3 steps to boost your digital safety while working from home

The impact of the coronavirus pandemic is being felt far and wide. For many people, the biggest change to their daily routine has been working from home to help stop the spread of COVID-19. While businesses and communities have pulled together to rise to the challenge, the dramatic disruption has also created new opportunities for hackers and scammers. The lack of a protected office space is not the only problem. Behavioural change, such as the mental strain of adapting to a new and worrying situation, can make it difficult to spot and ward off threats. The good news is that a few simple processes adapted from corporate security protocols can improve your digital safety at home.

Your brain during the crisis

Firstly, be aware that working from home represents much more than a change of location. It involves a profound shift in mindset and behaviour. With teams dispersed, we can no longer just turn to the side to check our thinking with a colleague. Instead, we make more decisions in isolation, and this can make us more vulnerable. We are also becoming more used to interacting with certain contacts only via email, which may raise the risk of impersonation and identity theft.

In addition, the crisis itself is affecting the way we think. During times of stress and upheaval, humans tend to respond more instinctively and less rationally. Over the past few weeks, many of us have been forced to make instant decisions amid constant change. Such fast thinking has its place, but it can stop us from considering certain situations carefully and rationally and choosing the best way ahead.

Finally, the threat of potential hackers is adding yet another source of stress. Many people are aware that working from home may leave them more open to digital attacks, but are unsure what to do about it. Such uncertainty not only makes it difficult to protect ourselves, it can also affect our ability to focus on our work.

The 3 basic steps

Global businesses use many sophisticated tools to protect themselves against such threats. But one fundamental process that can be easily adapted to personal use is the 3-stage thinking approach. It consists of three basic steps:

1. Stop

2. Think

3. Protect

This deceptively simple procedure can be extremely powerful because it goes to the heart of how many hacking campaigns work.

One typical ingredient of many hacking attacks is a sense of time pressure. Someone may be contacting you urgently about how to protect yourself from the coronavirus. They may even tell you that you’ve been identified as someone who’s had contact with someone who’s been tested as positive for the infection.

These kinds of emails make you want to act. They purposefully engage your sense of urgency, worry and fear. The best way to counter them is to activate your calm, rational faculties, and take the time to evaluate the request.

Healthy scepticism

For many people working from home, almost every single aspect of daily life has changed. Scammers may try to exploit this, because they are aware that many of us are using products we’ve never tried before. They may for example create plausible stories around new services, hoping you won’t have the mental space to probe and question them. They may make their emails appear to be from a familiar or credible source, or recommend a collaboration download that will make working from home easier. The more legitimate the email, the easier it is to elicit a response.

Hackers may try to gather the credentials of people working at an organization, such as simple passwords that people came up with in haste among the chaos. Once they can access a mailbox, they can set up a forwarding rule so the user is completely unaware that their credentials are now being used to email others.

However, even if this happens, others at the organization can still do a number of basic things to stop the attack. If you receive an email from a contact, no matter how legitimate, no matter how urgent, take a pause. Ask yourself: ‘Is what I’m being asked to do normal?’, ‘Is there anything strange about this email / instruction?’

If there’s a little niggle at the back of your head about it, pay attention. Think how you can verify if it’s real, and who to report it to if you’re suspicious.

Look up from the screen

Cyber security is not just about emails and passwords. It may seem obvious, but keeping your computer, phone and confidential printed documents physically safe is an important part of your overall protection. When setting yourself up to work from home, try to give some thought to where in your home you’re working from. Make sure ill-intentioned outsiders can’t see your screen and paperwork through your windows or doors, and if you do leave the house, don’t leave your computer on display. At the end of the day, tidy away any confidential paperwork, just as you would at the office.

Long-term thinking

One of our most powerful skills as humans is to think ahead, consider different scenarios and make plans. If you discuss potential problems and solutions with your colleagues, you’ll be better prepared if an attacker strikes. This can be as simple as setting up alternative ways of verifying an email or instruction. We don’t know how this situation will evolve, or when we will be able to go back to our offices. But we can build sustainable, safe processes and relationships that will help us work calmly and confidently.

Lastly, if you’re facing a security threat or have fallen foul of a scam, don’t be embarrassed, but do act quickly. Your security team is there to support you, reduce the potential impact and protect you. Make sure you know who to contact if you need them. Together, we can do our bit to help our businesses and each other survive during these challenging times.