How to Stay Safe from Cybercrime When Working at Home During the Outbreak

For starters, beware of email and calls claiming to be from your company's IT department

working from home GettyImages-968890686

Cybercriminals see the coronavirus pandemic as an opportunity to target people working from home, security experts say.

“Individuals are opening up their home networks to new levels of criminal focus that just haven't been there before,” says Kurt Baumgartner, principal security researcher for Kaspersky, a digital security firm. Many criminals hope to capture personal and company data, he says.

More on coronavirus

Many office workers have become used to working behind corporate firewalls on secure networks. Now they’re connecting to work through their home networks.

Lots of large companies already have strong security in place for remote work, something smaller companies may not have implemented before now, Baumgartner says. For example, a virtual private network (VPN), which secures digital traffic as it travels back and forth from a user’s computer, is commonplace for large companies, but it's less common at small operations.

If you are working for a smaller company from home, that could leave your online traffic vulnerable to attackers. And that's bad for you and your employer.

Baumgartner says criminals will be targeting remote workers with everything from coronavirus phishing email to ransomware and attacks on their routers. He and other experts predict the biggest problem could be tech-support scams.

In that scam, a remote worker receives email or a call from someone claiming to be from their employer’s IT department. The email requests access to the employee’s computer and network.

Adam Meyers, vice president of intelligence for CrowdStrike, a digital security company, says you should make sure to have the direct number for tech support for your employer and know the proper contacts so you'll have an easier time figuring out if email is legitimate.

But the scammers will be doing their homework, he warns. Social media sites, such as LinkedIn, can provide IT department employee names and end up helping criminals create convincing scam email and phone calls.

“Wherever people are working, they need to be aware that people are targeting them,” Meyers says.

Tips for Remote Workers

There are some easy ways to reduce online risks. Here are the most important tips from security experts.

Lock down your WiFi. Change the default password if you haven’t already. And don’t share that password with your neighbors. The more people who have access to your network, the more likely it is to be breached.

If you can set up multiple networks on your router, do that. Keep your work-related devices separate from your personal phones, laptops and IoT devices, such as baby monitors and video doorbells. And definitely don’t share your work network with your children.

Think before you click, even on work-related email. What looks like communication from your company’s CEO with a coronavirus update or the IT department telling you to reset your password could very well be fake.

If something looks suspicious, delete it. And don’t open up attachments or click on links. Instead, pick up the phone and call whoever supposedly sent the email.

Update everything. Make sure your computer operating systems are up to date. That goes for your router and antivirus software, too. New computer viruses are always emerging, and you want to make sure your AV catches everything it can.

Speaking of passwords... Make sure you’re using good ones, and don’t use the same password for multiple accounts. Long, random strings of letters, numbers, and symbols are best. To make it all easier, Consumer Reports rates password managers.

Use a VPN. Ideally, your company will provide a business-grade version of one of these for you. But there are also free and paid versions to download.

Be careful in choosing a VPN, or virtual private network. Because these services route all of your internet traffic, they can put you in danger if they don't employ top-notch security. In addition, many free VPNs employ third-party trackers that gather data on your browsing activity, compromising your privacy. In the past, security experts have recommended TunnelBear and NordVPN to CR. In addition, Disconnect Premium is owned by a highly regarded security company that has coordinated with CR on security investigations.

“You have to shop around, read privacy policies, and take into account reputation,” Baumgartner says.

Enable 2FA wherever possible. Just like maintaining good passwords, you should already be using two-factor authentication, which makes it necessary to have a password and a second method of verifying who you are to access an account. Banks, email providers, and many other sites offer 2FA in their settings. Whatever 2FA method you choose (text notifications, authentication apps, or physical "keys" that connect to your phone or laptop) is going to be better than using a password alone.

Educate your kids. If you’ve got children, they may be home with you instead of at school—and spending lots of time online. Don’t let them play with your work phones or computers, Baumgartner says. Protect those devices with a secret PIN so the kids can’t use them behind your back.

And because you can’t keep an eye on them all the time, teach your children to take their own security precautions, Meyers says.

“You’re only as strong as your weakest link,” he says. “You need to make sure your kids aren’t the weakest link."

Bree Fowler

Bree Fowler

I write about all things "cyber" and your right to privacy. Before joining Consumer Reports, I spent 16 years reporting for The Associated Press. What I enjoy: cooking and learning to code with my kids. I've lived in the Bronx for more than a decade, but as a proud Michigan native, I will always be a die-hard Detroit Tigers fan no matter how much my family and I get harassed at Yankee Stadium. Follow me on Twitter (@BreeJFowler).