How To Get Hacked While Working From Home

Working from home, while convenient, can be hazardous for your digital health. Before you come up with your own plan, consult with the IT help at your work and find out what best practices you should adopt to minimize your exposure. Keep reading to learn about four worst practices you should avoid, unless you want to get hacked.

Email Files to Yourself

Virtually everyone understands how email works, so it's the lowest common denominator when it comes to transferring files between computers. But before you attach that spreadsheet, consider this:
  • Messages aren't always transmitted securely
    Most major email providers do use encryption when "transporting" email between servers, however some local email providers may not. This means that your document could be transmitted "in the clear", making it easier for someone to intercept those financials you sent home.
  • Hackers aren't just sending spam
    Maybe you've experienced an email account breach before. Typically you would know this happens because spam emails get sent from your account to those in your contact list. That's embarrassing. But what if you had that financial document sitting in your inbox, you can bet the hacker grabbed a copy of that too. That's horrifying! 😱

Instead... use an online file storage service to securely store and access files from any computer. These services have been designed from the ground up to keep data safe online. In fact, your data might even be safer on a cloud server than on your personal computer.


Save Passwords in Contacts

I get it, passwords can be a nightmare to manage. That's why I use a password manager, which is an app designed to store passwords. But I also use the contacts app on my phone to store contact information, because that's what it's designed for. The contacts app was never intended to store passwords. So before you're tempted to store that work website password in your phone contacts app, consider this:
  • Contact information is designed to be shared with other apps and devices
    Your digital assistant, your car, that new app you downloaded, all might have access to your contacts. That means if you store passwords in contacts, you just shared that with all of those other things besides your phone.

Instead... use a password manager app, or keep passwords in a locked note on your phone, or use a paper notebook and keep it in a safe place. Anything but your contacts app, please! 😅


Skip Multi-Factor Authentication

Besides being a mouthful, multi-factor authentication (MFA or sometimes two-factor authentication or 2FA) is currently the best way to keep online accounts protected against unauthorized access. In fact, even if your password isn't strong or unique, if you have MFA setup on all of your accounts you're still better off. But if you're still not sure it's worth the effort, consider this:
  • Anyone can know your password
    Whether your password is discovered by a hacker or given to a colleague at work, knowledge of your password isn't limited to you. However, when you setup MFA, you're requiring an extra step to login which requires having access to your phone, and not just anyone would have access to your phone.

Instead... go ahead and setup MFA, starting with your email accounts. If it's not available for your work email, ask your IT help to enable it. If it's not available for your home email, considering switching to a major online email provider. Then make sure you have MFA setup for your online file storage, your password manager, and anywhere else that supports it.


Enable Port Forwarding

This one is a little more advanced, but I want to briefly discuss it because I still see it in use and I've even done it myself. Port forwarding is the easy way to open a door into your network to allow remote access. For instance, you could enable remote desktop on your computer at the office and then setup port forwarding on the office firewall so you can get in from home. The problem is that you've also just opened the door to the whole world. If you don't know whether port forwarding is setup on your firewall or not, bring it up with you IT help and make sure it's not. Here are some common services that might be insecurely setup for remote access with port forwarding:
  • Remote desktop
  • Surveillance cameras
  • VoIP phones

Instead... use a VPN to connect into your office network. Not only will this limit access by putting a strong lock on your firewall "door" it will also encrypt your remote access communications and make interception of your work less likely.


If you think some other worst practices should be on this list, please leave a comment. Thanks! 😉

Comments