work at home security

It has become increasingly common for individuals to work remotely—that is, accessing company files from their own homes, and often from their own computers or other devices. In 2020, COVID-19 forced many businesses to quickly convert employees to telecommuters. And, due to the success of many work-from-home arrangements, telecommuting (at least part-time) will continue to be the norm for many in a post-COVID-19 world. 

Improving At-Home Cybersecurity

Improving cybersecurity at home is essential to protect information, devices, and digital assets from cyber threats. Here are some practical steps to enhance cybersecurity at home:

  • Provide continual training. Employers should continue to provide, and require completion of, cybersecurity training for all employees. Short, but regular, reviews on cybersecurity requirements may be created by the business, or provided by third parties and are helpful in reminding employees of their role in keeping company data safe. 
  • Provide company-owned equipment/separation of work and personal devices. Personal and work devices should be kept separate whenever possible. Using a personal laptop, for example, to access business files may increase the chance of cyber thieves accessing confidential business data. 
  • Avoid use of unsecured internet connections. Internet connections provided in public places such as coffeeshops and hotels should never be used unless the user connects to a VPN before accessing any websites or files (including e-mails).  
  • Enforce strong password policies. Enforce strong password requirements, including complexity, regular password changes, and the use of multi-factor authentication for critical systems.
  • Deploy regular software updates. Keep all software, operating systems, and applications up to date with the latest security patches to address vulnerabilities.

Resources for Cybersecurity

The Cybersecurity and Infrastructure Security Agency offers a range of cybersecurity assessments that evaluate operational resilience, cybersecurity practices, organizational management of external dependencies, and other key elements of a robust and resilient cyber framework. 

The Electronic Frontier Foundation, a nonprofit digital rights group, has created a collection of resources you can use to educate others about online security threats. The Security Education Companion offers guides for the first-time security trainer, lessons on specific threats such as phishing and malware, and teaching materials for topics like password managers and two-factor authentication, among many other items.