Business News Daily receives compensation from some of the companies listed on this page. Advertising Disclosure
BND Hamburger Icon

MENU

Close
BND Logo
Search Icon
OfficeMax Logo
Get a FREE $25 Office Depot Card with $125 or more qualifying purchase.

Online only.

Updated Nov 08, 2023

Cybersecurity Tips for Working From Home

author image
Andrew Martins, Business Operations Insider and Senior Writer

Table of Contents

Open row

Many Americans now work from home, meaning they make video conference calls, upload documents and conduct their daily business online from off-site locations. But experts wonder if the remote nature of work could cause internet security concerns.

While most workers are used to working at the office under carefully crafted IT systems, it’s impossible to quantify the number of permutations of home internet setups. Whereas one household might have a simple solution that works for their family, another household might have a virtual private network (VPN) subscription in place to mask their internet usage from prying eyes.

To help reduce the security risks associated with working from home, we’ve collected some tips from experts on steps that employers and employees can take to fortify digital workspaces.

Remote work and cybersecurity risks

It can be difficult to pin down the precise number of U.S. workers in a hybrid or remote work arrangement, but one thing is clear: That number is growing. One estimate, based on a study conducted by researchers at Stanford University, suggested that remote work accounted for 25 percent of all paid workdays in the U.S. in 2022. 

Numerous projections anticipate hybrid and remote work as a growing trend. For example, an Upwork survey of hiring managers estimated that by the end of 2025, more than 36 million Americans will work from home regularly. 

But that boom in hybrid and remote work introduces additional cybersecurity threats. It can be more difficult to govern which devices remote employees use to connect to company networks and what other activities these users perform on those devices. It also means the security of their home networks — not just the connection in a company’s workplace — matters as well. 

The challenge then becomes training remote employees on proper cybersecurity practices and creating a policy for how to ensure those best practices are being followed.

“Remote employees are not trained on data privacy regulation and risk exposing sensitive information to a data breach,” said Barbara Rembiesa, president and CEO of IAITAM (the International Association of Information Technology Asset Managers). “Without proper IT asset management, there are major dangers that must be mitigated.”

Luckily, there are a few steps that users and employers can follow immediately to drastically improve the overall cybersecurity of the organization. 

Key TakeawayKey takeaway

As remote work grows, employees’ digital behavior, including the devices they use and how they use them, becomes harder to govern. Prioritizing cybersecurity education and establishing policies to maximize data security should be top priorities for every business with remote employees.

Steps you can take to secure your data

When it comes to improving cybersecurity, both individual users and employer organizations must work together. Users should follow cybersecurity best practices, and employers should enact IT policies that defend company networks and proprietary data.

What can individual users do?

Although the consequences of remote employees’ poorly secured data can have severe impacts on a company and its customers, there are steps that users can take to ensure the worst doesn’t happen:

  • Update your network security. Although you should really do this regularly, making sure your devices are completely up to date with the most recent security patches and upgrades can make a huge difference in securing your data. Your operating system, antivirus and anti-malware programs, and router are just some of the things you should immediately shore up and protect, since those are generally your first and last defenses against external threats.
  • Avoid phishing emails. Phishing schemes are one of the go-to tricks that would-be attackers use. In most cases, these emails may look like a business offer, a great deal or even an important message from your boss, but in every instance, there’s a link it says you must click. Definitely don’t click it! These links usually lead to a required download that installs malware onto your system, immediately compromising it in the process. Be on the lookout for odd email addresses, poor grammar or generic greetings that don’t match the personality of the individual sending the email. And no matter what, do not provide any personal information to the sender.
  • Enable multifactor authentication. Passwords can be broken. People have been breaking codes for as long as we’ve been making them, so it only makes sense that there are programs that can crack most passwords in moments. While practicing good password etiquette is a great first step, two-factor authentication adds another layer of protection, since it requires additional action beyond entering a password.
Did You Know?Did you know

There are even more cybersecurity risks when employees are traveling. Check out our guide to cybersecurity while traveling if you have any upcoming business trips planned and want to ensure your data is safe.

What can employers do?

While a lot of these steps can be taken by individual workers, companies should enact policies and take measures to further shore up their remote employees’ defenses.

“It is not too late for CEOs and others in charge of companies to take steps to get these risks under control, and to protect their data and that of their customers,” Rembiesa said.

  • Set up remote access. It may be significantly more difficult to do this without the physical devices in front of you or your IT department, but companies should do everything they can to establish remote access protocols. This may be particularly difficult to enact, however, as you’ll likely need to access the on-site devices to issue multifactor authentication tokens.
  • Reinforce confidentiality. Employees sometimes need a reminder that while they work remotely, they have to maintain the same level of professionalism regarding secure and sensitive data as they do in the office. That includes reminding people that personal email is not to be used in an official capacity and that any physical documents kept at home must either be disposed of properly with a shredder or set aside to be shredded later.
  • Update emergency contacts. It is paramount to have alternative ways to get in touch with employees in case you can’t reach them via email — for example, because of a widespread power outage or a cyberattack. This can be as easy as compiling a phone number list or setting up a secure way to message top personnel that circumvents any digital intrusion.
  • Use employee monitoring software. Employee monitoring software isn’t just for ensuring your team is on task and productive. The best employee monitoring software can also identify malware and other threats early on. Additionally, employee monitoring software can identify risky user behaviors, such as surfing unsecure web content or downloading sensitive data to an external device. 
TipTip

If you’re considering using employee monitoring software, learn about the laws and ethics of monitoring employee activity first. Make sure you develop a legally compliant policy and enact it in a way that supports employee morale and the company culture you want to build.

Cybersecurity is ongoing and vital

With cybersecurity, you don’t just set it and forget it; it’s an ongoing, evolving activity that is vital to the longevity and survival of a business. Remote work introduces new and increasingly important elements into the cybersecurity puzzle, and both businesses and employees need to be prepared to address those challenges. That requires improved cybersecurity training for individuals, enhanced monitoring capabilities for businesses, and proper IT oversight of company networks and all devices connecting to them. While these steps represent an investment, they’re far less costly than dealing with a data breach or compromised network, so consider reviewing your cybersecurity plan today.

Tejas Vemparala also contributed to this article.

author image
Andrew Martins, Business Operations Insider and Senior Writer
Andrew Martins is an award-winning business and economics expert who has spent years studying trends and profiling small businesses. Based on his on-the-ground reporting and hands-on experience, Martins has developed guides on small business technology and finance-related operations. In recent years, he focused on the small business impacts of the 2020 presidential election and the COVID-19 pandemic. Martins, who has a bachelor's degree in communication, has been published on trusted financial sites like Investopedia, The Balance and LowerMyBills, on technology outlet Lifewire and in the New York Daily News.
Back to top
Desktop background imageMobile background image
In partnership with BDCBND presents the b. newsletter:

Building Better Businesses

Insights on business strategy and culture, right to your inbox.
Part of the business.com network.