What is often overlooked, however, is that working from home can come with a number of cyber security risks. A home networks and computers are by default not as well secured as in corporate environments. Most (large) companies have an extra safe network and well-secured computer systems. Many companies also have an IT department that continuously monitors the company’s systems and keeps everything secure. Since now you are going to work from home, you have to ensure that you can do so in a secure manner, while also ensuring that no data leaks arise where hackers are given access to company or customer data, for example. In this article, we will provide step-by-step instructions on how to work safely from home. Now, during the coronavirus crisis, but also in the future.
1. Use safe collaboration tools
While teleworking, most discussions and meetings are held online. Consequently, safe collaboration tools and efficient work from home apps need to be used. Many companies use video conferencing to hold meetings. This is well-liked because people can see each other while talking, just like when conducting a meeting in the office. There are various options for conducting safe video calls, each with their own advantages and disadvantages. There are also programs that only allow chat or audio communication. Here are some popular options. All the programs mentioned below provide screen sharing functionality, except for WhatsApp. It is important to weigh your options before choosing one of these programs. Pay attention to the possibilities the software provides, and also consider the weaknesses, especially when it comes to security and privacy. A complete explanation on how we ranked the various services in the table above, can be found in our article on the best and most secure video conferencing programs.
2. Secure your connection with a VPN
Most people already know that they need to secure a public network connection with a VPN. The same applies to home internet connections. Like public networks, home internet connections are not encrypted by default. Therefore, hackers can intercept data or inject malware into your system. There is also a high risk of home internet connections getting tapped and thus company data or personal data being stolen. Furthermore, with the arrival of the GDPR, this can lead to high fines and negative publicity. Many companies have already had to deal with such consequences recently. Fortunately, most companies acknowledge the importance of a well-secured network. Many (large) companies nowadays use specialized business VPN solutions, like Cisco’s, to secure the company network so that people who work remotely or from home can still log in securely. However, a business VPN is not an affordable or profitable option for all companies. Especially for small businesses whose employees are working (temporarily) from home, a private VPN could be a good alternative solution. Just like VPNs used by large companies, private VPNs offer a safe VPN tunnel and data traffic encryption so that all data traffic is secured. For small business employees who want to work from home safely, the following two VPN providers could be of interest:
ExpressVPN: the best all-round VPN according to our test
ExpressVPN has been a trusted name in the VPN marketplace for years. There are a number of points to consider when choosing VPNs. These include the security of the encryption protocols used, as well as the speed and the ease of use. We recommend ExpressVPN for teleworkers who want a VPN with which they can work safely, quickly and efficiently. According to our speed test, this is the fastest VPN currently on the market. In addition, this VPN offers excellent and very secure encryption protocols, including OpenVPN UDP (set by default) and OpenVPN TCP. Something that makes ExpressVPN unique in terms of ensuring privacy is its TrustedServer Technology. Thanks to this technology, ExpressVPN only uses volatile Random Access Memory (RAM) for their servers and not for their hard drives, as do most other VPN providers. RAM needs power to store data. Thus by using this technology, every time that ExpressVPN servers are turned on or off, all data stored on them is erased. Therefore, the technology allows ExpressVPN to offer extra strong protection for company data against server hackers, for example. Its efficiency and security makes ExpressVPN suitable for any kind of profession. Whether you are a filmmaker who regularly downloads very large video files from the cloud, or an accountant who needs to safeguard customers’ financial data, with ExpressVPN you can rest assured your connection to the internet is secure. Checkout our ExpressVPN test.
Surfshark: the best budget VPN for teleworkers
Surfshark, like ExpressVPN, is a fast and secure VPN. However, this VPN offers two major advantages, namely price and number of connections. Surfshark is one of the cheapest premium VPN providers. On top of that, a small team can work from home safely using a group subscription. The number of connections is unlimited, as long as the software’s use remains within Surfshark’s fair use policy. The main difference between Surfshark and ExpressVPN is speed and the options available. ExpressVPN is slightly faster and has a few special options that Surfshark does not have. These options include the TrustedServer Technology we previously mentioned as well as provision of obfuscated servers (servers that can bypass certain internet restrictions) for use in China. However, for most smaller companies Surfshark offers all they need and is often the better option for companies that want to keep an eye on their budget.
