Cybersecurity

3 steps to boost your digital safety while working from home

Life in lockdown: Chiara Zuddas, 31, works on her laptop at home in San Fiorano, one of the original 'red zone' towns in northern Italy that have been on lockdown since February, in this picture taken by her husband, schoolteacher Marzio Toniolo, March 27, 2020. Toniolo has been documenting what life has been like for his family since quarantine began for them weeks before the rest of the country. Picture taken March 27, 2020. Marzio Toniolo/via REUTERS THIS IMAGE HAS BEEN SUPPLIED BY A THIRD PARTY. MANDATORY CREDIT - RC2EUF900M5P

Working from home can make us lower our guard. Image: REUTERS

Steve Benton
BT Deputy CSO, GM Cyber and Physical Security Operations and Programmes, BT
  • As people work from home to stop the spread of coronavirus, they become more vulnerable to digital attacks and scams.
  • Hackers may try to exploit your stress response to the COVID-19 crisis.
  • The most powerful defence is your own behaviour and critical thinking. Slowing down and activating your rational mind can help ward off threats.

The impact of the coronavirus pandemic is being felt far and wide. For many people, the biggest change to their daily routine has been working from home to help stop the spread of COVID-19. While businesses and communities have pulled together to rise to the challenge, the dramatic disruption has also created new opportunities for hackers and scammers. The lack of a protected office space is not the only problem. Behavioural change, such as the mental strain of adapting to a new and worrying situation, can make it difficult to spot and ward off threats. The good news is that a few simple processes adapted from corporate security protocols can improve your digital safety at home.

Your brain during the crisis

Firstly, be aware that working from home represents much more than a change of location. It involves a profound shift in mindset and behaviour. With teams dispersed, we can no longer just turn to the side to check our thinking with a colleague. Instead, we make more decisions in isolation, and this can make us more vulnerable. We are also becoming more used to interacting with certain contacts only via email, which may raise the risk of impersonation and identity theft.

In addition, the crisis itself is affecting the way we think. During times of stress and upheaval, humans tend to respond more instinctively and less rationally. Over the past few weeks, many of us have been forced to make instant decisions amid constant change. Such fast thinking has its place, but it can stop us from considering certain situations carefully and rationally and choosing the best way ahead.

Finally, the threat of potential hackers is adding yet another source of stress. Many people are aware that working from home may leave them more open to digital attacks, but are unsure what to do about it. Such uncertainty not only makes it difficult to protect ourselves, it can also affect our ability to focus on our work.

Even before the pandemic, cybercrime had become a growing threat. Image: Statista

The 3 basic steps

Global businesses use many sophisticated tools to protect themselves against such threats. But one fundamental process that can be easily adapted to personal use is the 3-stage thinking approach. It consists of three basic steps:

1. Stop

2. Think

3. Protect

This deceptively simple procedure can be extremely powerful because it goes to the heart of how many hacking campaigns work.

One typical ingredient of many hacking attacks is a sense of time pressure. Someone may be contacting you urgently about how to protect yourself from the coronavirus. They may even tell you that you’ve been identified as someone who’s had contact with someone who’s been tested as positive for the infection.

These kinds of emails make you want to act. They purposefully engage your sense of urgency, worry and fear. The best way to counter them is to activate your calm, rational faculties, and take the time to evaluate the request.

Have you read?

Healthy scepticism

For many people working from home, almost every single aspect of daily life has changed. Scammers may try to exploit this, because they are aware that many of us are using products we’ve never tried before. They may for example create plausible stories around new services, hoping you won’t have the mental space to probe and question them. They may make their emails appear to be from a familiar or credible source, or recommend a collaboration download that will make working from home easier. The more legitimate the email, the easier it is to elicit a response.

Hackers may try to gather the credentials of people working at an organization, such as simple passwords that people came up with in haste among the chaos. Once they can access a mailbox, they can set up a forwarding rule so the user is completely unaware that their credentials are now being used to email others.

However, even if this happens, others at the organization can still do a number of basic things to stop the attack. If you receive an email from a contact, no matter how legitimate, no matter how urgent, take a pause. Ask yourself: ‘Is what I’m being asked to do normal?’, ‘Is there anything strange about this email / instruction?’

If there’s a little niggle at the back of your head about it, pay attention. Think how you can verify if it’s real, and who to report it to if you’re suspicious.

Look up from the screen

Cyber security is not just about emails and passwords. It may seem obvious, but keeping your computer, phone and confidential printed documents physically safe is an important part of your overall protection. When setting yourself up to work from home, try to give some thought to where in your home you’re working from. Make sure ill-intentioned outsiders can’t see your screen and paperwork through your windows or doors, and if you do leave the house, don’t leave your computer on display. At the end of the day, tidy away any confidential paperwork, just as you would at the office.

Discover

How is the Forum tackling global cybersecurity challenges?

Long-term thinking

One of our most powerful skills as humans is to think ahead, consider different scenarios and make plans. If you discuss potential problems and solutions with your colleagues, you’ll be better prepared if an attacker strikes. This can be as simple as setting up alternative ways of verifying an email or instruction. We don’t know how this situation will evolve, or when we will be able to go back to our offices. But we can build sustainable, safe processes and relationships that will help us work calmly and confidently.

Lastly, if you’re facing a security threat or have fallen foul of a scam, don’t be embarrassed, but do act quickly. Your security team is there to support you, reduce the potential impact and protect you. Make sure you know who to contact if you need them. Together, we can do our bit to help our businesses and each other survive during these challenging times.

Loading...
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Cybersecurity

Related topics:
CybersecurityHealth and Healthcare Systems
Share:
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
World Economic Forum logo

Forum Stories newsletter

Bringing you weekly curated insights and analysis on the global issues that matter.

Subscribe today

4 ways to advance equity in cyberspace

Kate Whiting

December 12, 2024

The top cybersecurity stories from 2024

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum