social distancing eases up and you’re still teleworking, be sure to avoid using unsecure wireless connections like the public Wi-Fi at coffee shops. A VPN can encrypt your internet connection to protect the data you send and receive while using public Wi-Fi. That might include passwords or financial information.

Why it’s important: A VPN is an online privacy tool. It can mask your IP address and location. A VPN helps protect the data being sent to and from your devices from the prying eyes of scammers.

Tip 6. Use strong passwords

To set a strong password, choose a complex, unique passphrase that is difficult to guess, but you’ll remember, as long as the site and your device will support it.

Also, never share or reuse a passphrase, and never use the same passphrase for different accounts. Changing your passwords regularly will help prevent hackers from figuring them out.

A password manager can help you set these strong passwords. Many password managers offer encrypted solutions for creating and storing strong passwords.

Why it’s important: Strong passwords are harder for hackers to figure out.

Tip 7. Use two-factor or multi-factor authentication

If it’s available, always set up two-factor or multi-factor authentication for an additional layer of protection for your devices and personal information. This could be in the form of a unique code that’s sent to your smartphone, or biometrics like facial or fingerprint recognition. 

Why it’s important: If someone steals or guesses your password, they won’t be able to access your account without that additional factor of authentication.

Tip 8. Reach out to your tech department — if your employer has one

Knowing your company’s IT rules and policies is important. If you have questions or spot anything suspicious, contact your IT lead at your company. Your communication — and your coworkers’ — could help protect your team against threats such as phishing emails or other scams.

But what if you don’t have one? Here are some steps you may be able to take to help protect yourself.

• Use reputable endpoint security and anti-malware software on your personal devices that you may be doing work from.
• Make sure your personal security software and router firmware is always updated.
• Consider using a VPN on the personal devices where and when you are doing important or sensitive work.
• Use strong, complex passwords and consider a password manager to help you with that.

Why it’s important: Many companies didn’t have telework plans in place when COVID-19 stay-at-home orders hit, and many don’t have an IT department. That means you may have to take certain steps to help protect your devices and the sensitive data stored on them.

Tip 9. Consider backing up your data

Personal and company data can be irreplaceable. You can consider backing up data by making a copy in a physical location, such as on an external hard drive, but make sure your company permits this. Another option is to make a copy that’s stored on the “cloud,” or online, in a secure location. Again, check with your company.

Here’s the issue. If you are using your personal devices to back up company information, you may be violating their policies. For instance, how will the company account for copies of their data on your personal devices or cloud?

Keep in mind, if you’re using a personal device for work, you may have personal and professional documents saved and co-mingled on your device. It’s a good idea to consider backing up these items separately. For example, you might want to back up your personal data to an external hard drive and your work data to a secure online cloud.

Why it’s important: This can help protect companies from data loss, especially if hackers gain access to one of your devices. But be sure to check with your company before you proceed.

Tip 10. Use approved third-party tools properly

If your company has approved the use of third-party tools and apps, get familiar with their privacy settings and adjust them appropriately.

Videoconferencing services have seen a surge in demand. But be careful. Videoconferencing can leave you vulnerable to security and privacy breaches. If you’re using a videoconferencing tool, be sure to review how to use it and its privacy rules — and brush up on your webcam awareness.

Why it’s important: Knowing how to use videoconferencing tools will help ensure you don’t mistakenly share sensitive company documents, divulge sensitive corporate or personal information in the background via your webcam, or allow unknown parties into meetings.

Tip 11. Use secure equipment and keep it clean

Make sure the personal devices you use for work have security protection. One way to do this is to “clean” them — specifically, the software. That includes installing the latest updates. Check to make sure you’re using the programs on your system, and consider deleting any programs and files you no longer use.

Another way to keep your devices more secure is to delve into the security settings, especially if you don’t have the help of an IT department. Remember to select the most secure settings on your PCs, Macs, smartphones, and tablets. Turn off any features that will automatically connect your device to any available Wi-Fi network such as open networks in your neighborhood. Also consider turning off your Bluetooth when you aren’t using it.

Be sure to keep your computer and other devices physically safe. This means not leaving sensitive information on your computer screen when you step away for that coffee. Set it up to lock and require a password. A screensaver alone doesn’t do that.

Also, ensure your kids aren’t hopping on your computer to play videogames or for other activities that can open the door to malware.

Why it’s important: Limiting who and what is on your computer matters. This can help ensure your computer or other devices don’t get bogged down with unnecessary data and programs. Plus, it can help limit the number of programs that might let in malware and other threats.

Tip 12. Never wire money

Some phishing scams may try to get you to wire money. Don’t do it. If you don’t usually wire money or make payments for your company, don’t start now. Even if it looks like the sender is your boss or a client, scammers can make fraudulent requests look authentic. Check in with your company to see if a payment request is legitimate.

Why it’s important: A lot of companies are already losing money during the pandemic as scammers are preying on their need for help. If you fall for a scam, you might further dent company finances.

The idea of “business as usual” has largely disappeared in the COVID-19 era, but device security and awareness of scams is still essential. This can be especially important when you work from home on your own devices.