Use 4G as an alternative to home internet connections
Some people rely on their mobile networks when working from home by creating hotspots to connect their laptops. Working with a 4G connection is certainly a good option for many, especially considering the speed of mobile internet today. Of course, you need to make sure you have enough data in your bundle (preferably unlimited). Many providers allow you to adjust your data bundle on a monthly basis. If you expect to use more data than normal and you don’t anticipate being able to use a fixed connection in the foreseeable future, it may be wise to increase your data bundle for the next month or so.
3. Update your operating system and software
Updating your system may seem like an unnecessary and complicated process. But actually, the opposite is true. In practice, it is a simple but very important procedure, which will stop viruses and hackers. Possible bugs or vulnerabilities found in system software are generally fixed by manufacturers via updates, so that hackers and cyber criminals cannot take advantage of them. Consequently, make sure you take the time to update your system. How do you ensure your operating system is fully updated? Fortunately, this is relatively easy to check. Below, we explain how this is done for the most commonly used operating systems, namely Windows, Mac, Android and iOS.
To update Microsoft Windows:
To update Mac OSx:
To update Android devices:
To update iOS devices:
As well as your operating system, your software must also be up to date. Most software on Windows and OSx will automatically inform you or install updates as soon as they are available. In settings, you can also actively search for any updates. To update apps on your Android device, go to the Play Store and look in the menu under “My Apps and Games”. To update apps on iOS devices, open the App Store and tap “Today” at the bottom of the screen. Next, tap on your profile symbol at the top of the screen and scroll down to see the apps that can be updated. Finally, we strongly advise against the use of illegal (downloaded) software. These often contain viruses or backdoors built in by hackers.
4. Use a good virus scanner for your PC and smartphone
It is of course possible that your employer provides you with well-secured equipment to work on, for example a work laptop with good, up-to-date anti-malware software. However, in practice it often happens that people need to take their old laptop out of the cupboard to work from home, which probably lacks adequate protection. Good antivirus and antimalware software are of great importance, especially for equipment that needs to be used for work purposes. According to Cyber Security Monitor 2019, the annual cyber security report of the Dutch CBS (Central Bureau of Statistics), about 30% of all large Dutch companies (i.e. with 500 employees or more) and 20% of small businesses experienced a cyberattack in 2019. In such circumstances, you don’t stand a chance without adequate protection.
Good free and paid antivirus software
There are several software providers in the marketplace that offer reliable, free antivirus software. A good free antivirus scanner, which runs on Windows, Mac, Android and iOS, is AVG AntiVirus Free. If you prefer to use paid antivirus software, we currently recommend Bitdefender. This software provider has scored very well in many independent tests and comparisons.
5. Install a good firewall on your PC and smartphone
In addition to a good virus scanner, it is also essential that you have a reliable firewall. A firewall creates, as it were, a wall around your computer to prevent intruders from gaining access to your computer. Also, thanks to firewalls “flawed” programs are less likely to be able to establish an unwanted connection to the outside world. A reliable and well configured firewall is therefore very important to work safely from home. Even if you log in to your work network via a secure connection (e.g. via Citrix), you need to be able to prevent hackers from watching what you’re doing on your home computer.
Firewalls for Windows
Newer versions of Windows (i.e. from Windows 10 up) come with Windows Defender, Microsoft’s default firewall. Windows Defender is known as a fairly robust firewall, which should suffice in most cases. However, various security experts recommend using more sophisticated firewalls. If you want this extra safe option, we recommend looking at a good package that combines antivirus and firewall software, such as Bitdefender or the paid version of AVG.
Firewalls for OSx (Macbook and Mac)
Apple also supplies a good default firewall with its OSx operating system. In most cases, this firewall software is sufficient. To enable the Apple firewall, you need to perform the following steps:
6. Use secure cloud storage
Ensure you make regular backups, preferably a double backup, held in two different places. In this way, if your company is subjected, for example, to a ransomware attack, you will not lose everything. With a recent backup, you will be able to restore your systems more easily. It is wise to store a backup locally and another in the cloud. Ensure that your local backup is stored, for instance, on an external hard drive, which is thoroughly secured with, for example, a strong password. In addition, it is wise to hold a backup in the cloud. There are several cloud storage services to choose from. However, whichever cloud service you choose, always make sure you secure your account with a strong password, and where possible, with two-factor authentication. Below you will find some safe options that you could easily set up at home.
