JANMARIS PEREZ, HOST: To slow the spread of Coronavirus, non-essential workers are being told to work from home. But this shift can raise new security issues. As they bring sensitive information onto their personal computers, workers now find themselves responsible for their own and their company's cybersecurity.
Leigh Honeywell is the founder and CEO of Tall Poppy, an app that helps employees protect personal and business information. She says that as our work lives move increasingly online, we’re likely to see even more cybersecurity threats like phishing scams and security breaches. I asked her which of these pose the greatest risk, what steps we can take to avoid them, and what a cyber footprint really is.
LEIGH HONEYWELL: None of this none of the stuff that's happening is new. It's just an amplification of existing problems, existing attacks. People have more time on their hands. Some of the people who have more time on their hands or spent are not spending it doing good things. They're spending it bothering other people. One thing that we're seeing is because everybody's all so much more there's more opportunities for miscreants to bother people as they're going about their day to day lives, because now more and more of their day to day lives are online. All of those things that you would have done in person with five or ten people you're doing and his home call like like we are right now.
PEREZ: So what are risks we should be aware of now that more people are working from home?
HONEYWELL: One of the biggest misconceptions about hacking is that there's these like nefarious computer geniuses that are manipulating computer systems in order to break into your computer or your online accounts. What they're usually doing is finding a password that you've used in a Web site that's had a security issue and you use that password in 15 or 20 or 100 different Websites. And one of those Web sites, the passwords been compromised. So if you used this like crap, same crappy password as you've had since 2007 on Bob's pet food dot com. I hope that doesn't actually exist, but. And poor Bob got his pet food site hacked. An attacker might take that same password and use it to break into your g-mail account, to break into your Twitter account. And when we hear a lot of it of stories of people's accounts being broken into and they're like, I got hacked and it's like I mean. Yeah, but what happened was that you use the same password everywhere. Which like, we’re human, it sucks to have to remember a zillion passwords. So what my biggest cybersecurity recommendation to everyone is is use a password manager.
PEREZ: Um, in terms of these different types of risks, how are they being made worse because of this increase with people working from home and just being online more?
HONEYWELL: Well one of the big things as there's been this massive shift to work from home. Not every company is set up to have all their workers take their machines, their computers home, whether it's because they got big clunky desktops or they have policies and they haven't been sort of limber in adapting their policies to the new reality. And so you hear stories of like, oh, this person is working from home, but she's working on her personal computer, doing work stuff. And I think that's probably the biggest one I would encourage folks really encourage companies to not require employees to use their personal computers to do work things.
PEREZ: What’s a cyber footprint and why is that important?
HONEYWELL: In terms of what our online footprint is, we think of it as being like what do we personally post to social media, whether Twitter or Facebook or blog? That kind of thing. The stuff that we control. But there's all of this stuff out there about us online. We have some amount of control over it, but we didn't necessarily consent to posted in the first place because it's scraped from these various credit reporting agencies and all of these data brokers that have information on hundreds of millions of Americans. And what this means is that there's all of these different websites that have your home address on them because they've purchased, you know, giant databases of everybody's home address from what are called data brokers.
PEREZ: that’s super scary. With so much more of us online right now, how much more concerned should we be about our cyber footprint? And how can we protect ourselves?
I haven't yet seen any sort of uptick in the kinds of attacks that people do with that information. One of the worst kinds of attacks and it's sort of like a bummer to even explain that this exists. But there's a type of attack called swatting, which is where somebody calls in a fake hostage or a terrorist threat at a particular address and says, like, you know, I'm going to commit some sort of act of terrorism at this house. My name is Lee, who lives at X Y address. Obviously, it's not actually me making the call, but the idea is to get the cops to show up and possibly cause harm physically to the person who's at this address. And unfortunately, this has resulted in at least one death in the US. And we can have a whole other conversation about the militarization of law enforcement. That is definitely related. But this is an unfortunate way that online harassment can have real-world consequences. And that's like a much more severe version of the traditional like you you call a fake pizza order to somebody's house.
PEREZ: Leigh, thank you so much for speaking to me today, I’m definitely going to go change all of my passwords right now.
HONEYWELL: That makes me so happy to hear. Stay safe out there.