Many of us have been working from home for the better part of the last 16 months. Remote work has been helpful, but experts say working from home has amplified our bad habits.
The implications are significant. The Colonial Pipeline ransomware attack that shut down the largest oil delivery system in America last month started with a compromised password.
A recent survey says nearly 40% of us admit our cybersecurity habits are different while working from home compared to the office. That places us and our employers at risk.
Working from home life has blended our online presence. Mixing the professional and personal. We use work devices for private emails, web browsing, while others do work on their own laptops, phones and tablets. doing work on our own laptops, phones and tablets
Sounds pretty innocent, but these are some of the digital bad habits that grew during the pandemic and are a big security risk for companies as workers head back to the office.
"This has obviously created a sort of harvest season for the cybercriminals," Dr. Birhanu Eshete, an assistant professor of computer & information science at the University of Michigan - Dearborn, said.
He says many of us have blind spots to security vulnerabilities. A major risk area is our blended online footprint. Eshete calls this the attack surface.
"It's just expanding this attack surface. So we are creating more vantage points for the attackers to come in," he said.
Another bad habit blossoming during the pandemic is using poorly secured WiFi. We've been working from home, but also on free WiFi at the coffee shop and restaurants.
But the openness of that free connection leaves you and your company vulnerable to data and identify theft, virus and malware.
"Look for paid Wi-Fi instead, because it's better that you pay $5 and save maybe $20,000," he said.
Home WiFi is better, but still vulnerable. Lots of us upgraded our internet during the pandemic but left the factory security settings – including the password. You'll want to change that.
Dan Izydorek, president of PC Miracles in Pontiac, says multifactor authentication are those security alerts you get on your phone when you try to log in. If someone has your weak password, they'll have to reply to that second check.
"You get the text message on your phone that, this is your one-time code, if you do that in your business and get that in place, that really reduces the risk of weak passwords," Izydorek said.
According to a survey from cybersecurity company Tessian, 54% of IT leaders are concerned staff will bring infected devices and malware into the workplace.
Izydorek says that means it's time for a digital deep cleansing.
Your bosses will be able to sweep devices for viruses and malware remotely and force updates to your operating system. But it's up to you to maintain your personal devices. Those updates you're ignoring highlight what the patch is fixing.
The FBI says phishing attacks doubled in the last year.
Over a quarter of employees admit they made cybersecurity mistakes while working from home - some of which compromised company security – that they think no one will ever know about.
Many say they didn't report the mistake because they thought they would get in trouble or have to sit through required security training.