Donate
‹ Back
Encryption 15 April 2020

Fact Sheet: Working From Home

Seven easy ways to keep you and your workplace safe online

No matter where you are in the world, chances are you’ve been affected in some way by COVID-19. The pandemic has sent workers and students home, canceled social events like graduations and weddings, and put mass populations — especially the elderly and immunocompromised — at risk. 

In light of the restrictions around COVID-19, many employers are asking their employees to work from home. If you are fortunate enough to have this option, it’s important to make sure you’re not putting you and your workplace at greater risk of digital harm. Phishing and ransomware attacks are increasing as COVID-19 spreads; Cloudflare reported that cyber-attacks grew 37 percent in the United Kingdom in March 2020.

You wouldn’t ask a doctor or nurse to work without personal protective equipment. Neither should you.

GEAR UP: Follow these easy tips to secure the work you do in your home and on your home network. 

1. Keep your smart assistants out of the room while you’re working.

Smart assistants are always listening for a “wake” word — like how your Amazon Echo will start paying attention to audio when it hears “Alexa”. This makes smart assistants a potential unintended eavesdropper on confidential work conversations during video and phone calls.

An easy fix is to turn off or move your smart assistant to another room while you hold your work conversations. You won’t need it to play music, update your grocery list, or ask it a quick question during your calls. If you still want it around, make sure that you disable the listening mode or simply unplug it during conversations. If you accidentally hold a work conversation around an Amazon Echo device, you can manually delete the recording in your Alexa app. You can also delete audio that Apple saved from Siri in the “Settings” of an Apple device, and easily delete recordings from Google Home devices.

2. Use unique passwords and a password manager. 

It may be convenient to use the same password for everything work-related, but this puts your workplace at greater risk of a data breach or an account hack. Once someone discovers your password, they can easily gain entrance into all of your work systems and compromise both your and your employer’s data. 

Since it’s hard to remember unique passwords for every single work system, consider using a password manager. This lets you save all your unique passwords in one place, and often includes a feature that automatically inputs your passwords when logging into different accounts. The benefit of this solution is you only have to remember one master password to get access to all your accounts. Many different sites and platforms offer guidelines on how to pick the password manager that’s right for you; check out a few resources here, here, and here.

End-to-end (E2E) Encryption
This kind of encryption is highly secure and ensures that only the sender and intended recipient can read messages and information. With E2E encryption, even the communication service cannot access the information.

3. Implement two-factor authentication wherever possible.

Unique passwords and password managers are helpful and important, but you can go even further to protect your work systems. If you want to take password security to the next level, find out which of your work systems offer two-factor authentication.

There are different types of two-factor authentication. One way is to have a code sent to you via SMS or email when you’re logging into a work system. Keep in mind that this method is not secure because SMS and email are often not encrypted. When your only choice is SMS, it is important that you protect your mobile number from a SIM swap attack. Some mobile operators allow users to enable a PIN or secret password to prevent such attacks.

A better option would be to use an authenticator app, which can either allow you to open the app to prove that it’s really you logging in, or it can generate different codes for you to enter every time you log in to a work system. The codes are often time-limited, so even if an attacker got access to them through your emails or SMS messages, they wouldn’t be able to use them again later.

An even better option would be to use a physical authentication token (e.g., Yubikey). It’s a small USB key that you can put on your keychain and use whenever you’re logging in to a service which supports it.

4. Opt for online services with strong encryption.

Encryption is the best way to keep your data safe as you work from home. It is one of the strongest tools that online systems can use to protect user information, data, and core information systems. If you aren’t using systems secured by strong encryption, your own data and your employer’s information are at greater risk of a security breach.

Systems with strong encryption make it harder for others to access your communications, ensure that your content isn’t readable even if someone does get access, and help prevent an attacker from changing the information.

For both existing and new work systems, find out whether or not an online system automatically encrypts communications and data by taking a look at their privacy and security statements (aka “policies”). You can also do a simple online search to see if specific services use encryption and what they encrypt, but as with everything you search for, make sure any resources you rely on are credible and up-to-date. End-to-end encryption offers the strongest level of communications security, so make sure it’s in place before using new software. Sometimes applications don’t automatically turn on encryption, so be sure to check that you can turn it on yourself. Make sure your smartphone, tablet, laptop and/or any other connected devices you use are encrypted and protected with a strong and unique password wherever possible.

5. Use a VPN — even on your home network.

When you’re logged into your employer’s network while in the office, you may not always think about making sure that your connection is secure. Your company may do part of that for you through an intranet accessed via a secure portal. But when you’re working remotely, make sure you’re protecting all your traffic. A Virtual Private Network (VPN) may be an appropriate tool.

Some employers may automatically include VPNs on work laptops that employees take home. If you are working on a personal computer or your work computer doesn’t already have a VPN, read up on how to choose and download one that will secure your online activity on your workplace systems. 

6. Update your software.

It’s easy to click “remind me tomorrow” when your software notifies you of updates, but updates often come with more than just new features. They also include fixes to bugs or security vulnerabilities. You can significantly improve your computer and data security by staying on top of software updates. This will also keep your employer’s network safer in the process.

Updating your software is even easier when you’re working from home. Try updating your software while you’re getting ready in the morning, on a lunch break, or after you’ve finished your work for the day. 

7. Back up your files.

Anyone can be the victim of a ransomware attack. In these kinds of attacks, criminals will block access to data, systems and saved information, and hold the information hostage until the victim pays a ransom. While your workplace should always be backing up files, you should be extra diligent to secure your files while working from home. 

Start by asking your employer for guidance on how to backup your files when working remotely. This can be done using a cloud provider and/or an external storage device. Make sure to disconnect the device holding your backed up files when not in use so you can still access them if your original files are compromised. The backup should be encrypted and password protected.

For more information on how you can stay secure at your workplace, check out our factsheet with Next Century Cities.

For more information on how encryption plays a critical role in securing our day to day activities, go to https://www.internetsociety.org/issues/encryption/

‹ Back

Related articles

Security Factsheet: Keeping Your Workplace Safe Online
Building Trust1 November 2019

Security Factsheet: Keeping Your Workplace Safe Online

For many of us the Internet is a staple in our day-to-day lives – especially at our jobs. But did you know that by simply connecting your device to WiFi or delaying computer and software updates can put you and your workplace at risk of a cyberattack?

Best Practices: Consumer IoT Information & Resources
Internet of Things (IoT)1 October 2017

Best Practices: Consumer IoT Information & Resources

The Internet of Things is changing the way we live, from increasing our energy efficiency (and saving money on utilities)...

Indigenous Connectivity in the United States
Growing the Internet1 June 2020

Indigenous Connectivity in the United States

Complementary connectivity models can bring affordable and sustainable Internet access to tribal areas across the country.

Join the conversation with Internet Society members around the world