Working from home risks online security and privacy – how to stay protected
March 27, 2020
Remote working can be a blessing. More time with family, less commuting, and meetings from the comfort of your living room.
But as millions across the world switch to working from home due to the COVID-19 pandemic, they may be putting the security and privacy of themselves, their families and their employers at risk.
Many will be using online collaboration tools, such as Zoom, Slack, and HouseParty to stay connected to colleagues and friends now that physical contact is restricted.
Zoom, the most popular of the video calling platforms, allows call hosts to track attendee attention, and in particular, whether you are in the Zoom window (as opposed to checking email or playing a game, for instance).
Zoom has had its share of security problems. A now-fixed software bug had allowed anyone to find and join a meeting.
There was also a problem with its software which could have resulted in any malicious website turning on your camera and watching you unawares.
And Zoom Bombing is now a thing. It involves trolls using Zoom’s screensharing feature to display vile content, including violent videos and shocking pornography.
Another popular tool is Slack, which as it states, “is the place for remote work”. A core feature of Slack is its channels. These are spaces to share messages and files with colleagues on particular topics and projects.
This could mean that your messages (including direct messages complaining about your boss or a colleague) are accessible to others, even if they aren’t to you.
For many people, working remotely is a completely new experience. Some are celebrating the novelty by using the #WorkFromHome hashtag on social media, and sharing posts that include photos of home office setups, and friends and family members.
Be careful what you post publicly. Check that there is no potentially sensitive information in it. Once it’s published online, it’s there, forever.
Check recent security and privacy reports about online collaboration tools before using them, and if in doubt, consult your employer. These tools can have access to details about your devices, your data and your video and audio conversations. The Electronic Frontier Foundation is a good source.
Two-fifths of critical infrastructure organisations in the UK have not completed a cyber security standards programme mandated by the government. Many critical infrastructure organisations are not mitigating short-term DDoS attacks, …