content/en-global/images/repository/isc/2021/privacy_first_1.jpg

Since early 2020, there has been a large-scale shift to working from home around the world. This has led to a convergence between personal and work device usage, which in turn has raised online privacy and security issues.

Why is your personal online privacy important?

Almost every action you take online through your computers and mobile devices – whether it involves remote working, online shopping, booking a vacation, interacting with friends and family, searching for information, downloading an app or playing a game – leaves a data trail. This data includes personally identifiable information (PII), plus your browsing and shopping history. The most important aspect of online privacy is ensuring that your data does not fall into the wrong hands.

If a data breach does take place, some of the potential consequences include:

  • Your bank or other financial accounts could be hacked into
  • Your emails could be read and shared by third parties
  • Details of private medical conditions could be made public
  • Your identity could be stolen

In this article, we explore how to protect your personal online privacy in a world where the boundaries between home and work internet and device usage are increasingly blurred.

Working from home: Is it dangerous to use company computers for personal use?

Working from home means that many of us now use company-issued computers and phones for our personal use. Yet, our work devices may not be as private as we think. For people using company-issued computers or phones for personal use, it is not uncommon to wonder, can my employer see what websites I visit on home Wi-Fi or can my employer see what websites I visit at home?

In theory, employers can install software to monitor what you do on your work-issued laptop or desktop. In the most vigilant workplaces, this may even include keyloggers that track everything you type or screenshot tools that monitor your productivity.

In practice, the extent to which your employer does this is based on two factors:

  • The size of the company – larger organizations have more resources to dedicate to monitoring on this scale.
  • The type of information you deal with in your role. If you handle sensitive data – e.g. medical records, financial information, or government contracts – it is much more likely that your employer will be monitoring your usage carefully.

Even if your every online move is not being watched, it is the case that employers can view files you access, websites you browse, and emails you send. When it comes to internet privacy, it is usually a good idea to assume your work computer is being monitored and act accordingly.

Security risks of using personal computers for work

As well as the security risks related to using work devices for personal use, there are corresponding security risks associated with employees using personal devices for work. As employers implement Bring Your Own Device (BYOD) policies, these risks increase. For companies, having employees use their own devices means many different entry points into company systems.

 Security considerations include:

  • By allowing remote access to the organization through devices they do not control, there is an increased risk that company information could be copied, modified, transferred to competitors, or simply made public.
  • A home worker’s computer may gain access to a company network and communications or that of a client, which could inadvertently result in a data protection While working on their own computer, it is possible that a recently downloaded or already active social media app could access the work contact database, sharing identifiable information of clients without their consent.
  • If employees are working in a public place and send a file over an unsecured Wi-Fi network, they risk exposing potentially sensitive information to hackers looking for access into critical company systems.
  • A homeworker using their own computer may install apps from insecure sources without realizing the risks. This could make company files vulnerable to attacks from malware. Even failing to update (patch) a device can leave it open to security threats.
  • Employees may leave their device lying around unsecured or perhaps allow friends and family to use it. Or the device may get lost or stolen. In these scenarios, if sensitive company information is on the devices, there is potential for cybersecurity breaches.
  • Once employees leave, they may still have mobile access to company applications unless the company takes steps to stop this. How easy would it be for them or someone with access to their device to get back into an app or system? Would organizations be able to track the device down as the source of a security breach?

Many companies try to mitigate these risks through devising Bring Your Own Device (BYOD) policies, which may include details like:

  • Installing security updates within a certain timeframe.
  • Locking the device when not in use.
  • Encrypting the device.
  • Only installing apps from recognized app stores.
  • Installing anti-malware software.
  • If a device is lost or stolen, reporting it to the company immediately.
  • Not rooting or jailbreaking phones.

If your employer has one, it is a good idea to read through your company’s BYOD guidelines to understand the rights of both parties. Look for the policy in various employee materials such as a handbook, contract, training material, or a specific BYOD agreement.

privacy-first-2.jpg

How to protect your personal online privacy

Taking simple steps can make the difference between maintaining your online privacy or losing it. Here are some tips to help you protect yourself and your information online.

