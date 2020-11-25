This year has seen an unprecedented rise in online security threats, from data breaches to a spike in ransomware, which is not at all surprising. Cybercriminals always take advantage of people trends, and this year we’ve seen a massive shift to work-from-home. Without the security measures built into most company networks, home workstations may be vulnerable, and workers themselves are often distracted as they find themselves juggling their jobs with their family’s needs.
But cybercriminals were caught flat-footed as well. “Since they didn’t have time to develop new malicious code, threat actors had to deploy what they had on hand once COVID-19 sent everyone home,” security firm Malwarebytes (maker of my favorite malware clean-up tool) said in a recent report that surveyed concerns from IT professionals midway into the pandemic. Of course, criminals have now had time to adapt to our new environment, but companies have also had time to train their remote workforce and secure the devices workers are using from home.
The most important thing you can do when you are working from home is to follow your company’s security policies. You may have a work laptop with a VPN that you are supposed to use but find yourself tempted to use your personal device — don’t do it. The short-term gain in convenience could result in a companywide problem if you access a sensitive work account and then unknowingly open the door to an intrusion.
One of the best security recommendations I’ve seen lately is to use two routers, one for household activity and the second for work. This adds another degree of separation between home and office accounts. To protect your network, change each router’s factory settings from the default password to ones that are both long and unique. Make sure all of your internet-connected electronics’ systems, including routers, laptops, phones and all smart home devices, are kept up to date. Use two-factor authentication whenever possible.
With heightened awareness around work-from-home security, you would think that users would be more vigilant, but it seems that the majority still ignore one of the most basic practices: secure passwords.
Last week, security product provider NordPass released its annual research on the most common passwords of the year. The most popular passwords of 2020 were easy-to-guess number combinations, such as “123456,” the word “password,” “qwerty,” “iloveyou” and other uncomplicated passwords that are used year after year. In fact, in the more than 275 million passwords analyzed, less than half (44%) were unique. Most people still use easy-to-remember passwords, including their own names, favorite sports, foods and important dates, which take under a second to crack according to the report. And using these simple passwords on multiple accounts, which I am sure is common, means once one is broken by a cybercriminal, it will be used against associated accounts to gain access. A strong password is just part of the equation, using it only one time is the rest.
If you are hesitant to use many long passwords made up of random characters because they are impossible to remember, there are several ways to solve that problem. You can use a password manager such as LastPass or NordPass, and there are several features built right into the most common operating systems that won’t cost you a penny. iPhone users can take advantage of iCloud Keychain that will automatically generate and suggest a strong password when it detects you making a new account. It will then autofill the password the next time you visit the site. Make sure you have turned on AutoFill Passwords in your phone’s settings.
New to iOS 14, your phone can now alert you to compromised passwords. If a password you are currently using has been identified in a data leak, it will appear on this list with the recommendation to change it. To see your alerts, go to Settings and then Passwords. Tap Security Recommendations to view a list of compromised passwords and then follow the links to update them. You can also take this opportunity to review any passwords you’ve used more than once and replace those as needed before they are compromised. Google offers a similar service with identical results if you prefer to make your updates from a computer. If you haven’t followed unique password protocol, this task may take a while. But look on the bright side: next time it will be a snap.