As the total number of people working from home has grown dramatically in the last year or two, so has the number of individuals who use all of their own technology for their jobs. If you're a remote worker who relies on your own PC to get your work done, then you may be at a heightened risk for some of the major threats that are impacting the computer industry as a whole.
Relatively few people take all of the recommended precautions when using their own technology. While it's unlikely that people are engaged in any riskier behaviors than they were before, the fact that few people have the time to follow all the relevant pieces of cybersecurity news means some people might be unaware of certain active threats. That may explain how a password manager was used to install malicious code on a large number of client machines.
Though you might not want to follow all of the news that comes out about security issues on a daily basis, you might find it helpful to pay close attention to at least those that directly impact you. Perhaps most importantly, you're going to want to install mitigations for the biggest breaches.
Following & Responding to Data Breaches Without an IT Department
Newly minted remote workers might still be used to the idea of having IT department staffers around to install updates and monitor their security programs. All of these services would be immediately done away with the moment any of these individuals start working from home. Get into a rhythm where you make sure to edit update your system software and browser on perhaps a weekly basis. It used to be that most threats were OS-level, but that's changed because web browsers have essentially become dedicated application platforms as well as programs themselves.
Consider working with some sort of managed service provider that's outside your organization. Though it might seem expensive, it could actually save you a good deal of money by managing many of the things that you'd otherwise have relegated to your IT department's staffers. According to experts from cybersecurity firm Aura, over 3 million people reported some form of online fraud in 2019. That number is likely to jump by orders of magnitude as a result of the greater number of people working from home now. Firms like this have started to grow for precisely this reason.
Power users might not like the idea of someone else managing their machines for them, which is why some have instead turned to employer-provided training programs. Take advantage of this sort of opportunity if it's available, because it's usually free and can impart quite a bit of information about the best ways to harden any remote software you have to use to communicate with your work.
Chat applications like Discord and Zoom are relatively secure, but bad actors can seize control of them and interject whatever they want to into them. That's why there have been so many recent horror stories of hapless users who have their video feed hijacked. Working with your employer-provided service might be the best way to prevent this from happening.
More importantly, though, there are a few things you can easily do right now to improve your security position dramatically.
Changing Online Behaviors in a Few Minutes
Storing sensitive information on a local PC is a recipe for trouble, but it's something that countless individuals did well before they ever even considered working from home. Look over a guide like the Yummy Software cloud storage software rankings and see if there's a secure cloud storage service you could switch to. Migrate sensitive files to these services and then access them only from an encrypted connection.
As soon as you want to remove a sensitive file from your local hard disk, make sure to overwrite it. Deleting files only frees up the space associated with them, so the actual data remains. You'll want to use a secure deletion tool that can help to cover up any traces of what came before it.
Macintosh users may want to consider switching the "Secure Empty Trash" tick box on, which will overwrite everything that you have in the can. Windows and Linux users might want to try a third-party utility that does the same thing. Don't install any questionable homebrew utilities, however. One package manager suite was found to have a major problem associated with it, and it's likely that others do as well.
Clear your browser history on a regular basis. This is good not only for security reasons but also performance ones. Many IT professionals can tell horror stories about PCs that they had to work on where users hadn't cleared the cache in a long time. This is usually as easy as clicking or tapping on a single menu item.
Turn on safe browsing in Chromium-based browsers like Google Chrome or Microsoft Edge. You can also make your browser send a do not track flag, which may help to limit tracking to some degree. Computer professionals will sometimes argue that this doesn't do much, but it couldn't hurt. With 56 percent of employees using PCs to work from home, it's likely that this could soon have a herd immunity effect on some types of online threats.
Clean out your downloads folder on a regular basis, too. Many people end up with loads of information in their downloads repository, and they don't even realize it. Some of this material can be sensitive, and other files, like those that are executable, can be really destructive. Take a few moments to think about what you're downloading as well, since you don't want to inadvertently cause harm to a PC that you're also using for work.
Torrents are often considered dangerous, and there's always the risk that someone might be able to see what you're downloading, especially if you're tapping into a remote network for work. Poke through a list of the best VPNs for torrenting safely, and you might find something that can help to reduce your risk. In general, downloading torrents of Linux distribution ISOs, materials from the Internet Archive, or huge archives tends to be safer than games or music.
As soon as you've tried these tips out, you'll want to think about reducing your overall attack surface.
Remove Apps You No Longer Use
Every single piece of software on your PC, phone, or tablet is a potential attack vector. Set some time aside and remove anything you don't actually need. You might think that having old programs isn't doing you any harm, but keep in mind that bad actors in one highly publicized cyberattack used Telegram to control a remote agent.
That's not to suggest something like Telegram is inherently unsafe, but getting rid of things you don't use reduces your total attack surface. Do a cold shutdown once you're done getting rid of old programs, and then bring your machine back online. Run a password audit as soon you've finished and change anything that seems to have been compromised.
Admittedly, this is all a lot of work, but it can save you a great deal of time and money later on. Try scheduling some time a couple of days a week, and you'll soon find that doing digital maintenance chores is as easy as everything else on your plate.
