The ability to work from home is a prized employee perk that offers workers the chance to free themselves from the daily commute and complete their tasks from anywhere with an internet connection.
But along with that freedom and flexibility comes the risk of security issues that occur outside the protected corporate network. Even if your company provides VPN (virtual private network) access, your computer — and everything on it — could still be compromised if someone hacks into your home Wi-Fi network or the public hotspot you're connected to.
"Making sure that sensitive documents and files remain confidential is definitely an issue remote employees need to tackle right from the outset," said Brian Stark, general manager of North America at smanos, a smart home and DIY security systems company. "Of course, ensuring that there is a secure connection to the server is extremely important, but this is ultimately placed in the hands of the homeowner."
Andrew Hay, chief information security officer at DataGravity, noted that other connected devices in your home may have far fewer security controls than your work laptop, which may give cybercriminals easy access to your device.
"Home-based workers must be diligent about what types of systems are on their home network that might also provide additional attack vectors," Hay said. "I once spoke with an NCIS agent who conducted an investigation where a naval officer's laptop was compromised by way of infiltrating his daughter's laptop."
Employees, then, become at least partly responsible for the safety and integrity of their company's information. [See Related Story: Technology and Inclusion Will Shape the Future of Remote Work]
Best practices for remote workers
How can you protect sensitive corporate data when you're working from home? Here's what our expert sources recommend:
Invest in antivirus software
This is the most basic, but by no means the only step you should take to secure your company's files. Your employer may provide a recommended software for a company-issued device, but if you use your personal laptop for work, it's important to keep your system protected.
"Since many internet providers [offer] free antivirus software, we recommend that our employees use them on their personal laptops," said Venu Gooty, founder of MyBusinessGenie, a provider of small business software solutions.
Don't allow family members to use your work devices
Gavin Silver, director of operations at Blue Fountain Media, reminded remote workers that the computer they do their work on is for employee use only — it's not the family computer.
"Treat your work-issued laptop, mobile device and sensitive data as if you were sitting in a physical office location," Hay added. "This will help you continuously associate your actions with a security-first and data-aware mentality in mind. For example, in a physical office location … your child [couldn't] use your work-issued mobile device for games or movies. If you think of your laptop and mobile devices as work-only assets, it makes it far easier to control access to sensitive data and remain data-aware."
Keep your physical workspace secure
While virtual security is important, it's equally important to make sure that your home office is physically secure, said Stark.
"Home offices often contain expensive equipment or even physical files or documents that contain sensitive information, so it's imperative to explore security options," he told Business News Daily. "While it's not possible for all home offices to have a scan-to-enter system or a security guard, it's important to add whatever elements of traditional physical security you can."
Depending on your needs, you can look into a DIY home security system like the one offered by smanos, or check out our recommendations for business-grade video surveillance systems.
Follow company policies to the letter
Your company likely has clear policies for accessing the company network outside the office. Those guidelines and rules should always be followed, but it's especially important when you're working remotely, said Silver.
"Report any suspicious behavior to IT immediately and follow basic 'computer hygiene' standards such as up-to-date operating systems, antivirus/malware and regular scanning," he added.
Use a centralized, company-approved storage solution
Adhering to company policies also includes using only the designated programs that your employer wants you to use, even if you prefer a different program.
"This is so the IT administrator doesn't have various security configurations that may or may not comply with the company's security requirements," Stark said. "[It] establishes a set standard, which is much easier for the IT officer to support remotely in the field."
This becomes especially important when you're dealing with file storage and backup. You should be storing all your work data in a secure location that's both approved by and accessible to your company.
"Ensuring that sensitive data is stored and protected centrally is always a good course of action," Hay said. "This allows central management and control of all aspects of the data, such as ownership, access, availability, security, etc., with a reduced chance of duplicate copies residing in places beyond the reach of the organization, such as on a personal laptop, mobile device or cloud environment."
Gooty noted that his company was able to accomplish this after switching to an Office 365 subscription.
"Not only does OneDrive for Business allow us to collaborate better with one another, but it also securely saves the files in the cloud. All employees can access files on different types of devices," he said.
Best practices for employers
If your company employs part- or full-time remote employees, Silver advised taking the following precautions to limit security risks while employees are working from home.
- Require that employees use a non-stored password to connect during each session, especially for VPN access.
- Enforce reasonable session time-outs for sensitive programs or applications. A user should not have to reconnect after walking to the kitchen to pour a cup of coffee, but at the same time you cannot trust everyone to always log out for the day.
- Limit program/file access to only the areas absolutely needed by that employee.
- Reserve the right to terminate employee access at any moment.
- Provide services for remote file storage and other tasks; don't rely on individuals to use their personal programs and accounts.
"Users will always take the easiest method when it comes to technology, and you can't always enforce what software people use when they are remote, so it is better to give them the best software in the first place," Silver added.
Above all, Hay reminded employers to outline policies, procedures and guidelines for workers who use company resources outside the office.
"This includes, but is not limited to access to corporate data, acceptable use of websites, approved applications, etc.," he said. "The best thing an employee can do is ensure that they adhere to the guidance."
For more tips to help workers keep their company or client data safe, visit our cybersecurity guide for freelancers.