There have been increased reports of cyber threats and scams since the start of the COVID-19 pandemic. With so many of us working from home lately, I wanted to share a handful of guidelines.
This list is by no means comprehensive. And you should always look first to your employer’s IT security guidelines — especially when using VPN connections or company-provided software that scans for malware and vulnerabilities.
Given that, let’s dive in!
1. Keep Your Software Up to Date
Once a week, check for software updates for all of your devices. This includes:
- Operating systems on all computers, including non-work devices
- Commonly used apps like web browsers and Zoom
- Updates coming through Apple or Windows app stores
- Smartphone OS and app updates
- Internet modems, routers, and wifi access points
- Connected device software/firmware updates:
- Smart TVs
- Streaming devices: Apple TVs, Chromecast, Roku, etc.
- Game consoles: PS4, Xbox One, Nintendo Switch, etc.
- Other smart devices: Nest Thermostat, Ring Camera, Alexa devices, etc.
Keeping software up to date on connected devices is the best way to ensure that patches for any recently-discovered vulnerabilities are applied to your systems.
2. Be Smart About Passwords
Store all of your personal logins in a password manager. I recommend 1Password because its Vaults feature allows you to store and share project-related logins, passwords, and API keys.
Here are a few best practices:
- Favor using your password manager over saving logins in your browser.
- Use your password manager to generate a new, impossible-to-guess password for every site where you have an account. Start with your Google passwords.
- Enable two-factor authentication whenever possible.
- Generate random answers to “security questions” (e.g. What was my first pet’s name? Answer: mn9-roDVU3nt). Your password manager should be able to store these too.
- Password protect your Zoom meetings.
- If you have a Mac, encrypt your home files with FileVault.
3. Connect Securely
When connecting to the internet:
- Prefer connecting to your home network (via private, password-protected wifi) over using any other network.
- Consider changing your home wifi password to a new, randomly-generated password at least twenty characters long.
- If you have to connect over a wifi network that isn’t password protected or a shared wifi network that isn’t private to your home, use your work VPN (if available and allowed by your employer’s IT group). Otherwise, consider using a third-party VPN service like ExpressVPN.
- Clean up the list of trusted wifi networks on your computer to include only those you recognize as trusted, e.g. only home and work. On a Mac, you can do this by opening up System Preferences -> Network -> Advanced and removing items from your Preferred Networks list.
4. Don’t Click on Suspicious Stuff or Follow Weird Instructions
Keep a keen eye out for:
- Web or download links to not-quite-right domains like dropboxx.com or zooooom.us
- Links that have what looks like a filename in them
- Emails or calls from people claiming to be an authority and requesting (or asking to confirm) personal info or money
- SMS and social media direct messages in any smartphone app from people you do not know
- Odd looking messages from people you do know (They may have had their account compromised.)
Staying connected will be very important for everyone going forward. Keeping these security tips in mind will help mitigate against the increased risks.