When most of us think about work-from-home security, we think about locks on the doors and latches on the window. While these steps can keep criminals from stealing devices like computers and phones, they can’t stop hackers from digging into company data.
Everyone operating in a work-from-home environment (that’s most of us these days) needs to know about cybersecurity. And IT professionals need to ensure that their workers have the tools they need to protect their company’s resources.
Known work-from-home security challenges
While plenty of people have worked from home for years, the global pandemic forced almost everyone to set up a dedicated workspace on kitchen tables, coffee tables, and desks.
Some lucky employees had virtual private networks (VPNs) set up, so they could tap into company servers from anywhere. But about 22 per cent of companies said their VPN requests were so overwhelming that they let unknown (and perhaps unsafe) devices connect.
These problems aren't likely to go away when the risk of coronavirus infection fades. In a Pew Research Center survey from October of 2020:
- 70 per cent of people were working from home.
- 20 per cent did so before the pandemic began.
- 54 per cent want to keep working from home when the pandemic ends.
Some simply can't make their wishes come true. Only 65 per cent of Americans have quick home internet connections that support video calls. Many people will have to go back to the office to stay connected.
But those who can work from home may push for the right. And IT teams must provide the coaching and tools to make it safe.
Cybersecurity tips for employees
Set up your home office for success by putting security first.
Follow these best practices for your:
- Work from home policy. For many companies, good behaviours start with good policy. We’ve written extensively about setting a good WFH policy over on the Okta blog.
- Devices. A so-called "work-from-home employee's bill of rights" would mandate that companies provide the tools you need to work. It benefits employees, as you don't have to pay for tools. And it benefits companies, as they can ensure you have the security settings required.
- If you're using your own devices for work, talk to your company about switching. Then, ensure that your work computer, tablet, and phone are all running the latest version of your operating system. Ensure that each piece has appropriate antivirus software and that your definitions are current.
- Connections. Only 31 per cent of people change the WiFi password that came with the device. If you're not one of them, take the step today. If you don't know how, call your provider for directions.
- If you're using public WiFi accounts for work, stop. Those networks are rarely secure, and you could be exposing your company to real security risks.
- Protection. Don't use the same password across multiple sites. Ensure that the passwords you choose are complex and hard to guess. If you struggle to remember all of the terms, invest in an online password manager that can both create and store passwords for you.
- Problems. Every day, hackers send 3 billion phishing email messages. These notes can look legitimate, as they might be addressed to you and contain personal information. Don't click on anything coming from someone you don't know. If you're unsure, send the note to your IT team first.
Keep the name, email address, and phone number of your company's incident response team near your computer. As soon as anything seems usual or risky, reach out. The sooner you report a problem, the quicker your team can fix it.
Work-from-home security tools
IT teams can and should help employees protect their home offices. Offering the right technology could mean the difference between recovering from and preventing an attack.
Enhance your protection with:
- Antivirus software. Install this tool on every device connected to your network, and update it regularly.
- Encryption. Ensure data is protected as it moves from your server to employee devices and back again.
- Firewalls. Create a strong barrier to protect your servers.
- Multi-factor authentication. Don't rely on passwords alone. Require a secondary factor, such as a note on a phone or a fingerprint, before allowing access.
- VPN. Almost 30 per cent of companies used a VPN for the first time during the pandemic. If you don't offer this tool right now, reconsider. You'll ensure that traffic is encrypted while employees work remotely.
Do even more by combining your solutions. For example, marry VPN and multi-factor authentication to keep information secure. Find out about this approach on our blog.
References
How Working From Home Has Changed Cybersecurity Awareness Training. (January 2020). Security Intelligence.
How the Coronavirus Outbreak Has — and Hasn't — Changed the Way Americans Work. (December 2020). Pew Research Center.
Stanford Research Provides a Snapshot of the New Working-From-Home Economy. (June 2020). Stanford.
The Work-From-Home Employee's Bill of Rights. (January 2021). Computerworld.
Survey Reveals Users Have No Clue About Router Security. (April 2018). Bleeping Computer.
Three Billion Phishing Emails Are Sent Every Day. But One Change Could Make Life Much Harder for Scammers. (March 2021). ZD Net.
Business VPN Usage Likely to Remain High Even as the Pandemic Subsides. Tech Radar.