Many companies offer their employees the option to work from home, either occasionally or full-time. While remote work offers many benefits – a more flexible schedule, time saved on a commute, a comfortable environment, no office distractions, even money saved.
Unfortunately, it can also give a false sense of security. If you’ve been given the option to work from home, it’s still important to follow your company’s security policies, and practice good cybersecurity.
Here are some tips for protecting company data and being mindful of cyber threats when you’re not in the office:
1. Physically secure your device.
Stolen laptops continue to cause data breaches and put company data at risk. If you’re working at home, make sure your space is reasonably secure. For example, lock the door if you leave the house, and don’t leave your laptop in the car. If you’re home but not working, put the laptop out of sight to discourage curious family members.
If you’re in a coworking space, use a desk lock if you’re just stepping away for lunch or a coffee. Better yet, just throw it in a bag and take it with you.
2. Log off when you walk away.
Make sure your computer screen either autolocks after a short period of time, or that you log out when you walk away. This may be pre-configured by your company’s IT, but if not, take a moment to adjust your security settings so a password is always required when opening the laptop.
3. Don’t use public computers.
Most people always have their laptop, or at least smartphone, when they travel. But should you find yourself without a device, think twice about whether work can wait until later. Public computers may have spyware or keyloggers installed that could collect sensitive information.
4. Connect to a secure WiFi network.
When you’re away from the house, avoid public WiFi if possible. Public WiFi is more vulnerable, and attackers could be lurking on the network trying to intercept sensitive information. Use a portable hotspot from your phone if needed. Or…
5. Use a VPN.
Some companies require a VPN to access sensitive information, but not all do. If yours doesn’t, do some research on VPNs, and once you’ve installed one, connect to the network before doing any work. This is especially important if you must use public WiFi, but is a valuable precaution regardless.
6. Make passwords random – and keep them hidden.
Whether it’s the password to unlock your laptop, or to access your email, or to log in to work apps, every single one should be long, strong, and unique. A password manager like LastPass is a convenient way to store random passwords for every account, and even logs you in to accounts. Keeping passwords locked up in an encrypted vault – rather than lying around in a notepad or on a sticky note – is much more secure.
7. Encrypt emails and other data.
If you have a company-provisioned laptop, device-level encryption may already be provided. If you’re not sure, or you’re using a personal laptop for work, be sure to look into software that can provide email encryption. We also recommend encrypting the hard drive. You’ll be able to use your computer the same as before, but is an added level of protection should the laptop ever be stolen.
8. IT should require 2FA for accessing work apps.
If you’re an IT admin, we recommend requiring two-factor authentication to access work apps. Even if credentials are somehow stolen, 2FA will reduce the risk of unauthorized access to an account. For employees accessing work data outside the office walls, it becomes even more important that they do so securely.
9. Avoid USBs unless vetted by IT.
Unfortunately, even free USBs at conferences can pose a risk. They may be loaded with malware, exposing your laptop when you plug it in. It’s best to have IT evaluate any USBs before you use them. Better yet, use company-approved cloud services to transmit data.
10. Install important updates.
Operating systems, browsers, extensions, apps – it’s important to keep up with updates to all the technology you’re using. Updates often have important security fixes, so be sure to install them as promptly as possible. And even if you’re not in the office, IT will send valuable alerts that may still apply to you, so be sure to read their communications.