Skip to main content Skip to main menu Skip to footer

Cybersecurity tips for remote workers

Cybersecurity tips for remote workers

Decrease Text Size Increase Text Size

Page Article

    • Find a place and make it your office.  Do not share it with others while you are working.
    • Don't leave confidential information lying around.
    • Don't send your work emails to your printer or personal email just to make it easier to print.
    • Only use Apps approved by your organization to communicate.  
    • Always call and verify since you won't be able to verify requests in person for confidential information or to transfer funds.
    • Be cautious of IOT devices like Alexa, Siri or Google Home.  Don't have sensitive conversations near any IOT device that can be listening.
    • Do not share devices or passwords with other family members.  Make sure that any devices used for work have a unique password and a lock screen timeout.
    • Don't try to resolve technical issues yourself as this could create security risk.  Instead work with your IT department or helpdesk.
    • Don't let browsers remember your passwords.  For all work related site, use a different and unique password that is long and complex.
    • If you company provides you with a dedicated computer or virtual desktop, use it.  Don't use a personal computer for work.
    • Wired network is better than Wi-Fi.  If possible, connect your work to a wired network instead of Wi-Fi.
    • Connect to Corporate With a VPN - Remote workers should be connected to an encrypted, corporate-owned VPN connection in order to get access to any company data. Split tunneling should be disabled to avoid data bridging the encrypted and non-encrypted connections.
    • Be Wary of Public Wi-Fi - Be careful using public Wi-Fi if you're working on the go. Public Wi-Fi can make your computer vulnerable to hackers.
    • Harden Your Wireless Access Points Ensure any wireless access points on your network are appropriately hardened. Another recommendation is to turn on wireless beaconing so that you must know your SSID to connect to it. This is in no way foolproof, but it is an added layer of protection. Many wireless attacks are simply done against the easiest targets in crowded areas. By not broadcasting your SSID, you can minimize your wireless footprint so that only those people who know your SSID can connect to you.
    • Update System and Software Patches Regularly Security researchers show that installing system and software updates is the best defense against common viruses and malware online, particularly for computers running Windows. Software makers often release updates to address specific security threats. By downloading and installing the updates, you patch the vulnerabilities that virus writers rely on to infect your computer.
    • Don't Forget the Firmware Any device on the home network should be kept up to date, including the router that allows connection to the Internet. Remote workers should regularly check for firmware updates on their home routers, printers, scanners, and other peripherals, apply any updates, and use strong passwords -- and multi-factor authentication, if possible.
    • Use Two Separate Machines Do work on your work computer and personal computing on your personal computer. If you intermix the two, you increase the chance that an infection will contaminate both your work and personal life. This will be especially bad if you get infected on a business email or communication and it moves over into your personal accounts.
    • Use the Tools the Company Gives You There is a reason for the IT and security teams: to aid you to do your job in the most secure method. The tools that are used on a company level typically go through some type of vetting and assessments for potential security impacts. Stick with the condoned tools and you will have support and security for the application. Use something not authorized and you could have any number of vulnerabilities to be exploited.
    • Don't Rely on a Consumer-Grade Router Make sure that your router is up-to-date and that you maximize all security options.
    • Ensure Routers and Firewalls Are Properly Configured Follow the manufacturer's instructions and ensure your Internet router/firewall is properly configured, including no remote management, no ingress ports, proper outbound filtering, and non-default administrative credentials. Learn more
    • Turn on Auto Updates Set anything -- routers, smartphones, endpoints -- to update automatically. You will still need to verify the updates were applied, but [you will] save yourself the downtime in installation."
    • Segment Off Your Personal Network One of the easiest ways of protecting work-at-home endpoints is to put company assets on their own wireless networks. A home user can connect more than one wireless device to their cable modem or other gateway device and keep their personal devices, home automation, or other components on a separate network. Especially if the company configures and provides the device, it can minimize the risks of disclosure of WPA keys or other avenues of attack.
    • Use a Password Manager Reusing the same password for everything is incredibly common and can put all of your accounts at risk. If an attacker gets one password, then they get them all. A password manager ensures that you have unique and strong passwords for all of your accounts and can make remembering all of the passwords far easier.
    • Enable MFA Wherever Possible Ensure two-factor authentication is enabled on your personal accounts, and hopefully your professional organization also requires it! Two-factor combats phishing attacks and will help protect against credential stuffing attacks as well. You should also never reuse passwords, especially work and personal passwords, as an attacker can pivot between them with ease.
    • Avoid Browser Extensions Compromised extensions can mine employees' credentials, track their activity, and give attackers access to the data stored locally on their devices. When your team is remote, it's important to have a strict extensions policy in place. Browser extensions are notoriously difficult to vet for vulnerabilities. The safest course of action is to ban them entirely.
    • Bring a Fresh Battery Pack You need to power up your tablet, so why not just plug your cord into that handy USB port at the airport kiosk? The answer is because you don't know if that port has been hacked and is capable of transmitting malware to your device. The best way to not pick up malware from a public port is to carry your own portable battery pack or to use a charging cable that plugs into the power supply, not the USB port.
    • Unsecured Document Sharing Can Be Your Downfall The downfall of many an employee is actions upon frustration. When documents have issues uploading in email or in authorized applications, the employee may use alternative means, such as Google Drive.  If you need to share a document and the size is an issue, reach out to your IT help desk for direction in a secure fashion."
    • Double Down on Skepticism When you're working remotely, chances are you'll be catching up with email and other communications while on the move -- and that means you may not be as suspicious or critical about scanning for signs of phishing or social engineering as usual. You've got to turn your risk detector on high when you're working remotely. If you've got any doubt about a message in your inbox when you're on your phone, defer acting on that message until you can look more closely.

    Mobile Phone Tips

    • Keep a Close Eye on Devices on the Road Operational security is more important around holidays than any time of the year. As people go out and do their shopping, run errands, etc., they tend to take a laptop along to get work done while they are waiting. Watch for shoulder surfers, sit with your back to a wall with a clear view of the entrance, and never leave anything unattended, not even for a moment. Things walk away quickly, and, worse, someone could stick a low-profile device into an unused USB port you wouldn't notice until they'd key-logged and screen-scraped for a while.
    • Don’t login to company websites via emails or texts. If a company wants or needs you to login to your account, you should already know how to access your account from the company’s own site or app. Even if it takes a few more clicks, it’s time well saved because you will automatically miss out on “logins” that could compromise your security.
    • Don’t make payments via links in emails or texts. This is point 1 in a different guise. If you need to pay a company online, reach the payment page by following your own research, or using a link from a document you already have such as a contract or a recent bill. Don’t get begged, cajoled or frightened into taking exactly the “short cut” the crooks want.
    • Don’t turn off security features because a document tells you to. Avoid opening unexpected or unsolicited email attachments if you can. If a document asks you to [Enable content] when you open it, or make some other security downgrade, don’t do it – it’s a trick.
    • Don’t trust apps because the app creator tells you to. App reviews, positive app comments and high download counts are cheap to buy if you have no scruples. Reputation must be earned – it can’t be bought or self-declared. If in doubt, ask someone you know and trust for advice.

    Page Footer has no content