10 Tips to Stay Safe Online While Working From Home
By Emily Gregor
As we get more and more connected online—and especially since more people than ever are working from home—the need for a strong cybersecurity strategy continues to grow.
Cyberattacks are becoming more sophisticated and more expensive to manage (research suggests that cybercrime will cost the global economy $6 trillion in 2021 alone), so when it comes to staying safe online while working from home, it’s important to tailor your approach and think beyond the cyber basics.
From phishing to ransomware to malware and social engineering, adversaries are constantly trying to gain access to your personal information, credit card numbers, login information, and more—and we’re even seeing an uptick in attacks targeting remote workers—so how can you fight back?
October marks National Cybersecurity Awareness Month (NCSAM), 30 days in which we raise awareness about the importance of cybersecurity and analyze ways the industry is evolving to address the cyber talent shortage—all to help people stay safe online.
This year’s theme is “Do Your Part. #BeCyberSmart.” and throughout the month, organizations like CISA will be providing workshops, tips, and more. Follow along on Twitter for the latest updates.
Whether you’re interested in launching a career in cybersecurity or just want to avoid a cyberattack, these 10 tips will help you stay safe online while you’re working from home.
- Treat business information like personal information
- Change passwords frequently
- Set up two-factor authentication
- Lock your home screen and set up your screensaver
- Disable desktop notifications + minimize tabs while sharing your screen
- Take advantage of free cybersecurity tools
- Be skeptical of your inbox
- Secure your social media accounts
- Use a VPN to securely connect, browse, and access data
- Avoid using a personal computer for work
1. Treat Business Information Like Personal Information
Just as you know to keep your personal banking information, passwords, and data private, it’s also important to keep business information like trade secrets, employee information, and company credit accounts secure.
In addition, make sure the software you’re using for work is up-to-date and only save what’s completely necessary to do your job. If you’re the boss, keep track of what customer data you collect and where it is stored. Learn more about keeping your customer info safe.
2. Change Passwords Frequently
Once you set a strong password for an account or device (we recommend using a password manager like LastPass), it’s easy to forget about it.
Experts suggest changing your passwords frequently—anywhere from every 30, 60, or 90 days depending on your industry—especially if you’ve recently logged onto a public or shared computer, if you’ve received a notification that your account has been compromised, or if you’ve shared your password with someone who no longer needs access.
3. Set Up Two-Factor Authentication
Using two-factor authentication when logging into all your accounts, including email, Slack, and other productivity apps, is especially important when working remotely and adds an extra level of security to access sensitive information.
The idea is that it protects your accounts if your passwords become compromised because you need an additional one-time code to log in successfully.
Apps like Google Authenticator, LastPass Authenticator, Microsoft Authenticator, and Oktamake it easy to incorporate two-factor authentication into your security strategy. If you don’t have two-factor authentication at your company, talk to your head of IT or CTO to get it set up.
4. Lock Your Home Screen and Set Up Your Screensaver
It might seem basic, but locking the home screen on your phone and setting up the screensaver on your computer are two easy ways to stay safe online (not to mention it saves battery life).
Another tip? Increase the passcode length on your phone to the maximum available and make sure the password for your computer is complex and challenging to guess. These simple steps make it harder for others to access your personal information and for hackers to break into your devices.
5. Disable Desktop Notifications + Minimize Tabs While Sharing Your Screen
When you’re sharing your screen in a meeting, there are a couple of extra steps you can take to make sure you don’t accidentally share sensitive information.
First, disable your desktop notifications while presenting. This way, no one will be able to see your private Slack messages, emails, or upcoming meetings and events (it’s also just more professional and less distracting!). This goes for text messages too if you have them synced to your computer.
Second, keep the tabs you want to present in a separate window and minimize the rest—again it’s more professional, but it also keeps your information secure.
