Work-from-home data security tips

In recent years, remote work has grown in popularity and for many companies, remote employees are now a reality they must face. Remote work is trending "permanent," with nine in ten full-time employees hoping to maintain remote hours post-pandemic.

But this new way of working brings new challenges. A global study found that “breaches cost over $1 million more on average when remote work was indicated as a factor in the event”, which emphasizes the point that it's even more important to maintain data security. Although there are plenty of cybersecurity precautions companies need to take initiative on, employees can take additional steps to support and bolster those efforts. There are plenty of ways you can take cybersecurity action as a remote employee to keep both your and your company’s data safe. Here are some tips to help protect your company and yourself from cyber threats.

Many employees working remotely rely on their home wireless network or cellphone plan to connect to the internet. These connections could be subject to intrusion, providing hackers access to your network, exposing your personal information and allowing criminals to steal your identity.

The average home router has a default password. Hackers and other malicious users know this and use that information to their advantage. Your network may be compromised because of this default password. Changing the password provides extra security to your home network and helps guard against unsecured devices that may attempt to connect wirelessly.

If you've never been prompted, you will need to disable Universal Plug-n-Play (UPnP) to protect your home network from unsecured devices.

A password manager is a software application that helps you keep track of passwords and login information for all the apps, websites and accounts you use for work. It stores this information in an encrypted database so you don't have to memorize them all.

Using a password manager can be a good idea if you're working remotely because it can help prevent you from forgetting all your login information. For example, if you're traveling and need to access your email account, but don't have access to your computer at the time, then having access to the login information for your email account will be incredibly helpful.

Another benefit of using a password manager is that it makes it easier for remote employers to manage their passwords across multiple devices. If they want to change their password on one device but leave it unchanged on another, they can do so with just a few clicks using the same application that stores all their login information.

Of course, you may need to check with your company beforehand to see if password managers are permissible. Many companies don’t allow the use of password managers — or may only allow specific ones — for security purposes.

Even though there are only so many security actions you can personally take as a remote employee, there are actions you can advocate for — including actions that your company can take and benefit from. One of those is bringing in company-owned devices. 

As opposed to a Bring Your Own Device policy, company-owned devices are more secure since they minimize the risk of human error that increases susceptibility to a security breach. Plus, these devices are also a lot more cost-effective for remote employees. For example, based on data about company-owned devices from Frost and Sullivan, companies with more than 500 employees spend $2,240 per employee for a bring-your-own-device (BYOD) policy. This includes expenses such as BYOD-specific software, IT teams for troubleshooting and security solutions, which far exceeds the $1,637 per employee costs for company-owned devices.

According to Frost and Sullivan, “Corporate-Liable (CL) devices costs seem higher when viewed in a vacuum, but because of the support costs incorporated into BYOD, the total CL cost of ownership is lower.” If your company opposes the idea of company-owned devices because this initial bill is too large, it’s important to remember and consider the costs associated with the entire life cycle of a device. If an employee’s device breaks, they’ll be responsible for paying for it, which can increase stress and even result in dissatisfaction with the company. Paying the initial cost for a device now is better than paying a much grander price later — especially if company data is compromised in the process.

To advocate for these devices, it’s best to discuss the benefits with your company leaders and the actionable steps they can take to bring company-owned devices to fruition. From there, you’ll also have to sign an agreement to adhere to your company’s security terms. This may include a variety of actions including complying with a remote wiping if you do encounter a breach and keeping your personal digital activity off of your company-owned device to minimize the risk of a breach.

If you're a remote employee, you know it's important to separate your work and personal lives. That means not using your work phone or computer to send personal emails or vice versa.

Using a work device for something that's not work-related, like sending a personal email or checking social media accounts, puts your company at risk. A hacker can gain access to your email account or phone through phishing scams or vulnerabilities, after which they'll be able to see all personal information stored there. That includes data related to your work, such as sensitive details about the company's operations, which would be valuable for competitors.

On the flip side, when you use a personal device for work purposes — such as checking the company's email from home — you're putting yourself at risk by giving hackers access to your private information. Their goal is usually financial gain: if they can get into your bank accounts and steal money, they'll be able to make off with thousands of dollars in seconds.

A zero trust model assumes a “never trust, always verify” approach and that no users or devices are to be trusted without continuous verification. This system, as opposed to a VPN, is great for any company utilizing cloud or remote technology, as it doesn’t inherently trust one user and also assumes that all traffic is untrustworthy unless directed otherwise. This means that remote employees can access their company network without worrying about being compromised, whether they’re working from home or accessing public Wi-Fi in a coffee shop.

Zero trust systems can also gather information or context that may indicate a breach. For example, if someone is trying to access the network from a different location or a different time of day, it’ll flag the occurrence.

Using a zero trust model for work can benefit remote employees by reducing the risk of cyberattacks and making it more difficult for third parties to infiltrate a network, especially through a man-in-the-middle (MITM) attack. It also makes it more difficult for you to accidentally compromise company data by continuously authenticating users whenever a protected transaction occurs.

If your company doesn’t opt for company-owned devices as previously mentioned, it’s especially important to look into a zero trust system. Most BYOD policies inherently come with more risk. If hackers get into your network, they could gain access to all kinds of sensitive information and company data. A zero trust framework can help protect against this attack by making it more difficult for them to access employee or company data  — all while flagging suspicious activity.

These days, remote users require smartphones to perform jobs from anywhere and at any time. However, a company-issued phone could be the key to accessing confidential information and sensitive data, particularly if it falls into the wrong hands.

Cybercriminals often target devices as opposed to digital networks. As a result, attackers can easily steal sensitive data, including credentials, personal identity information and intellectual property data such as trade secrets.

To ensure control over your and your company's data, you must effectively secure your digital devices, including any company-issued smartphones and computers. To do this, ensure your device locks automatically after a certain amount of time. You will have to create a password to log back in, which should include a variety of capitalized letters, numbers and symbols. The more characters and complex, the better.

In addition, avoid creating a password for your device that you’ve used elsewhere. If this password is compromised at any point, hackers will be able to use it for other log-ins.

Generally speaking, it’s the responsibility of companies to ensure their remote employees’ internet access is safe and secure. However, as an employee, it’s your responsibility to ensure this process is completed and done effectively. One such way you can do this is to supply information to your employer about what internet service provider you use. 

From there, your company can research the ISP’s account security, consumer safety and privacy policies before allowing you to work from home. This can help them proactively identify and address potential risks, and allow you to take advantage of additional safety features.

For example, some internet providers have a feature that allows users to change their password every 30 days, so if someone has stolen a password, bad actors will only have access for a short period. Another way that monitoring internet services can help is by letting you know if someone has tried to access your account from another device or location. While this doesn’t stop hackers from getting into your account, it does serve as an added layer of protection and allows you to respond to an intrusion more quickly.

And even though relying on your ISP at home does come with extra steps, it’s safer than many other alternatives when it comes to working remotely. For instance, public Wi-Fi is notoriously risky for cybersecurity, as most networks are insecure and can be vulnerable to man-in-the-middle attacks.