Checklist 178: Another Coronavirus Checklist

The world is changing so fast that it can be hard to keep up. This week on the Checklist, we’ll take a look at how life is going to be different in the weeks and months ahead — and what you can do to stay safe, productive … and happy.

• Security and privacy in a pandemic
• Cybersecurity for remote workers
• Tips from two decades of working at home
• Worst-case scenario preparedness

Keeping your data locked down

The current Covid-19 pandemic is a global crisis, and public and private sector organizations are responding accordingly. In the United States, many businesses are offering free access to their tools and infrastructure in order to assist the millions of Americans suddenly forced to work from home. 

These moves are commendable, and will likely be of great help to many people. But even in times of crisis — or perhaps especially in times of crisis — we should be mindful of the security and privacy implications of the services we sign up for.

One major cable company, for example, is providing free WiFi to anyone who needs it. But while taking advantage of free WiFi may make sense for a lot of people, doing so will also necessitate giving a large company your personal information, which does carry some risk.

So how are people in the middle of a crisis situation supposed to make intelligent decisions about security and privacy? The best advice is to evaluate each offer on a case by case basis, try to balance risk with need, and mitigate risk by limiting the amount of personal data you expose.

In the case of free WiFi, for example, you may want to check with your cellular provider first to determine if it’s really necessary to take advantage of the offer. Many mobile providers are temporarily suspending their data caps to assist people who have to stay at home due to “shelter in place” orders. In short, you may already have unlimited Internet access on your mobile device — making free WiFi unnecessary. 

If you do decide to use a free service, try to do what you can to limit the amount of personal data you provide to the company offering it, and remember to follow best practices for security and privacy. For example, don’t reuse a password that you’re already using on another site, and consider signing up with a privacy-focused sign-in tool like Sign in with Apple.

You should also consider the reputation of the company offering the free service. For example, if it’s your regular ISP or a large, well-known provider, it’s probably OK to trust them with data security. But if it’s a smaller or brand-new provider, you may want to consider using a VPN.

On the subject of VPNs, remember that these are only as secure as the people running them — and that there have been cases of shady VPNs reselling user data. So make sure that you only use a VPN that you trust (here it might be best to avoid freebies). One affordable, privacy-focused VPN that we like to recommend is Guardian Firewall + VPN for iOS. Of course, if your company has you working from home and is mandating a VPN, you’ll have to follow their guidance about which service to use — and in many cases, the VPN will be offered directly by the company itself. 

Building a secure home office

For people working from home for the very first time, the adjustment can be a bit of a shock, and there are lots of new things to think about. One major consideration is cybersecurity — especially if your manager has asked you to use your personal device to work from home. This raises a very basic question: With no IT department in your house, how do you make sure your home setup is as secure as what you’re used to at the office?

Rather than attempting to provide an exhaustive list of security precautions, we’re going to take a triage approach and tell you four things you can do right now to make working from home as safe as possible.

1. 1

   Update everything

   Update all OSes and apps with the latest security patches. This applies to your computer and mobile devices, of course, but also to any firmware or software for your router. If you have an antivirus program installed on your computer, take a moment to update its malware definitions and run a system scan.

2. 2

   Back it up

   You’re working from home, but your home is not a place of business: It may contain pets, roommates, small children, and other agents of entropy! This means that backing up your work should be a top priority: That way, if the toddler decides to delete mommy’s Q2 sales projections, she won’t have to cancel her afternoon Zoom meeting. Use native backup solutions like Time Machine or a reputable third-party backup tool in order to protect your important data.

3. 3

   Make a “to delete” list

   Working from home will likely entail using new software. And beyond figuring out how to share your screen or mute your mic in a virtual meeting, there are also security issues to be aware of. Some of the large remote work apps have had security issues in the past, meaning that they may not be things that you want on your machine long-term. So make a note of the apps your company is asking you to install on your devices, and remember to delete them when they’re no longer needed — which hopefully won’t be too much longer.

4. 4

   Secure your network

   Most network routers provided by major ISPs have secure connections. To double check, open your AirPort menu and look for the lock icon next to the network name. If your router isn’t password protected, you’ll need to look up the manufacturer information and figure out how to create a secure login. And remember that if you password protect your WiFi, you’ll then need to reconfigure any connected devices on the network (smart TVs, security cameras, and so on).

