Hackers, like other criminals, prey on weaknesses. They look for vulnerabilities and take advantage of what they find.
With many companies allowing employees to work from home to prevent the spread of the virus which causes COVID-19, that's important to remember, according to Trevor Jones, director of the Digital Forensics for Cyber Enforcement (DigForCE) Lab at Dakota State University.
"All your workers are at home. Now all the security of the data depends on the individual," he said in a phone interview recently.
In the workplace, data is protected by the firewalls put in place by IT specialists. However, once that data is accessed offsite, the employee becomes the first line of defense against a hacker.
"The security might be up to the security you have at home," Jones said.
Among the most important precautions an individual at home can take is to have a secure WiFi connection. This involves ensuring the router is secure.
"As long as the router has a long, secure password, perfect," Jones indicated.
In the past, multidigit, alphanumeric passwords were recommended, but more recently, pass phrases are recommended. Not only are they easier to remember, but they are also more difficult to hack. The longer the pass phrase, the better, according to Jones.
"The key take-away is pass phrases are longer and more secure," he said.
When working at home, it's also important to remember what other applications might be in use while accessing secure work-related data. Streaming Netflix, for example, could create a vulnerability by creating an access point for hackers.
"You might want to be more selective in what applications you use," he advised.
A further danger may arise simply because people are more comfortable in their homes. Without the firewalls put in place in work settings by IT professionals, workers may receive email messages with suspicious attachments which would have been blocked in the workplace.
"Nobody is blocking IT addresses in your home," Jones indicated.
Workers at home may forget this. They may inadvertently open a suspicious attachment, giving a hacker access.
"People get more relaxed in their homes, which may lead them to be more relaxed with their email," Jones explained.
While this is understandable, he recommends those working from home be more cautious and more diligent. He further recommends checking with the company IT professional before opening any email attachment which appears to be out of the ordinary.
Jones emphasized that personal information, such as banking information, is no more at risk than it has been at any other time. The danger now is that hackers will use home computers as doorways to access company data which would normally be protected from their attacks.
He said they will be thinking, "I don't have to battle the IT professional anymore" and will take advantage of the vulnerabilities that exist because the COVID-19 pandemic has forced companies to move quickly to stop the spread. Companies may not have been prepared for employees to work from home.
"Your business security is only as strong as your weakest link," Jones noted.
In addition to ensuring a secure WiFi connection and taking care when opening email attachments, workers should work closely with their IT professionals to identify other ways to help protect company information, he indicated. Other protections can be put in place.
For example, two-factor authentication may be required to access secure data. Employees may be instructed not to store company information on home computers, but to save it on a cloud server.
"Don't try to be the IT professional," Jones said. "Your IT professional knows what's best for your security at home."
As much as anything, he reminds people that security is a mindset, that they have to remember the Internet changes the world in which people live.
"When you go out on the Internet, you're not living in South Dakota," Jones indicated. "You're in the worst neighborhood you've ever been in. There are people in that neighborhood that want to prey on you."
Those who work from home should keep in mind that their home computer can provide hackers with the information they need to do great harm.
"Your home network holds the keys to the kingdom," Jones said.