It’s no longer business as usual for corporate America. Companies large and small are trying to deal with the spreading coronavirus by allowing or advising their employees to work from home, if possible.
While prudent from a public health perspective, this creates a security nightmare for corporate information technology departments.
“When employees step outside the office, they often forget they're still doing work, and they may not follow the security policies they once would have followed without any question,” Charles Henderson, chief of IBM’s X-Force Red security hacking team, said.
NBC News BETTER asked some of the country’s top digital security experts what precautions they suggest first-time telecommuters should follow:
1. Use company-issued equipment when possible
If you have a laptop or a mobile device provided by your company, use it. Security protocols on company technology is typically stronger than what’s on your personal devices. It’s also easier for the IT folks to manage and monitor them.
“If you’re given a secure device, it’s a good idea to use it,” Kurt Baumgartner, principal security researcher at Kaspersky, said. “Personally, I would feel better having a network administrator or system administrator setting it up for me.”
2. Be responsible with your home equipment
For those who don’t have a company laptop to use, make sure the devices you use — your home computer, personal laptop and personal mobile phone — are secure.
“You absolutely need to have commercial-grade security software installed and up to date, and make sure that all of the patches from Microsoft or Apple are in place,” said Chester Wisniewski, a principal research scientist at Sophos. “It’s probably not a good idea to use the same computer that the kids use to go online because a lot of times, that’s how malware and spyware tools end up getting onto your computer.”
Consumer Reports tested 30 antivirus software programs for Windows and Mac computers. Some of the top-rated programs are free.
It’s also important to check your router to make sure it’s secure and difficult to hack.
“People are not great at securing the home router,” Baumgartner said. “Sometimes firmware falls out of date, sometimes default passwords are left on these things by somebody else who set it up. And that exposes the company you work for and their assets to another level of risk that you're responsible for.”
Here’s a step-by-step guide from Lifewire on how to upgrade your router’s firmware. If you have an old router that is no longer supported with firmware updates, it’s time to get a new one.
3. Always use the company portal to access the corporate servers
Every company has procedures in place for how employees should access the network when out of the office. If you’re not sure what that is, check with your IT department.
“Don’t try to set up your own remote access, using software you may already have on your home device,” Henderson said. “If you try to use that software on the corporate network, you could bypass your company’s security protocols.”
You may be required to use two-factor authentication (2FA) to gain access through the company portal. This is easy to set up and greatly reduces the chances of a hacker getting into the network.
4. Use a Virtual Private Network (VPN) to log onto the internet
Some of the work-related tasks you do at home may not require you to access the company’s servers. If you’re using Wi-Fi to get onto the internet, even from home, you can protect those transactions by using VPN software.
“A virtual private network will provide an encrypted tunnel to the outside world that will keep the data and the destination of that data secure,” Baumgartner explained.
5. Working from home doesn’t mean heading to the local coffee shop
Going online with your home Wi-Fi system (properly updated and secure) is more secure than going to a place that offers free Wi-Fi.
“We don't recommend going to your work websites or websites that require usernames and passwords when using free Wi-Fi,” Paige Hanson, chief of cybersecurity education at Norton LifeLock, said. “You really have to treat free Wi-Fi like someone's looking over your shoulder, knowing every single thing you type and what you click.”
If you must work away from home, Norton LifeLock advises using a VPN to encrypt all the traffic going into and out of your device.
Using your smartphone to create a mobile hot spot is a better way to go. Connecting your computer or tablet to your mobile device is better than using public Wi-Fi, Hanson said, because everything is encrypted that way.
6. Stick with designated company communications platforms
Because he works from home a lot, Wisniewski constantly needs to instant message his team. While it may be easy for you to use a third-party app that you already installed, such as WhatsApp, Telegram, Signal, Viber or Google Hangouts, stick with the company’s officially approved communications tools.
“Companies typically have a preferred chat platform that they use for managing their teams and employees should use it, so the information you’re sharing can be protected,” Wisniewski said.
7. When in doubt, contact your IT department
Working from home means dealing with a lot of tech issues that were handled by trained professionals at work. If something doesn’t seem right or you’re not sure how to do something, contact your IT team.
“Corporate IT knows the best practices for your company,” Hanson said. “They’ll have all the do’s and don’ts for your organization.”
8. Be alert for hackers and scammers trying to take advantage of increased telecommuting
Anyone who works from home is a potential target for hackers and scammers.
“Never click on links or open attachments unless you confirm the identity of the sender,” said Adam Levin, chairman of CyberScout. “Understand that even if the sender is authentic, it is possible that he or she clicked on the wrong link and has sent you a malware-laden email.”
You also need to be especially careful of any email that relates to your work responsibilities. If you’re told to transfer money or sign a contract, something your boss might normally ask you to do, verify those instructions by phone before you do anything. That email could be from a criminal who’s hacked your corporate email, Levin cautioned.
The bottom line
For those who haven’t done it before, working from home is different. It may take you longer to do things. It may be more difficult to communicate with colleagues. It’s easy to get frustrated.
Just remember: When it comes to anything related to your job, security always tops speed and convenience. Preventing a problem is always easier than trying to fix one.