Working from home makes you vulnerable to hackers. Here's how to stay safe

Now's the time for good tech hygiene, too.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce | Amazon | Earned wage access | Online marketplaces | Direct to consumer | Unions | Labor and employment | Supply chain | Cybersecurity | Privacy | Stalkerware | Hacking Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
5 min read

Working from home doesn't have to expose you to hackers. Here's what you can do to make it safer.

Angela Lang/CNET

Working at home can leave you open to hackers, even in normal times, and these aren't normal times. With millions of people in the US under orders to stay home to slow the spread of the novel coronavirus, many more people are now working in their personal space, sometimes on their personal computers or phones. That makes a much wider target for hackers, cybersecurity experts say.

At home, it's less likely you're protected by the corporate software that can scan every link you click and file you download for signs of danger. Additionally, your brain might be fried with worries over the spread of a disease that's threatening to overwhelm health care systems around the country, and by all the logistical problems that staying inside present.

"I don't think there are many people alive who have gone through something of this magnitude," said Eva Velazquez, president and CEO of the Identity Theft Resource Center, who added that current events are so distracting, we're more vulnerable to scams.

There are simple steps you can take to limit the risk, though. That's good, because cybersecurity firms say it appears hackers have become more active lately. Researchers at Zscaler say since January, they've seen a 15% to 20% increase each month in overall hacking incidents and an increase in hacking threats that use terms like "coronavirus" or "COVID-19" to trick users into handing over sensitive information or installing malicious software. While Microsoft said in a blog post that the overall volume of attacks that reference the pandemic is "very small," the company said it's still a good time to protect yourself from hackers.

Limiting hacks could help prevent headaches at work, and it could also stop hackers from stealing data that your company is holding on to. And since your personal and professional life are all mixed up at the moment, you can stop yourself from handing over your own sensitive information to hackers at the same time.

Here's what you can do to work from home more safely.

Update your software

Because you aren't in your office, your company could have a harder time keeping your software updated automatically. And you might not realize it, but professionals whose job it is to stop hackers say that keeping your software up to date is one of the most important things you can do.

When software companies release updates that fix security flaws, they're essentially handing hackers a key that helps them access devices running the older version of the software. If you update your software, you're changing the locks, and it'll be a lot harder for hackers to get in.

It's not just the applications running on your phone or laptop that need updating. You can also make sure the operating systems on your devices are up to date. Even routers need to be secured, though router makers often install these updates automatically. On Wednesday, Sen. Mark Warner of Virginia asked companies like Netgear and Google to ensure that people who are relying on home internet for work, health and education are using secure routers.

Of course, there are potential drawbacks. Software updates themselves can sometimes cause problems on your device, breaking programs that are essential to your job or making your device unusable. These problems, however, typically get noticed and addressed quickly. So if you must wait to make sure there aren't any surprise problems with the update, go ahead, but don't wait too long.

Our new reality now that coronavirus has sent the world online

See all photos

Use two-factor authentication

If hackers do manage to infiltrate your system, they might be able to steal your usernames and passwords. That sounds scary, but there's something you can do to make that information much less useful for hackers. It's called two-factor authentication, and it requires you to enter a onetime code or use a hardware token to finish logging in after you enter your login credentials.

Watch this: In a world of bad passwords, a security key could be your new best friend

When you have this feature enabled, stealing your password isn't enough for a hacker to log in to your personal bank account -- or your company's payroll system. It's an extra step, but it's one of the most effective ways to stop hackers. The security settings in Microsoft and Google cloud services used by many small businesses let you turn on two-factor authentication and review other options for keeping your accounts secure.

Avoid phishing scams

Just like you need to be on the alert for scams and bogus information about COVID-19, the disease caused by the coronavirus, you should keep your guard up against suspicious messages that could come from hackers and scammers.

According to Microsoft, 91% of hacking attacks begin with a malicious email, in what's called a phishing attack. The emails can take all forms. Some might promise you vital information about the spread of the coronavirus in your region, but in fact contain a malicious file that can infect your computer. Others will use spoofing to look like they're coming from your boss, asking you to wire him or her some money in a hurry. 

This is especially true on April 1, when confusing, jokey messages tend to float around social media fields and inboxes for April Fools Day. Don't lower your mental defenses on this day and click something you would normally find suspicious.

While you're working from home, you can't walk down the hall and ask your boss for more details about an odd request for funds, but you can still check in on the phone, said Chris Hallenbeck, chief information security officer at cybersecurity firm Tanium.

That way, he said, you won't "suddenly wire $200,000 to someplace you didn't intend to."

Beef up your personal security

For people using a work computer at home, corporate anti-virus software and other security tools are often running by default. If you have access to a corporate VPN, you can use it to access your company network, where your employer can better protect you from afar.

This won't work for all companies, which might not be prepared to have their entire workforce use the VPN at once, so it's worth checking in with your employer about this one. You can also use a personal VPN, but that's mostly to protect your own privacy, as these services aren't meant to protect you from malicious software and apps.

If you're using your own computer and can't access your company's internal network, you can still install consumer products that scan for malicious software that can steal information, spy on you and spam your contacts, as well as potentially unwanted programs like adware. If you run these programs and keep these other tips in mind, you'll be in good shape to defend yourself from hackers.

Plus, there might be a silver lining, Hallenbeck said. If you can't access your employer's network, then hackers can't use your computer to access it either.