Google Drive
Google Drive stores your files using AES 128-bit key encryption by default. Additionally, the connection to and from Google Drive servers is encrypted using 256-bit SSL/TLS, which is a good standard for today. Moreover, within Google Drive you can easily collaborate with colleagues using Google Docs. Without a subscription you get 15 GB of storage, which for many is more than enough.
OneDrive
OneDrive does not use encryption by default to store files. However, the connection to and from OneDrive servers uses SSL encryption. One advantage OneDrive has over Google drive is that OneDrive allows you to access the entire Office Suite in your browser. This allows you to easily adjust documents from within your browser. Without a paid subscription OneDrive gives you 5 GB of storage. For $2/month you get 100 GB of storage and for $7/month you can get the advanced package that comes with 1 TB of storage and the entire Office Suite.
Dropbox
Dropbox is one of the most popular cloud storage services available today. The benefit of Dropbox is that it allows you to easily share documents with others who are also using the service. Dropbox stores your files using AES 256-bit key encryption by default. Furthermore, the connection to and from Dropbox servers is secured with AES 128-bit SSL/TLS encryption. With the free version of Dropbox, you receive 2 GB of storage. For € 9.99 you get no less than 2 TB of storage.
SpiderOak
The SpiderOak One Backup service provides a safe way to easily run backups and uses end-to-end encryption to safeguard your privacy. The downside of SpiderOak is that there isn’t a free version available. However, SpiderOak have a trial version so you can try the service for free for 21 days. Once the free period is over, their cheapest plan costs € 6/month for 150 GB of storage.
Mega
Mega was founded by Kim Dotcom, an internet cult hero who has been committed to internet freedom for years. Consequently, Mega was set up with privacy in mind and uses end-to-end encryption to properly encrypt all your files. The benefit of Mega is that you can start with its free version, which provides 50 GB of storage. Furthermore, you pay only € 4.99 per month for 400 GB of storage. By taking backups of your work locally as well as in the cloud, you ensure that the chance of losing your work for any reason is greatly reduced. Don’t forget to adequately secure your storage so that your backups and other files are not wide open to hacker attacks. If you would like, you could read more about the safest cloud storage options.
7. Use strong passwords and password managers
Using strong and secure passwords is vital. It only takes one employee to use an easy-to-crack password to create that weak link needed to cause severe problems for an entire company. That is why a solid password policy is key. Always use strong, secure and unique passwords and never use a password on more than one platform. If you would like to know how to create such passwords, please see our guide on this topic. Do you find it difficult to remember the passwords of all your different accounts? You are not alone. Fortunately, if that is the case, you can use a password manager such as Remembear or Blur. These tools store all your passwords in a secure environment, so that you no longer have to remember them. Furthermore, you can access all your various applications with a single click.
8. Watch out for (coronavirus) phishing emails
Something to be aware of is that many cybercriminals specifically target people who work from home. A common tactic used is phishing emails. Examples of such emails include the phishing emails that have supposedly been sent by the World Health Organization to inform people about COVID-19. Of course, you should never respond to these kinds of messages or click on dubious links. Phishing emails are one of the most common methods used by cybercriminals to infect victims’ computers with malware. Phishing emails are also used to trick victims into disclosing sensitive data. The last thing you want is for cybercriminals using phishing emails like the one above to infect your computer with, for example, dangerous spyware in order to steal all your sensitive customer information.
9. Organize your workplace
Online security goes beyond properly setting up your computer. Things can go wrong that do not involve electronic devices. For example, never write your passwords on a piece of paper. If this gets into the wrong hands, the security of your system is immediately compromised. Also, it is not recommended to keep your physical backups, stored on devices such as external hard drives, in close proximity to your computer. It may sound a bit extreme, but in the event of a fire both your computer and your backups will be lost.
10. Conclusion: working from home is interesting but holds risks
In many cases, working from home offers an interesting alternative to working at the office. Especially in times of crisis, as with the coronavirus, teleworking is a good option for many people. Unfortunately, as we have seen, working from home comes with certain risks. Make sure your computer systems are up to date and protected with a virus scanner and firewall. Secure your internet connection at all times with a good VPN. And finally, make sure you have a secure backup system and beware of phishing and cybercrime.