February 28, 2020 - We hope this post finds everyone safe and healthy. As is the case for many of you, our plans for the next few months have shifted. Although we are bummed to not be teaching workshops at upcoming conferences as planned, we are ready to focus extra attention on our current projects.
As many of us transition to working from home, we wanted to write a quick post with a few cyber hygiene tips. There can be additional cybersecurity concerns that arise when you are doing your work from home. As we fight to keep our cats off of our keyboards and juggle multi-tasking with our families at home, these quick reminders will help protect your information and the projects you are working on!
- Watch out for phishing emails!
Phishing emails are carefully crafted to trick you into giving up some form of personal information, whether that is credit card numbers or a password to an important site. Remember to:
- Carefully check links in emails before you click them (if you hover, you can see the URL it wants to take you to)
- Double check the sender and verify the request through another channel. For example, if an email looks like it’s from your healthcare provider and the link asks for your credit card information, try calling your healthcare provider to be sure the request is legitimate.
- Take a breath and think through the request… many phishing emails are crafted to create a false sense of urgency. Being aware before taking any action can stop further consequences.
Make sure your passwords are strong and you are using multi-factor authentication where possible. Did you know that 81% of data breaches are caused by compromised weak passwords? (See here) Opportunistic cyber-adversaries could be looking to take advantage of companies and employees at this time, so it is extra important for us to make sure our logins are protected. If you don’t already, look into using a password manager. They can help you to generate strong passwords and not have to remember each of them. Dashlane is a great one, but others such as LastPass are available, too. Additionally, many accounts allow you to add a second factor to identify yourself. Typically, this will be a code generated by an app such as Duo or Google Authenticator. These apps are easy to set up if you have a few minutes!
If your company provides a VPN and encrypted chat services, make sure to use them! In the US, only 5% of people regularly use a VPN, compared to much higher rates in other countries, such as Thailand at 24% and Indonesia at 22% (see here). VPNs make it more difficult for an attacker to track your online activities, and can allow you a secure connection into your company’s enterprise network. Typically, companies will provide employees with VPN access to do their work on the company network, where company data is in an environment with known risks and protections. Because there are adversaries who may be looking to take advantage during this unique situation we want to be vigilant and careful to use the secure tools available to us.
Make sure your devices are kept up to date. This includes phones, laptops, and even home routers (most don’t require manual updates by consumers, but if yours does you’ll want to be timely). These updates could include security patches and improvements to keep your devices safe. Since nearly everyone is at home right now, if you have kids and they have devices… remember to keep those up-to-date, too! We don’t want attackers to have any extra avenues to exploit.
- Make sure confidential information doesn’t get caught in your social media posts! This one may seem obvious, but social media is a great tool for socialization when we are keeping physical distance. Just double checking that work information is not in the background of your social media posts could save you headaches later on.
We feel extremely fortunate to be able to do our work at home, and as a small business we appreciate all support during this uncertain time. Check out the links under our Services tab to see some of the work we love doing! As always, feel free to contact us with any questions or requests.