6. Take Advantage of Free Cybersecurity Tools
Many companies that build cybersecurity software offer free scans so you can check your devices for known viruses and spyware and see if your device is vulnerable to cyberattacks.
Beyond conducting regular scans, make sure to keep your cybersecurity software up-to-date—it’s worth investing in and is bound to save you money down the line if you or your business gets hacked (not to mention maintaining your brand reputation and client trust).
When choosing cybersecurity software or providers, consider what your core risks are. Once you’ve determined what information needs to be protected, where it is stored, and who has access to it, you can find the right service for your needs.
7. Be Skeptical of Your Inbox
Phishing accounts for more than 80% of reported security instances, so how can you evaluate whether an email is safe or suspicious?
If you receive an email that looks like it’s from a company or person you trust and it asks you to click on a link or open an attachment because they’ve noticed some suspicious activity or login attempts, there’s a problem with your account or payment information, or you need to confirm personal information, those are cues that something’s not right.
Obvious signs of phishing are misspellings, generic greetings, excessive punctuation, and an email address that doesn’t match up. If you receive an email you think looks suspicious, it’s always good to confirm it with your head of IT or CTO. If it’s from a person you trust, like your manager, reach out to them directly to make sure it was from them.
If you want to put your skills to the test, try this free quiz to see if you can identify a real email versus a phishing email.
8. Secure Your Social Media Accounts
Whether you’re in charge of running your business accounts or just want to keep your personal accounts secure, keeping your social media accounts safe is more challenging than it might seem.
First, make sure to be selective about which third-party apps you allow sign-in access. It might seem easier to use Facebook to create an account, but it makes your information more vulnerable, so it’s better to have a standalone login for each additional account.
Second, if you’re going to enable third-party access, read the fine print and ensure you understand what permission you’re giving them. Can they post on your behalf? Can they view your personal information and share it? Be wary of giving any third-party app too much leeway with your data.
Third, make sure to use a unique password for each account, so if one is compromised, it won’t impact the security of your other accounts.
9. Use a VPN to Securely Connect, Browse, and Access Data
You might not think you need a VPN when you’re working from home, but there are many scenarios in which having one would come in handy.
When you use a VPN or a virtual private network, it creates an encrypted tunnel between you and a remote server operated by a VPN service. All your internet traffic is routed through this tunnel, which means your data is secure.
If you’re conducting business from a coffee shop or airport and using a public WIFI connection, a VPN can certainly give you peace of mind, but it’s also worth using while you work from home, too, so your internet service provider can’t access or sell your data and so you can keep your company information secure.
Popular VPNs include those offered by ExpressVPN, Surfshark, and NordVPN—and most cost less than $10 a month to use, making VPNs an affordable and accessible way to stay safe online. Oh, and we recommend avoiding using a free VPN. It might be tempting to save money, but in the long run, it’s more secure to use a paid option.
10. Avoid Using a Personal Computer for Work
At first glance, your personal computer might seem as safe as your work computer, but experts warn that it’s unlikely that your home computer has sufficient antivirus software, customized firewalls, and automatic backup tools running compared to devices deployed by your employer.
If you have to use your personal computer for work, make sure to use encrypted communication for all sensitive information, continue to use strong passwords for your accounts, use two-factor authentication, and ensure firewalls are set up.
Bonus Tip: Learn More About Cybersecurity
From free intro course options like Fullstack Academy’s Hacking 101 and Cyber OnRamp to full-fledged Cybersecurity Bootcamps aimed to take you from beginner to professional in as little as 17 weeks, there are many options for learning more about cybersecurity.
The more you know about staying safe online, the more prepared you are to deal with a cyberattack while you’re working from home. If you have developers on your team, you can also invest in training that teaches them how to write secure code and protect your data and applications.
"We’ll train your developers in the most important security concepts. By the time they finish this class, they’ll be more empowered to protect your vital applications and data, which will make your entire company more resilient to cyberattacks," says Lead Instructor Corey Greenwald.