How to live the dream

Working from home isn’t always easy. And if you’ve never done it before — or if you haven’t done it for a long time — you may find yourself dealing with frustration and discouragement at the outset. Here are some suggestions to help you cope with the challenges, based on the experience of two hosts who have spent years working at home:

1. 1

   Take a breath

   Realize that it’s going to take time to adjust to a completely different way of working, and that this is perfectly OK. There may be times when you feel you’re not accomplishing enough, or that the distractions are overwhelming. Just be aware that this is completely normal, be patient, and try to give yourself a break! And if it helps, bear in mind that everyone is dealing with this right now, so you’re not alone.

2. 2

   Compartmentalize

   If you can, create a dedicated workspace for yourself in your home. A separate room with a door that closes (or, better yet, closes and locks) is ideal. Try to separate your work life from your family life if possible, especially if you have small children at home. And don’t hesitate to get yourself some noise-cancelling headphones if the little ones are making too much of a ruckus.

3. 3

   Take breaks

   Every hour or so, stop working, walk around, rest your eyes, and clear your head. At the office, you have meetings to go to, clients to meet, lunches with colleagues, and the like — things that get you away from your desk and moving. At home, you don’t really have any of these things — so you’ll have to make a point of getting up to stretch your legs from time to time.

4. 4

   Stay professional

   If you’re going to be using video conferencing software, remember your mic and cameras are going to be picking up your surroundings. Try to ensure a quiet environment during calls and virtual meetings, and take a moment to tidy up in the background so that you project professionalism in your video feed.

5. 5

   Download, don’t stream

   As more and more people start working online in the next few weeks, network speeds may begin to slow down. And if people on your home network are trying to stream video or music, it’s only going to add to the load, potentially leading to annoying lags while you’re trying to do your job. It may be a good idea to download some entertainment for the rest of the household ahead of time, so that they can play locally stored content instead of competing with you for bandwidth while you work.

Preparing for the worst

It’s a somber topic, but at this particular moment it’s an important one to discuss. If you’re incapacitated due to illness, you want to make sure that the right people have access to your data.

Here are some things you can do to make sure that you — and the people you love — are protected:

1. 1

   Set up access your key accounts

   If you’re living with people you trust, you can print out your account information and website addresses for time-sensitive items like recurring bills or critical services like health insurance — things that someone else would need to access quickly if you were unable to do so.

   The best way to handle logins and passwords is to use a password manager that allows you to create several “vaults”, repositories containing login credentials for multiple accounts. The 1Password app, for example, allows you to create more than one vault — a main one that would grant access to every single account that you own, and a secondary vault for things that you want to share with your trusted contact. That way, you can safely share the password for your secondary vault without giving your contact access to absolutely everything in the password manager.

2. 2

   Don’t forget about your devices

   An iPhone is famously hard to access if the owner doesn’t cooperate, and is set up to wipe data after a given number of failed login attempts — a fact which has even stymied the FBI! But while this is a great security feature under normal circumstances, it can be a problem in emergencies.

   You want to give your loved ones a way to access your devices if they need to, so consider writing down the passcodes and storing them somewhere secure that your family could access if the need arose (a home safe or a bank safety deposit box would be ideal).

3. 3

   Use Google’s Inactive Account Manager

   Many of us rely on Google products for email and data storage — and fortunately, Google provides a recovery option in the event that you are no longer able to access your account. Use their Inactive Account Manager tool to determine what happens to your account if you don’t log in for a certain amount of time: You can decide to wipe everything, or you can make your account available to trusted contacts.

4. 4

   Make your health info available

   In an emergency, the doctors will want to know about your medical history, medications, allergies, and other information that will allow them to give you the best possible care. But in a crisis, it can be hard for relatives to remember all of this information (assuming they know it in the first place). It’s a good idea to create a centralized document that will put this data at your emergency contact’s fingertips. If you’re not sure what to include, or how best to store your health data, the Mayo Clinic provides a guide that may be helpful.

That brings us to the end of a rather serious Checklist, but we’ll be back with you next week to offer you the news, updates, and how-tos that you need to stay safe in these extraordinary times. Remember, we’re here to help — so if you have a question about digital security and privacy, especially with respect to remote work, distance learning, or coronavirus-related cybersecurity threats, please write to us at Checklist@SecureMac.com. We’re always glad to hear from our listeners, and we’d be happy to assist in any way that we can.