Work-From-Home Security: How to Close the Gap

open laptop

Working from home has long been a dream for many office workers. Recent developments in cloud technology and video conferencing have enabled companies to offer part-time or permanent remote or hybrid options. Experts predicted this trend would increase, but no one expected a global pandemic to make the dream of working from home a reality for millions. With this shift comes the need to tend to work-from-home security.

The Shift to Remote and Hybrid Work

When COVID-19 hit, companies quickly pivoted to remote operations. No one knew how long the situation would last, and the initial focus was on maintaining worker productivity. The new way of working allowed for this, but it came with some challenges too. Remote work and hybrid work aren’t going away soon, and it is time for companies to get serious about work-from-home security.

These new ways of working have produced new pathways for cybercriminals to attack. Hackers and other malicious cyber actors are attacking remote and hybrid workers with three primary tactics:

Email & Phishing Scams

Hackers have taken advantage of the COVID-19 crisis to launch phishing attacks through email, texts and social media. Fraudulent emails are often disguised as helpful information from company leadership or as requests from the company for personal information.

Unsecured Wi-Fi Network Infiltration

Devices connected to unprotected home networks are an easy target for cybercriminals. They use this vulnerability to steal data and passwords and intercept sensitive messages.

Personal Computer Hacks

A large percentage of workers admit to using their personal or mobile devices for work-related purposes. Employees often transfer company data to personal devices for convenience or other reasons. This makes the data vulnerable to attacks — especially since many people don’t regularly install security updates on their devices, nor do those devices have all of the protective software that a business-owned device would.

What Can Business Leaders Do? 

Excellent cybersecurity starts with savvy leaders who understand the risks and implement smart policies to keep home offices secure. Here are three policies business leaders can introduce to set their companies up for work-from-home security success.

Disallow the Use of Personal Computers
Make sure all employees have company devices. Set the clear expectation that business data will never be transferred to or accessed from personal computers. Suppose bring-your-own-device is already part of your culture. In that case, you can work with your IT team to develop standards that users of personal devices need to adhere to, such as installing the organization’s antivirus or patching tools.

Ensure Data is Stored Securely in Business-Approved Repositories
Many employees have a personal Dropbox or other cloud-based data storage account. They also often store data on their local hard drives. Set up easy-to-use company data repositories and implement policies that prevent workers from using their personal accounts to store and share company data.

Require Relevant Cybersecurity Awareness Training
Train employees on relevant security topics such as “how to recognize phishing attacks,” “proper password management” and “company cybersecurity best practices.” Adequate training resources are available, and leaders should make sure their employees participate regularly.

Explore Our Free Cybersecurity Resource 


What Can IT Teams Do?

While leaders set cybersecurity policies, IT teams make recommendations and do the technical work to implement the policies and procedures that secure company networks and data. Here are four technical strategies IT teams can use to help employees keep company data safe while working from home.

Use Multi-Factor Authentication (MFA)
Passwords and physical devices are both relatively easy to steal. IT teams can prevent malicious actors from accessing company data by requiring more than one form of identification to access company devices and systems. MFA is essential for controlling access to publicly-accessible services, such as Microsoft 365.

Require a VPN Connection to Access Company Data & Applications
VPNs boost security by providing remote employees with a secure connection to the company network. Employees should only be able to access internal company data and applications through a VPN. Ensure the VPN is configured with network segmentation and profiles, so each department or external vendor account only has access to the servers or devices needed to do the job. For example, a marketing user’s VPN shouldn’t allow them to ping the accounting server. Also, an external vendor that uses the VPN to help manage a database application shouldn’t be able to access a file server through the VPN.

Use Remote Monitoring & Management Tools
These tools help IT teams monitor all devices used by ensuring employees are up to date on security patches and antivirus updates. This also allows helpdesk employees to assist remote users with requests directly.

Deploy a Business Password Management Tool
Employees are notorious for writing passwords on sticky notes or storing them in files on their desktops. Give workers a more secure and convenient option by providing a business-approved password management tool to help them create strong passwords and keep them organized. Talk to your IT service provider for recommendations.

What Can Employees Do?

All the best leaders and tech-savvy IT teams in the world can’t secure a home office if employees don’t cooperate. The following actions will ensure that employees do their part to maintain cybersecurity while working remotely.

Protect Your Home Wireless Network With a Password
This seems simple, but many employees either have open home wireless networks or have never changed the default password. You should set a strong password for your home Wi-Fi network and make sure not to post it where it can be easily seen.

Cooperate With Company Policies
Corporate cybersecurity policies about passwords, personal devices and document storage can seem burdensome or paranoid. However, they pose real risks to company data security, and there are consequences if employees don’t cooperate with the policies. Employees should be diligent in complying with all company cybersecurity policies and best practices.

Be Wary of Suspicious Emails and Attachments
Hackers and other cybercriminals often pose as managers or team members in emails, chats or meeting requests. Remote work and hybrid work make it more complicated and critical for employees to carefully identify the people they interact with. To maintain work-from-home security, employees must be rigorous about identifying everyone they meet or share company information with.

Want to Learn More?

The steps described in this article will help you get started in securing your employees’ home offices, but there’s a lot more to ensure your company has excellent cybersecurity.

Ready to take action?

Let’s connect. Book a call with us and we will introduce you to one of designDATA’s cybersecurity experts to get started.