Work-from-home arrangements offer advantages for employees and employers, but may also pose security risks. Learn how to protect your devices and company data.
Enabling individuals to work from home offers many advantages for both employees and employers. But, it also presents new security risks and challenges.
Why? Because cyberthieves often view remote workers as “soft targets” and a gateway to sensitive company data. In fact, research reveals that home networks are 350% more likely to contain malware than a corporate network.1
Fraudsters and hackers quickly adapt to changing trends. And they’ve been working overtime creating and launching attacks aimed at telecommuting workers.
Whether you’re a marketing director hunkered down in your home office or a small business owner trying to protect your workforce from opportunistic fraudsters, you can use these steps to enhance your defenses.
Tips for Employees
Follow company remote-work policies: When working from the privacy of your home, you might relax your security standards and take chances you wouldn’t consider doing in the office—such as sharing confidential files through your personal email account.
That’s a big mistake. Hackers seek out at-home workers because they can provide an easy way to infiltrate an organization’s network.
So, be diligent about following all the security protocols outlined by your company for remote workers. Don’t take shortcuts that might circumvent the security controls your company has in place to protect you. If your computer or network isn’t performing properly, contact your tech support team immediately. Trying to address the problem yourself may inadvertently introduce malware and compromise your corporate devices.
Beware of work emails and phone calls: Cyberthieves thrive on distracted audiences. And when you’re focused on your work—and perhaps feeling added stress from working from home—it’s potentially easier to fall victim to a scam.
Be skeptical of any suspicious work-related emails or calls you receive. An email that appears to be from your employer requiring you to click on a link or download an attachment might be from a fraudster intending to install malware on your device. A phone call from an individual claiming to be from your IT department may be a cybercriminal scheming to get your password or gain remote access to your computer.
Be cautious when communicating virtually: Cyberthieves realize employees rely on virtual communication platforms for conference calls, webinars and information-sharing and are increasingly targeting these tools. Use a password to protect your virtual sessions, and allow entry only to participants whom you can verify.
Use unique passwords and multi-factor authentication: Create different passwords for all your accounts, ideally using a password-manager application that can generate and store unique and complex combinations so you don’t have to remember them. Remember that recycling the same password across accounts can compromise both your private and work security.
While the name sounds intimidating, multi-factor authentication (MFA) is a simple but effective approach to stronger security. It requires you to provide additional verification separate from the usual username and password to access work accounts, for example, a passcode sent to your mobile phone.
Keep your software, operating system and browser up-to-date: Taking this action lessens the chances of malware infecting your devices. Make this task easier by enabling automatic security updates on your devices.
Secure your internet connection: You might not have an IT background, but you can still build a secure internet connection in a few easy steps to deter hackers. Start with your router. Ensure that the software, or “firmware,” in your router stays updated (see the router manual for instructions). Also, give your network a custom name—instead of the default one it came with—one that doesn’t easily identify you or your hardware brand. Finally, set a strong password for your Wi-Fi (don’t reuse the router password).
Also, think about establishing a virtual private network (VPN) to encrypt your communications and defend against interception and tampering. A VPN can be especially valuable when sending or receiving confidential internal memos, financial documents and customer account information.
Some other best practices for your home office?
- Run a reputable antivirus product.
- Secure sensitive files.
- Shred sensitive documents.
- Lock your computer screens when you’re away.
- Prohibit family and friends from using your business devices.
Tips for Employers
Telecommuting has been gaining momentum in some industries for years, and the pandemic has accelerated this shift. In short, the work-from-home evolution turned into a revolution overnight. Such a rapid transition may create some unforeseen security gaps in your organization. Where should you begin to assess potential issues?
For starters, follow all the security best practices mentioned above for employees—such as mandating MFA and VPNs. To ensure compliance, try to make these cybersecurity controls and features available to your employees in a manner that’s as frictionless as possible.
Beyond this, organizations should do the following:
Create a remote work policy: Define and communicate your cybersecurity expectations for employees through a detailed remote work policy.
Provide regular cybersecurity training: Refresh your mandatory training when new cyberthreats emerge, and consider testing employee security awareness by sending them faux phishing emails and critiquing their responses to them.
Restrict access: Follow the principle of least privilege: Only grant employees access to the systems and information that they require to perform their job.
Keep track of third parties: Maintain an updated record of the third-party companies engaged by your organization. Be clear about the security standards they must follow, and understand how you’ve configured their tools on your end.
Some additional tactics to consider:
- Develop and practice incident-response plans for remote work scenarios.
- Maintain a comprehensive inventory of your hardware, software and network systems, as well as which employees have access to them.
- Put monitoring in place to detect intrusion or data loss.
- Hire a reputable external entity to conduct a security assessment and test your defenses.
Whether remote work is temporary or long term, implementing these security best practices and maintaining a higher level of awareness can help you stay one step ahead of fraudsters.