Working from home is a prized employee perk; it can reduce the expenses and hassles of commuting and help employees achieve a better work-life balance. However, along with remote work’s freedom and flexibility comes the risk of cybersecurity issues occurring outside a protected corporate network. Even if a company provides virtual private network (VPN) access, a remote worker’s computer (and the data it stores) could still be at risk.
We’ll share essential tips and best practices to make working from home as safe as possible for your remote workforce and business.
Security risks of remote work
For those accustomed to office work, remote cybersecurity worries can be jarring. However, home networks tend to have far fewer security controls than a work computer within a protected corporate network. While many cyber dangers loom, the following three threats are the most significant when you’re managing a remote workforce.
Email scams
Business email compromise scams are particularly effective when home offices have lax cybersecurity controls. These scams trick unsuspecting targets into revealing sensitive information or otherwise assisting in a cyberattack.
For example, many scammers use phishing emails to steal sensitive information. Phishers take advantage of any newsworthy lure — like humanitarian disasters, elections, or even celebrity gossip — to encourage their victims to click a malicious link or attachment.
Spear phishers are another threat. These cybercriminals pretend to be someone else, like a trusted company CEO or manager, to get an employee to unwittingly perform an action, such as transferring money or sharing sensitive information.
Remote workers are easy email-scam targets because they’re not in the office. Hackers are banking on the chance that these employees are less likely to verify the legitimacy of dubious email messages.
Unsecured Wi-Fi
Many remote employees use their private home network, which increases the risk of leaked data. Third parties might be able to intercept and access sensitive emails, passwords and messages. There is also the risk that others who live at the employee’s home and use the same internet connection may see valuable company data.
Using unsecured Wi-Fi networks also increases the likelihood of hackers targeting accounts such as Facebook, Spotify, Gmail and Amazon. These compromised accounts can be used for various nefarious purposes.
Personal computers
The line between work and personal devices is often blurred for remote workers. According to Proofpoint’s 2023 State of the Phish Report, 78 percent of respondents use work devices for personal activities and 72 percent use personal devices for work activities.
These practices have distinct risks. If an employee obtains sensitive data and stores it on a personal device, their company is at risk, especially if the employee leaves the organization. And when remote workers use personal devices and neglect to download the latest software updates, they become more vulnerable to cyberattacks.
Additionally, home networks can include other family members’ devices, leading to more attack vectors for cybercriminals. “Home-based workers must be diligent about what types of systems are on their home network that might also provide additional attack vectors,” said Andrew Hay, chief revenue officer at Lares. “I once spoke with an NCIS [Naval Criminal Investigative Service] agent who conducted an investigation where a naval officer’s laptop was compromised by way of infiltrating his daughter’s laptop.”
According to Verizon’s 2023 Data Breach Investigations Report, most data breaches occur when cybercriminals use stolen credentials to log in to accounts or successfully trick targets with phishing emails.
Tips for creating a secure home office
Remote workers must take on some of the duties of a dedicated IT or security team to ensure they keep their data and organization safe.
“Making sure that sensitive documents and files remain confidential is definitely an issue remote employees need to tackle right from the outset,” said Brian Stark, vice president of merchandising and marketing at The Darr Group, a supply chain solution company. “Of course, ensuring that there is a secure connection to the server is extremely important, but this is ultimately placed in the hands of the homeowner.”
Consider the following remote work cybersecurity tips and best practices.
1. Implement multifactor authentication on remote work devices.
Do your work-related accounts require multifactor authentication (MFA)? MFA restricts access to an account until an employee provides their standard login credentials and another form of identification, such as a one-time password provided through a text message or an authenticator app.
MFA greatly reduces the potential damage of phishing attacks. Even if attackers manage to steal your password, they’ll have a much harder time stealing your MFA token and accessing the targeted account.
2. Use strong, unique passwords for all accounts.
If a hacker tries to access sensitive accounts, you want to make it as difficult as possible for them to log in. Using a password manager is an excellent precaution; these applications ensure that you use unique, strong passwords that include special characters, numbers, upper and lowercase letters, and more.
Password managers help prevent network security threats by storing and managing all online credentials, like usernames and passwords.
3. Use data encryption to protect sensitive information.
Data encryption helps protect sensitive information by translating it into incomprehensible data unless it is unencrypted with a secret key. Even if scammers intercept your data, they won’t be able to interpret it correctly. This goes for any messages or information you send, receive or store on your devices.
4. Invest in antivirus software to protect your network.
Employers often provide remote workers with robust antivirus software and other measures to protect company-issued devices. However, if you use a personal laptop for work, you must ensure the system is protected.
“Since many internet providers [offer] free antivirus software, we recommend that our employees use them on their personal laptops,” said Venu Gooty, senior vice president of digital strategy and transformation at business management consultancy HGS Digital.
5. Don’t allow family members to use your work devices.
Gavin Silver, co-founder and chief technology officer of media gaming company Allstar, emphasized the importance of using work computers for work only. Your work device is not the family computer.
Hay agreed, noting that it’s crucial not to blur the lines between work and home. “Treat your work-issued laptop, mobile device and sensitive data as if you were sitting in a physical office location,” Hay advised. “This will help you continuously associate your actions with a security-first and data-aware mentality in mind. For example, in a physical office location, your child [couldn’t] use your work-issued mobile device for games or movies.”
6. Keep your physical workspace secure.
While virtual security is crucial, it’s equally essential to ensure your home office is physically secure.
“Home offices often contain expensive equipment or even physical files or documents that contain sensitive information, so it’s imperative to explore security options,” Stark said. “While it’s not possible for all home offices to have a scan-to-enter system or a security guard, it’s important to add whatever elements of traditional physical security you can.”
Investigate security equipment, like video surveillance systems, for your home office, particularly if you handle extremely sensitive company data.
7. Follow company policies diligently.
Your company likely has clear policies for accessing its corporate network outside the office. Those guidelines and rules should always be followed. However, compliance is essential when you’re working remotely.
“Report any suspicious behavior to IT immediately, and follow basic ‘computer hygiene’ standards, such as up-to-date operating systems, antivirus/malware and regular scanning,” Silver recommended.
8. Use a centralized, company-approved data storage solution.
Adhering to company policies also includes using only designated solutions, particularly for data storage and backup. It’s crucial to store all work data in a secure, approved location that your IT team can access. Cloud-based storage platforms are a particularly secure option that many businesses prefer.
“Ensuring that sensitive data is stored and protected centrally is always a good course of action,” Hay said. “This allows central management and control of all aspects of the data, such as ownership, access, availability, security, etc., with a reduced chance of duplicate copies residing in places beyond the reach of the organization, such as on a personal laptop, mobile device or cloud environment.”
To protect your remote workers from a cyberattack, properly train all employees, ensure your third-party software is safe and implement a VPN where possible.