Many have been working from home for the better part of the last 16 months. While remote work has helped improve work-life balance for many, experts say working from home has amplified bad cybersecurity habits.
The implications are significant. The Colonial Pipeline ransomware attack that shut down the largest oil delivery system in America last month started with a compromised password.
A recent survey says nearly 40% admit that their cybersecurity habits are different while working from home compared to the office. That puts both individuals and their employers at risk.
For many people working from home, the pandemic has blended their professional and personal online presence. Some use work devices for private emails and web browsing, while others work on their own laptops, phones and tablets.
It may sound innocent, but these are some of the digital bad habits that grew during the pandemic and can be a big security risk for companies as workers head back to the office.
"This has obviously created a sort of harvest season for the cybercriminals," said Dr. Birhanu Eshete, an assistant professor of computer and information science at the University of Michigan-Dearborn.
Eshete says many have developed blind spots to cybersecurity vulnerabilities. A major risk area is a blended professional-personal online footprint — what Eshete calls the "attack surface."
"It's just expanding this attack surface. So, we are creating more vantage points for the attackers to come in," he said.
Another bad habit blossoming during the pandemic is using poorly secured Wi-Fi — many have been working not just from their homes but from coffee shops, restaurants and other public spaces. The openness of a free Wi-Fi connection can leave the user — and possibly, their employer — vulnerable to data and identify theft, viruses and malware.
"Look for paid Wi-Fi instead because it's better that you pay $5 and save maybe $20,000," Eshete said.
Home Wi-Fi is safer than a public connection, but it can still be vulnerable. Many upgraded internet connections during the pandemic but left factory security settings in place — including the password. Experts like Dan Izydorek, the president of PC Miracles in Pontiac, Michigan, suggest turning on multi-factor authentication.
Multi-factor authentication alerts are text messages or push notifications sent to a smartphone when entering a password. It makes it more difficult for hackers to break into an account, even if they have the password.
"You get the text message on your phone that this is your one-time code. If you do that in your business and get that in place, that really reduces the risk of weak passwords," Izydorek said.
According to a survey from cybersecurity company Tessian, 54% of IT leaders are concerned staff will bring infected devices and malware into the workplace.
Izydorek says that means it's time for digital deep cleansing.
For work laptops, tablets and phones, employers will be able to sweep devices for viruses and malware remotely and force updates to the operating system. But users are on their own when it comes to personal devices, so be sure to install updates when prompted in a notification.
The FBI says phishing attacks doubled in the last year.
Over a quarter of employees admit they made cybersecurity mistakes while working from home — some of which compromised company security. Respondents to that survey added that they think no one will find out about those mistakes.
Many say they didn't report the mistake because they thought they would get in trouble or have to sit through required security training.
This story was originally published by Scripps station WXYZ in Detroit.