Online privacy: 18 security tips

1. Avoid storing personal files on your work-issued laptop or phone

It is easy to have a personal folder on your desktop which contains personal photos or personal documents such as tax returns, but it is important to remember that a work device is not your property—it belongs to the company. These files can be easily accessed, not just by the IT team but also by other employees. It is worth noting that some companies use security tools which, if they detect a breach, start wiping files. If your computer gets infected with malware, the security measures taken to try to get rid of problems might remove your personal files, too. Instead, consider keeping a USB wand on your keychain to save any personal data.

2. Avoid saving personal passwords in your work device keychain

Many people access their non-work accounts using their work computers. However, you are exposing yourself to the risk of sharing your personal data with the IT team. Remember, encrypted transactions are not impenetrable. With the proper knowledge and tools, hackers can quickly access your personal data. 

3. Avoid expressing strong opinions on company chats

As chatrooms like Slack, Campfire, and Google Hangout become increasingly useful for team collaboration, it is easy to use them as though you were having a chat with colleagues. However, those messages are stored on a server and are just as retrievable as emails. It is worth remembering that not only can an employer see what you typed on company chat, but they can also see the entire chat log in detail. 

4. Assume your internet traffic is monitored

Many employers monitor employee’s internet traffic. Even if your employer does not pay close attention to your browsing habits, it is still a good idea to avoid doing certain personal business – such as working on a second job – on your company’s computer. Treat your work computer like a borrowed computer – which it is. Ask yourself if your employer would be satisfied with the content you are browsing. If the answer is no, avoid using the company’s equipment to do so.

5. Be careful with your computer when you are in public

When working remotely, it can be tempting to grab your laptop and log on to free public Wi-Fi. However, places that offer free Wi-Fi, like the neighborhood coffee shop, can open you up to fraud. This is because cybercriminals may set up fake networks that seem like the real thing but are not. To ensure internet privacy on public Wi-Fi, it is a good idea to use a VPN and follow safety tips.

6. Check what monitoring software is running on your computer

It is HR best practice for employers to be transparent about what monitoring software they may be running. Your employee handbook is an excellent place to look to find out. If your handbook does not contain details, the information is usually easy to find. Such software may not launch on a taskbar, but many are still located within “add/remove programs.” On a Mac, they will show as an application or service. A quick Google search should reveal the software’s capabilities. It is not a good idea to attempt to remove the software, which may draw attention to you.

7. Avoid allowing non-IT department colleagues to access your work computer remotely

Remote access software allows others to take control of your machine and is often used by the IT department when providing IT support. Avoid allowing others outside the IT department to take control of your device.

8. Use antivirus software

Prevent malware from compromising your work and your employer’s systems by using a good antivirus software solution. A comprehensive cybersecurity program such as Kaspersky Total Security will help detect threats across the board and provide malware protection.

9. Make sure your system and programs are up to date

Make sure your programs and operating system are running the latest version to improve their security. Enable automatic updates to secure your systems.

10. Pay attention to Wi-Fi and network security

Improve your Wi-Fi security by encrypting your network. If your Wi-Fi requires a password, that is a good start. If not, access your router settings to change this. The default passwords to access router settings can be a weak link in Wi-Fi and network security. If you have never done it before, change your router’s password. An attacker could get access to your devices through the router.

11. Protect your online privacy with a VPN

If you are using your own computer for remote work, use a VPN such as Kaspersky Secure Connection to encrypt your data and protect it from prying eyes. When using a VPN, all your internet activity is encrypted. The only thing that your employer can see is the VPN server’s IP address and gibberish impossible-to-crack data. However, bear in mind that:

  • VPN hides your online activities from your employer in real-time, but your browsing history can be accessible later on your device.
  • Installing VPN software on a work computer sometimes requires administrator rights that you might not have. An easy way to hide your internet activities instead is with a VPN Chrome extension (which works with Firefox too). It is specifically designed to work only on browsers and does not require any admin privileges when adding it.
  • The easiest way to keep browsing history hidden from your employer is to combine a VPN and an incognito window. An incognito window will immediately delete all browsing history files and cookies once closed. Incognito windows exist on any browser and are useful for maintaining internet privacy.

