Cybersecurity Tips for Working From Home

Remote work and cybersecurity risks

It can be difficult to pin down the precise number of U.S. workers in a hybrid or remote work arrangement, but one thing is clear: That number is growing. One estimate, based on a study conducted by researchers at Stanford University, suggested that remote work accounted for 25 percent of all paid workdays in the U.S. in 2022. 

Numerous projections anticipate hybrid and remote work as a growing trend. For example, an Upwork survey of hiring managers estimated that by the end of 2025, more than 36 million Americans will work from home regularly. 

But that boom in hybrid and remote work introduces additional cybersecurity threats. It can be more difficult to govern which devices remote employees use to connect to company networks and what other activities these users perform on those devices. It also means the security of their home networks — not just the connection in a company’s workplace — matters as well. 

The challenge then becomes training remote employees on proper cybersecurity practices and creating a policy for how to ensure those best practices are being followed.

“Remote employees are not trained on data privacy regulation and risk exposing sensitive information to a data breach,” said Barbara Rembiesa, president and CEO of IAITAM (the International Association of Information Technology Asset Managers). “Without proper IT asset management, there are major dangers that must be mitigated.”

Luckily, there are a few steps that users and employers can follow immediately to drastically improve the overall cybersecurity of the organization. 

Steps you can take to secure your data

When it comes to improving cybersecurity, both individual users and employer organizations must work together. Users should follow cybersecurity best practices, and employers should enact IT policies that defend company networks and proprietary data.

What can individual users do?

Although the consequences of remote employees’ poorly secured data can have severe impacts on a company and its customers, there are steps that users can take to ensure the worst doesn’t happen:

• Update your network security. Although you should really do this regularly, making sure your devices are completely up to date with the most recent security patches and upgrades can make a huge difference in securing your data. Your operating system, antivirus and anti-malware programs, and router are just some of the things you should immediately shore up and protect, since those are generally your first and last defenses against external threats.
• Avoid phishing emails. Phishing schemes are one of the go-to tricks that would-be attackers use. In most cases, these emails may look like a business offer, a great deal or even an important message from your boss, but in every instance, there’s a link it says you must click. Definitely don’t click it! These links usually lead to a required download that installs malware onto your system, immediately compromising it in the process. Be on the lookout for odd email addresses, poor grammar or generic greetings that don’t match the personality of the individual sending the email. And no matter what, do not provide any personal information to the sender.
• Enable multifactor authentication. Passwords can be broken. People have been breaking codes for as long as we’ve been making them, so it only makes sense that there are programs that can crack most passwords in moments. While practicing good password etiquette is a great first step, two-factor authentication adds another layer of protection, since it requires additional action beyond entering a password.

What can employers do?

While a lot of these steps can be taken by individual workers, companies should enact policies and take measures to further shore up their remote employees’ defenses.

“It is not too late for CEOs and others in charge of companies to take steps to get these risks under control, and to protect their data and that of their customers,” Rembiesa said.

• Set up remote access. It may be significantly more difficult to do this without the physical devices in front of you or your IT department, but companies should do everything they can to establish remote access protocols. This may be particularly difficult to enact, however, as you’ll likely need to access the on-site devices to issue multifactor authentication tokens.
• Reinforce confidentiality. Employees sometimes need a reminder that while they work remotely, they have to maintain the same level of professionalism regarding secure and sensitive data as they do in the office. That includes reminding people that personal email is not to be used in an official capacity and that any physical documents kept at home must either be disposed of properly with a shredder or set aside to be shredded later.
• Update emergency contacts. It is paramount to have alternative ways to get in touch with employees in case you can’t reach them via email — for example, because of a widespread power outage or a cyberattack. This can be as easy as compiling a phone number list or setting up a secure way to message top personnel that circumvents any digital intrusion.
• Use employee monitoring software. Employee monitoring software isn’t just for ensuring your team is on task and productive. The best employee monitoring software can also identify malware and other threats early on. Additionally, employee monitoring software can identify risky user behaviors, such as surfing unsecure web content or downloading sensitive data to an external device. 

Cybersecurity is ongoing and vital

With cybersecurity, you don’t just set it and forget it; it’s an ongoing, evolving activity that is vital to the longevity and survival of a business. Remote work introduces new and increasingly important elements into the cybersecurity puzzle, and both businesses and employees need to be prepared to address those challenges. That requires improved cybersecurity training for individuals, enhanced monitoring capabilities for businesses, and proper IT oversight of company networks and all devices connecting to them. While these steps represent an investment, they’re far less costly than dealing with a data breach or compromised network, so consider reviewing your cybersecurity plan today.

Tejas Vemparala also contributed to this article.