Working from home? Here are the steps all workers and companies should take to avoid cyberattacks, according to experts

cybersecurity and smartphones 4x3
Crystal Cox/Business Insider; Samantha Lee/Business Insider
  • As more offices direct employees to work from home amid the COVID-19 outbreak, companies are increasingly vulnerable to cyberattacks.
  • The increase in web apps used by companies for online work and virtual meetings will inflate hackers' potential targets.
  • Cybersecurity experts told Business Insider about steps that businesses and workers can take to make sure they're working from home securely.
  • Visit Business Insider's homepage for more stories.
Advertisement

For workers being instructed to work from home amid the COVID-19 outbreak, doing jobs remotely can be a major adjustment. For hackers, it can be an opportunity.

Remote work means a rise in the number of devices employees are using for their jobs, and an increase in the use of online conferencing tools like Zoom, Google Hangouts, Microsoft Teams, and Slack. That shift also give hackers a larger number of potential targets.

Cybersecurity research firms are predicting a spike in hacks and breaches targeting businesses as the COVID-19 outbreak continues, Business Insider's Jeff Elder reported last week. The Department of Homeland Security has also advised businesses to prepare for new cybersecurity threats arising from work-from-home arrangements.

Business Insider asked cybersecurity experts about measures workers and companies can take to significantly reduce their vulnerability while working from home. Here's what they recommend.

Advertisement

Companies should make sure their workers are up to speed on basic security hygiene, including strong passwords and multifactor authentication.

How to find stored Wi-Fi passwords on your Windows 10
Windows 10 stores your Wi-Fi passwords, making it easier to add another device to your network. Reuters

"With a remote workforce and everybody working digitally, the threat landscape certainly increases," said Kiersten Todt, managing director of the Cyber Readiness Institute and former cybersecurity adviser to the Obama administration. "Now's a really good time to look at all the capabilities you could be using, like multifactor authentication, and to turn them on."

Advertisement
Advertisement

As a general rule, never share personal or financial information via email or message.

work from home selfie
Joey Hadden/Business Insider

Most phishing schemes aim to extract people's personal information or login credentials as quickly as possible. If you think someone at your company is asking for your personal information, call them to confirm, and if necessary, give them the information via phone.

Advertisement

Before circulating or acting on news about COVID-19 and its impact on your business, verify that it's coming from a trusted source.

moscow metro magazine news stand
Lucy Nicholson/REUTERS

While this advice may seem obvious, experts warn that phishing scams surrounding COVID-19 hinge on social engineering, often circulating false information in an attempt to make people act out of fear or panic. 

"We can expect an increase in social engineering," Todt said. "Do what you can, whether it's as a consumer, business or otherwise, to validate the source of information."

Advertisement

Businesses should explore rolling out VPN services, and make sure their VPNs are patched and up-to-date.

vpn unlimited
Stack Commerce

A virtual private network lets people remotely share data as if they were connected to a shared private network. Several popular VPN services were found to have critical vulnerabilities earlier this year — companies should make sure all workers have downloaded the most patched, up-to-date version.

"I think VPNs are a must," Breidenbach said. "If you do not use an encrypted pathway to get into the company network, you are just waiting for someone to open the door and come in."

Advertisement

Companies should also consider using encrypted messaging services for work communication.

The Whatsapp logo and binary cyber codes are seen in this illustration taken November 26, 2019. REUTERS/Dado Ruvic/Illustration
The Whatsapp logo and binary cyber codes are seen in this illustration Reuters

Todt says companies should encourage workers to use encrypted, enterprise-focused services like Wickr as much as possible, adding that consumer-facing software like WhatsApp has proven to be a more frequent target for hackers.

"What I worry about in this situation is that, in an effort to continue to be efficient, people just default to what they use in their personal world," Todt said. "We saw this with Jeff Bezos — don't use the consumer-based technology for business-centered communication."

The Cyber Readiness Institute has also published tips for companies implementing work from home.

Advertisement

Experts say it's crucial that companies formulate a recovery plan in case they're hit with a breach stemming from work-from-home conditions.

how to work from home
Debbie Strong/Business Insider

"A lot of times companies are simply not prepared for this type of incident," Breidenbach said. "Companies need to prepare to maintain at least bare minimum functionality should something happen."

Tech Security Cybersecurity
Advertisement
Close icon Two crossed lines that form an 'X'. It indicates a way to close an interaction, or dismiss a notification.