If you are already using a VPN installed by your own employer:

  • Using a work VPN means that all your traffic from that device is decrypted at the company’s servers, and all websites you visit can be seen by your employer.
  • However, your local home network cannot be accessed by the employer. The browsing information on other devices is not exposed.

12. Avoid oversharing your screen

During online meetings, be cautious when sharing your screen. If possible, don’t leave any windows open that you don’t want to share. You might accidentally share content that is not meant to be viewed by others. The same applies to webcams, where you may risk the privacy of family members in the background.

13. Be careful what you share on social media

Posting too much information on social media can make it easier for cyber criminals to piece together information about you. To maximize your online privacy, it is a good idea to:

  • Avoid publicizing your movements such as upcoming travel plans, as this alerts people that you will be away from your home during this time. Whilst less exciting, it is better to share vacation pictures once you return, to avoid advertising to the world that your home may be unattended.
  • Avoid disclosing too much information such as your date of birth or workplace in any About Us or bio section of a social media profile. Avoid posting your home address or phone number in any public forum.
  • Check to see whether the social media platform you are using adds location data to your posts and if it does, turn this setting off. Most of the time, it is not necessary to share your location publicly.
  • Avoid the fun quizzes which occasionally do the rounds on social media. Often these can ask questions such as your favorite pet or where you went to school. These types of questions are often used as security questions, so making these answers public could make it easier for hackers to break into your online accounts.
  • Be wary of giveaways and contests. Many are legitimate but some are scams in disguise. By sharing them on social media, you could unknowingly spread malware or trick people into giving away their sensitive data.

14. Use strong passwords

A strong password is one that is difficult to guess and includes a combination of uppercase and lowercase letters plus numbers and symbols. Avoid using the same password for multiple accounts. It is a good idea to change passwords regularly. A Password Manager tool could help.

15. Secure your mobile devices

Making sure you have a passcode which is not easily guessed to access your phone is a basic step. Being sure to download apps and games only from legitimate app stores is another. Don't jailbreak or root your phone - that can give hackers a way to overwrite your settings and install their own malicious software. Consider downloading an app that can allow you to delete all the data on your phone remotely, so that if your phone is stolen, you can delete your information easily. Stay up to date with any software updates and be careful about clicking on links online, in the same way you would on a laptop or desktop.

16. Be mindful of app permissions

An app that requires access to your camera, microphone, location services, calendar, contacts, and social media accounts is a potential threat to your online privacy. As well as being aware of app permissions, consider deleting data, programs and accounts that you don't use anymore. The more programs or apps you have running, the greater the chance that one of them could be compromised.

17. Be alert to phishing scams

Phishers attempt to impersonate well-known organizations, such as banks or high-profile retailers, in an attempt to obtain your user credentials, or to deliver malware to your device via suspicious links or attachments in email messages. Avoid clicking on attachments or links from unknown senders or from suspicious looking emails. If you think your account is in danger, go directly to the relevant website by typing the address into the URL bar in your browser rather than clicking the link in the message.

18. Use Two Factor Authentication where you can

This enhances your online security by demanding a second form of ID verification besides your passwords, such as an SMS code sent to your phone, a fingerprint, or a security dongle/fob that you can plug in via USB.

Since the start of the pandemic, we have all found ourselves spending more time online. This requires vigilance when it comes to online privacy. A useful tool for you to check privacy settings for different platforms and devices is Kaspersky’s Privacy Checker. By following cyber security best practices, you can safeguard both device and internet privacy.

Related Articles:

Privacy First: How to protect your privacy online as business and personal use converge

Is it dangerous to use company computers for personal use? Learn how to protect your privacy online when using company computers for personal use.
Kaspersky Logo